Date: Thu, 17 Nov 2011 21:40:22 +0200 From: Maxim Ignatenko <gelraen.ua@gmail.com> To: Julian Elischer <julian@freebsd.org>, freebsd-hackers@freebsd.org Subject: Re: Communication between kernel and userspace via local socket Message-ID: <4ec5632f.4b25df0a.1118.ffff9381@mx.google.com> References: <201111152218.41031.gelraen.ua@gmail.com> <20111116085508.GF36205@hoeg.nl> <4EC55669.2060908@freebsd.org>
index | next in thread | previous in thread | raw e-mail
Julian Elischer wrote: > On 11/16/11 12:55 AM, Ed Schouten wrote: >> * Maxim Ignatenko<gelraen.ua@gmail.com>, 20111115 21:18: >>> I'm currently inventing the wheel^W^W^Wwriting a firewall from scratch and >>> looking for most convenient way to establish communication between >>> userspace processes and kernel part. Communication pattern best fits to >>> listening PF_LOCAL socket opened from kernel and userspace processes >>> connecting to it. >> What's wrong with a character device? > > you can't easily have a different character device depending on which > jail you are in.. > (well, you can but it gets tricky).. see the problem with /dev/pflog > and vimages. > > > Maxim, look at the usage of sockets with netgraph ng_socket node.. also > divert sockets. > Did you meant ng_ksocket? I've looked on it, but in case of ng_ksocket connections accepted upon receiving control message NGM_KSOCKET_ACCEPT, but I need to accept connections without such "punch". As far as I understand, I need to spawn kernel process or thread which will listen for incoming connections and respond to requests, just like normal network daemon does, but I don't know how to do this. divert(4) will not do the job, since packets written to divert socket goes to IP stack.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ec5632f.4b25df0a.1118.ffff9381>