Date: Tue, 15 Nov 2011 22:18:40 +0200 From: Maxim Ignatenko <gelraen.ua@gmail.com> To: freebsd-hackers@freebsd.org Subject: Communication between kernel and userspace via local socket Message-ID: <201111152218.41031.gelraen.ua@gmail.com>
next in thread | raw e-mail | index | archive | help
frHi, I'm currently inventing the wheel^W^W^Wwriting a firewall from scratch and looking for most convenient way to establish communication between userspace processes and kernel part. Communication pattern best fits to listening PF_LOCAL socket opened from kernel and userspace processes connecting to it. Clients should be able to send requests and receive responses from kernel (to retrieve list of loaded modules, active ruleset, add or remove rules, ...) and vice versa: kernel should be able to send request to userspace process and receive response (I'm planning to add interactive features like in most firewalls for windows(r)). First part can be implemented via ioctl, but it should be called not only by processes with euid == 0, so supplied pointer to receive buffer cannot be trusted (is there any mechanism to check memory allocation?) and any unprivileged user can instruct kernel to write some trash at arbitrary address (for example, VM just rebooted ungracefully when I supplied (void*)123 as pointer to destination buffer). So, requirements is: 1) message exchange can initiated from userspace and from kernel 2) safe to communicate with unprivileged processes (not like in above case with ioctl) 3) kernel part should be able to determine process uid 4) messages size can be large (from 1KB to 10KB and more) Now I'm thinking about few variants: 1) emulation of local socket via character device. This way requires to manually handle per-process IO buffers, which almost certainly will have many bugs 2) opening local socket from kernel. This, as I think, require to spawn new process in kernel (but I don't know how to do this) to listen for incoming connections and messages 3) userspace mux/demux daemon (like devd): one and only one process opens character device and uses local socket to communicate with other processes. This requires to design 2 ABIs - kernel<->daemon and daemon<->client. 2nd variant looks most appropriate but know I don't know how to implement it. Can anyone point me to some documentation about spawning processes in kernel an working with sockets from kernelspace, or suggest better way of communication between processes and kernel?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111152218.41031.gelraen.ua>