From owner-freebsd-hackers@FreeBSD.ORG  Sat Nov 19 10:14:48 2011
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 796201065670;
	Sat, 19 Nov 2011 10:14:48 +0000 (UTC)
	(envelope-from gelraen.ua@gmail.com)
Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com
	[209.85.214.54])
	by mx1.freebsd.org (Postfix) with ESMTP id D5DC28FC12;
	Sat, 19 Nov 2011 10:14:47 +0000 (UTC)
Received: by bkbzs8 with SMTP id zs8so5972633bkb.13
	for <multiple recipients>; Sat, 19 Nov 2011 02:14:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=from:to:subject:date:user-agent:cc:references:in-reply-to
	:mime-version:content-type:content-transfer-encoding:message-id;
	bh=b9RbveUiwlCAzQRlSUvzOu51PgQBiNAnGegwDMlHfq4=;
	b=Dqs3GrCrZsj6EaQiTUFTZp9X7SXnO8+rn9OqqzmWd660ShyIgL1yfg6le7nyOTVOjT
	sgEk5NtT2m9RNtVShCAl1i3GEIBXm14TpZhDDfcToNcZuReRxq7yW4MVNIzj5fXRFdLw
	KWZPn+vJw+097pT2HT7N5ONx4Fl6pT79dbZfM=
Received: by 10.204.129.88 with SMTP id n24mr6851282bks.19.1321697686196;
	Sat, 19 Nov 2011 02:14:46 -0800 (PST)
Received: from imax.localnet (35-86-200-46.pool.ukrtel.net. [46.200.86.35])
	by mx.google.com with ESMTPS id n25sm8238838fah.15.2011.11.19.02.14.42
	(version=TLSv1/SSLv3 cipher=OTHER);
	Sat, 19 Nov 2011 02:14:44 -0800 (PST)
From: Maxim Ignatenko <gelraen.ua@gmail.com>
To: Julian Elischer <julian@freebsd.org>
Date: Sat, 19 Nov 2011 12:14:36 +0200
User-Agent: KMail/1.13.7 (FreeBSD/8.2-STABLE; KDE/4.7.3; i386; ; )
References: <201111152218.41031.gelraen.ua@gmail.com>
	<4ec5632f.4b25df0a.1118.ffff9381@mx.google.com>
	<4EC770B7.8060806@freebsd.org>
In-Reply-To: <4EC770B7.8060806@freebsd.org>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <201111191214.36824.gelraen.ua@gmail.com>
Cc: freebsd-hackers@freebsd.org
Subject: Re: Communication between kernel and userspace via local socket
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Nov 2011 10:14:48 -0000

On =D1=81=D0=B1, 19 =D0=BB=D0=B8=D1=81 2011 11:02:47 Julian Elischer wrote:
> On 11/17/11 11:40 AM, Maxim Ignatenko wrote:
> > Julian Elischer wrote:
> >> On 11/16/11 12:55 AM, Ed Schouten wrote:
> >>> * Maxim Ignatenko<gelraen.ua@gmail.com>, 20111115 21:18:
> >>>> I'm currently inventing the wheel^W^W^Wwriting a firewall from scrat=
ch
> >>>> and looking for most convenient way to establish communication
> >>>> between userspace processes and kernel part. Communication pattern
> >>>> best fits to listening PF_LOCAL socket opened from kernel and
> >>>> userspace processes connecting to it.
> >>>=20
> >>> What's wrong with a character device?
> >>=20
> >> you can't easily have a different character device depending on which
> >> jail you are in..
> >> (well, you can but it gets tricky).. see the problem with /dev/pflog
> >> and vimages.
> >>=20
> >>=20
> >> Maxim, look at the usage of sockets with netgraph ng_socket node..  al=
so
> >> divert sockets.
> >=20
> > Did you meant ng_ksocket? I've looked on it, but in case of ng_ksocket
> > connections accepted upon receiving control message NGM_KSOCKET_ACCEPT,
> > but I need to accept connections without such "punch". As far as I
> > understand, I need to spawn kernel process or thread which will listen
> > for incoming connections and respond to requests, just like normal
> > network daemon does, but I don't know how to do this.
> > divert(4) will not do the job, since packets written to divert socket
> > goes to IP stack.
>=20
> No I meant ng_socket..  you wanted to communicate between userland and
> kernel.
> that ng_socket is the interface between kernel and userland for netgraph.
>=20

Thanks! Creating new domain is, probably, overkill, but should work :)