Hi,
I wanted to know if modulescan be developed in the linux kernel, which
can create TCP/UDP sockets and communicate with perhaps webservices,
residing in the user level in the same computer or in some other
computer.
Is a networking API available in the linux kernel which can be used by
linux kernel modules, if so is there any documentation for it?
Thank you
Irfan
On Tue, 02 May 2006 07:51:18 +0500, Irfan Habib said:
> I wanted to know if modulescan be developed in the linux kernel, which
> can create TCP/UDP sockets and communicate with perhaps webservices,
> residing in the user level in the same computer or in some other
> computer.
> Is a networking API available in the linux kernel which can be used by
> linux kernel modules, if so is there any documentation for it?
It's generally considered a Bad Idea, as it's almost certainly easier to
do in userspace. If you're trying to to instrument a network-based monitoring
system and need access to kernel data, you're *much* better off having the
kernel export the data via netlink or even abuse of /proc or /sys, and then
a small userspace program read the data and ship it over the net. There's
a *lot* of things that you just won't have access to in kernel space (for
starters, you don't have a DNS resolver, so you can't use hostnames for
configuration).
If you're determined to do this in kernelspace anyhow, see the
linux-2.6-tux.patch in recent RedHat/Fedora kernels, and ask yourself why
that patch has no hope of being accepted upstream (although I have a great
amount of respect for a lot of things that come out of RedHat, *that* patch
is best described "a fully RFC1925-compliant networking pig, with afterburners")
If DNS is not available then, I can access system directly via the IP
address. Is it possible for a kernel level deamon to listen to some
ports, inorder for inserting things directly into the kernel, via some
remote machines?
On 5/2/06, [email protected] <[email protected]> wrote:
> On Tue, 02 May 2006 07:51:18 +0500, Irfan Habib said:
> > I wanted to know if modulescan be developed in the linux kernel, which
> > can create TCP/UDP sockets and communicate with perhaps webservices,
> > residing in the user level in the same computer or in some other
> > computer.
>
> > Is a networking API available in the linux kernel which can be used by
> > linux kernel modules, if so is there any documentation for it?
>
> It's generally considered a Bad Idea, as it's almost certainly easier to
> do in userspace. If you're trying to to instrument a network-based monitoring
> system and need access to kernel data, you're *much* better off having the
> kernel export the data via netlink or even abuse of /proc or /sys, and then
> a small userspace program read the data and ship it over the net. There's
> a *lot* of things that you just won't have access to in kernel space (for
> starters, you don't have a DNS resolver, so you can't use hostnames for
> configuration).
>
> If you're determined to do this in kernelspace anyhow, see the
> linux-2.6-tux.patch in recent RedHat/Fedora kernels, and ask yourself why
> that patch has no hope of being accepted upstream (although I have a great
> amount of respect for a lot of things that come out of RedHat, *that* patch
> is best described "a fully RFC1925-compliant networking pig, with afterburners")
>
>
>
>
On Tue, 02 May 2006 11:13:38 +0500, Irfan Habib said:
> If DNS is not available then, I can access system directly via the IP
> address. Is it possible for a kernel level deamon to listen to some
> ports, inorder for inserting things directly into the kernel, via some
> remote machines?
As I said, the lack of DNS is just the *start* of your troubles. Things just
get worse once you start trying to do error handling and other similar issues.
For instance, how do you intend to secure this "insert things directly into
the kernel"?
You *really* want to do this in userspace - if nothing else, it's a lot easier
to develop and debug userspace (when a userspace program you're debugging
crashes, you get a gdb prompt rather than a kernel panic), and it shouldn't be
put in the kernel unless there's no reasonable way to do it in userspace.
This is certainly well into the category of "If you have to ask if it's possible,
you're nowhere near qualified to make it work"...