Communication between kernel and userspace via local socket

[Maxim Ignatenko]

On сб, 19 лис 2011 11:02:47 Julian Elischer wrote:
> On 11/17/11 11:40 AM, Maxim Ignatenko wrote:
> > Julian Elischer wrote:
> >> On 11/16/11 12:55 AM, Ed Schouten wrote:
> >>> * Maxim Ignatenko<gelraen.ua at gmail.com>, 20111115 21:18:
> >>>> I'm currently inventing the wheel^W^W^Wwriting a firewall from scratch
> >>>> and looking for most convenient way to establish communication
> >>>> between userspace processes and kernel part. Communication pattern
> >>>> best fits to listening PF_LOCAL socket opened from kernel and
> >>>> userspace processes connecting to it.
> >>> 
> >>> What's wrong with a character device?
> >> 
> >> you can't easily have a different character device depending on which
> >> jail you are in..
> >> (well, you can but it gets tricky).. see the problem with /dev/pflog
> >> and vimages.
> >> 
> >> 
> >> Maxim, look at the usage of sockets with netgraph ng_socket node..  also
> >> divert sockets.
> > 
> > Did you meant ng_ksocket? I've looked on it, but in case of ng_ksocket
> > connections accepted upon receiving control message NGM_KSOCKET_ACCEPT,
> > but I need to accept connections without such "punch". As far as I
> > understand, I need to spawn kernel process or thread which will listen
> > for incoming connections and respond to requests, just like normal
> > network daemon does, but I don't know how to do this.
> > divert(4) will not do the job, since packets written to divert socket
> > goes to IP stack.
> 
> No I meant ng_socket..  you wanted to communicate between userland and
> kernel.
> that ng_socket is the interface between kernel and userland for netgraph.
> 

Thanks! Creating new domain is, probably, overkill, but should work :)