On сб, 19 лис 2011 11:02:47 Julian Elischer wrote: > On 11/17/11 11:40 AM, Maxim Ignatenko wrote: > > Julian Elischer wrote: > >> On 11/16/11 12:55 AM, Ed Schouten wrote: > >>> * Maxim Ignatenko<gelraen...@gmail.com>, 20111115 21:18: > >>>> I'm currently inventing the wheel^W^W^Wwriting a firewall from scratch > >>>> and looking for most convenient way to establish communication > >>>> between userspace processes and kernel part. Communication pattern > >>>> best fits to listening PF_LOCAL socket opened from kernel and > >>>> userspace processes connecting to it. > >>> > >>> What's wrong with a character device? > >> > >> you can't easily have a different character device depending on which > >> jail you are in.. > >> (well, you can but it gets tricky).. see the problem with /dev/pflog > >> and vimages. > >> > >> > >> Maxim, look at the usage of sockets with netgraph ng_socket node.. also > >> divert sockets. > > > > Did you meant ng_ksocket? I've looked on it, but in case of ng_ksocket > > connections accepted upon receiving control message NGM_KSOCKET_ACCEPT, > > but I need to accept connections without such "punch". As far as I > > understand, I need to spawn kernel process or thread which will listen > > for incoming connections and respond to requests, just like normal > > network daemon does, but I don't know how to do this. > > divert(4) will not do the job, since packets written to divert socket > > goes to IP stack. > > No I meant ng_socket.. you wanted to communicate between userland and > kernel. > that ng_socket is the interface between kernel and userland for netgraph. >
Thanks! Creating new domain is, probably, overkill, but should work :) _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
