From owner-freebsd-hackers@FreeBSD.ORG Thu Nov 17 19:40:36 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C2E9106564A for ; Thu, 17 Nov 2011 19:40:36 +0000 (UTC) (envelope-from gelraen.ua@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id C08978FC08 for ; Thu, 17 Nov 2011 19:40:35 +0000 (UTC) Received: by bkbzs8 with SMTP id zs8so3334182bkb.13 for ; Thu, 17 Nov 2011 11:40:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:content-type:from:date:user-agent :content-transfer-encoding:subject:to:references:lines:mime-version; bh=71bAGtiKY9giP9jTXFbw1t5D1JpGI2CRthkJebGfp6Q=; b=Llu6y2epgpP6Z0AwW5BjI6O6EMOzg01eB3tv4z88xDesr2PIwVNIzl9jJzeBoBxxn9 4DXEhOw4uBpveeD7IcGxUdK3LMQ2znVcbqZvE7AumYIVXOBV0s8QWBwatMi3aP8P+V3+ BDjCronQ+40PP/UCzDm1E6Jc9AK9N1Zyx6QAY= Received: by 10.204.156.141 with SMTP id x13mr22110bkw.54.1321558834329; Thu, 17 Nov 2011 11:40:34 -0800 (PST) Received: from imax.localnet (75-85-132-95.pool.ukrtel.net. [95.132.85.75]) by mx.google.com with ESMTPS id w11sm2989218fad.7.2011.11.17.11.40.31 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 17 Nov 2011 11:40:31 -0800 (PST) Message-ID: <4ec5632f.4b25df0a.1118.ffff9381@mx.google.com> Content-Type: text/plain; charset="ISO-8859-1" From: Maxim Ignatenko Date: Thu, 17 Nov 2011 21:40:22 +0200 User-Agent: KNode/4.4.11 Content-Transfer-Encoding: 7Bit To: Julian Elischer , freebsd-hackers@freebsd.org References: <201111152218.41031.gelraen.ua@gmail.com> <20111116085508.GF36205@hoeg.nl> <4EC55669.2060908@freebsd.org> Lines: 28 MIME-Version: 1.0 Cc: Subject: Re: Communication between kernel and userspace via local socket X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2011 19:40:36 -0000 Julian Elischer wrote: > On 11/16/11 12:55 AM, Ed Schouten wrote: >> * Maxim Ignatenko, 20111115 21:18: >>> I'm currently inventing the wheel^W^W^Wwriting a firewall from scratch and >>> looking for most convenient way to establish communication between >>> userspace processes and kernel part. Communication pattern best fits to >>> listening PF_LOCAL socket opened from kernel and userspace processes >>> connecting to it. >> What's wrong with a character device? > > you can't easily have a different character device depending on which > jail you are in.. > (well, you can but it gets tricky).. see the problem with /dev/pflog > and vimages. > > > Maxim, look at the usage of sockets with netgraph ng_socket node.. also > divert sockets. > Did you meant ng_ksocket? I've looked on it, but in case of ng_ksocket connections accepted upon receiving control message NGM_KSOCKET_ACCEPT, but I need to accept connections without such "punch". As far as I understand, I need to spawn kernel process or thread which will listen for incoming connections and respond to requests, just like normal network daemon does, but I don't know how to do this. divert(4) will not do the job, since packets written to divert socket goes to IP stack.