Date: Sat, 19 Nov 2011 01:02:47 -0800 From: Julian Elischer <julian@freebsd.org> To: Maxim Ignatenko <gelraen.ua@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Communication between kernel and userspace via local socket Message-ID: <4EC770B7.8060806@freebsd.org> In-Reply-To: <4ec5632f.4b25df0a.1118.ffff9381@mx.google.com> References: <201111152218.41031.gelraen.ua@gmail.com> <20111116085508.GF36205@hoeg.nl> <4EC55669.2060908@freebsd.org> <4ec5632f.4b25df0a.1118.ffff9381@mx.google.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/17/11 11:40 AM, Maxim Ignatenko wrote: > Julian Elischer wrote: > >> On 11/16/11 12:55 AM, Ed Schouten wrote: >>> * Maxim Ignatenko<gelraen.ua@gmail.com>, 20111115 21:18: >>>> I'm currently inventing the wheel^W^W^Wwriting a firewall from scratch and >>>> looking for most convenient way to establish communication between >>>> userspace processes and kernel part. Communication pattern best fits to >>>> listening PF_LOCAL socket opened from kernel and userspace processes >>>> connecting to it. >>> What's wrong with a character device? >> you can't easily have a different character device depending on which >> jail you are in.. >> (well, you can but it gets tricky).. see the problem with /dev/pflog >> and vimages. >> >> >> Maxim, look at the usage of sockets with netgraph ng_socket node.. also >> divert sockets. >> > Did you meant ng_ksocket? I've looked on it, but in case of ng_ksocket > connections accepted upon receiving control message NGM_KSOCKET_ACCEPT, but I > need to accept connections without such "punch". As far as I understand, I > need to spawn kernel process or thread which will listen for incoming > connections and respond to requests, just like normal network daemon does, but > I don't know how to do this. > divert(4) will not do the job, since packets written to divert socket goes to > IP stack. No I meant ng_socket.. you wanted to communicate between userland and kernel. that ng_socket is the interface between kernel and userland for netgraph. I also meant, "look at how the divert sockets create the sockets", not that you should use divert. ng_ksocket is something else.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EC770B7.8060806>