Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 19 Nov 2011 12:14:36 +0200
From:      Maxim Ignatenko <gelraen.ua@gmail.com>
To:        Julian Elischer <julian@freebsd.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Communication between kernel and userspace via local socket
Message-ID:  <201111191214.36824.gelraen.ua@gmail.com>
In-Reply-To: <4EC770B7.8060806@freebsd.org>
References:  <201111152218.41031.gelraen.ua@gmail.com> <4ec5632f.4b25df0a.1118.ffff9381@mx.google.com> <4EC770B7.8060806@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On =D1=81=D0=B1, 19 =D0=BB=D0=B8=D1=81 2011 11:02:47 Julian Elischer wrote:
> On 11/17/11 11:40 AM, Maxim Ignatenko wrote:
> > Julian Elischer wrote:
> >> On 11/16/11 12:55 AM, Ed Schouten wrote:
> >>> * Maxim Ignatenko<gelraen.ua@gmail.com>, 20111115 21:18:
> >>>> I'm currently inventing the wheel^W^W^Wwriting a firewall from scrat=
ch
> >>>> and looking for most convenient way to establish communication
> >>>> between userspace processes and kernel part. Communication pattern
> >>>> best fits to listening PF_LOCAL socket opened from kernel and
> >>>> userspace processes connecting to it.
> >>>=20
> >>> What's wrong with a character device?
> >>=20
> >> you can't easily have a different character device depending on which
> >> jail you are in..
> >> (well, you can but it gets tricky).. see the problem with /dev/pflog
> >> and vimages.
> >>=20
> >>=20
> >> Maxim, look at the usage of sockets with netgraph ng_socket node..  al=
so
> >> divert sockets.
> >=20
> > Did you meant ng_ksocket? I've looked on it, but in case of ng_ksocket
> > connections accepted upon receiving control message NGM_KSOCKET_ACCEPT,
> > but I need to accept connections without such "punch". As far as I
> > understand, I need to spawn kernel process or thread which will listen
> > for incoming connections and respond to requests, just like normal
> > network daemon does, but I don't know how to do this.
> > divert(4) will not do the job, since packets written to divert socket
> > goes to IP stack.
>=20
> No I meant ng_socket..  you wanted to communicate between userland and
> kernel.
> that ng_socket is the interface between kernel and userland for netgraph.
>=20

Thanks! Creating new domain is, probably, overkill, but should work :)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111191214.36824.gelraen.ua>