Baruch Even wrote:
Venkata Pingali wrote:
Hi,
I was hoping you can give me some pointers that
are related to upcalls in Linux.
Problem: We would like to make a upcall from the
network stack in the kernel to a user space daemon
before some TCP connections are opened.
The best method I can think of is to utilise Netfilter (the Linux
firewall) with the QUEUE target, this will let you transfer the packet
to a user-mode daemon to process and decide on the course of action
(ACCEPT/DROP).
You'll need to setup the rule itself to only give you packets destined
to this machine and since it's not really connected to the IP layer it's
not a 100% match, if the incoming queue is full you'll think it's a new
connection but it will be dropped at the IP layer.
Another method which you can utilize would be attaching a kprobe to the
accept function and creating your own code to do the upcall in whatever
mean you want (files, devices, netlink).
A clarification. The problem is associated with
updating connection variables, which are currently
provided by the web100, even before IP packets are
sent out. Therefore the second approach you mention
is more appropriate.
I will look investigate it and let you all know.
thanks!
Venkata
Baruch
_______________________________________________
Discussion mailing list
Discussion@xxxxxxxxxx
http://internal.web100.org/mailman/listinfo/discussion
|