On 11/17/11 11:40 AM, Maxim Ignatenko wrote:
Julian Elischer wrote:
On 11/16/11 12:55 AM, Ed Schouten wrote:
* Maxim Ignatenko<[email protected]>, 20111115 21:18:
I'm currently inventing the wheel^W^W^Wwriting a firewall from scratch and
looking for most convenient way to establish communication between
userspace processes and kernel part. Communication pattern best fits to
listening PF_LOCAL socket opened from kernel and userspace processes
connecting to it.
What's wrong with a character device?
you can't easily have a different character device depending on which
jail you are in..
(well, you can but it gets tricky).. see the problem with /dev/pflog
and vimages.
Maxim, look at the usage of sockets with netgraph ng_socket node.. also
divert sockets.
Did you meant ng_ksocket? I've looked on it, but in case of ng_ksocket
connections accepted upon receiving control message NGM_KSOCKET_ACCEPT, but I
need to accept connections without such "punch". As far as I understand, I
need to spawn kernel process or thread which will listen for incoming
connections and respond to requests, just like normal network daemon does, but
I don't know how to do this.
divert(4) will not do the job, since packets written to divert socket goes to
IP stack.
No I meant ng_socket.. you wanted to communicate between userland and
kernel.
that ng_socket is the interface between kernel and userland for netgraph.
I also meant, "look at how the divert sockets create the sockets", not
that you should use divert.
ng_ksocket is something else.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[email protected]"
