0

Assume that I implemented a kernel driver that parses RX packet and decides to pass it to the user space depending on EthType. What are the "official" ways to do that in the Linux kernel?

The only one that comes on my mind is the user application opens a socket to the kernel and listens on it, while the kernel pushes packets satisfying criteria (eg. specific EthType) in to the socket's buffer. I'm certainly not accurate about this, but I hope you get my point :)

Are there any other ways to do this?

Thanks.

Mark
  • 6,052
  • 8
  • 61
  • 129

2 Answers2

0

When the packet arrives on the NIC, these packets are first copied onto the kernel buffers and then copied onto the user space, which are accessed through the socket() followed by read()/write() calls in the user space. You may want to refer to Kernel Network Flow for more details.

Additionally, NIC can directly copy the packets into the DMA bypassing the CPU. Refer to: What happens after a packet is captured?

Thomas Flinkow
  • 4,845
  • 5
  • 29
  • 65
askb
  • 6,501
  • 30
  • 43
  • thanks for the links. I was also wondering if there's other than sockets method for a user space to receive the packets? It looks that the sockets is the only and legitimate way to do it. Correct me if I'm wrong. – Mark Sep 20 '14 at 22:04
  • There are several ways the user space and kernel communicate with each other. Refer to [Kernel Space - User Space Interfaces](http://people.ee.ethz.ch/~arkeller/linux/kernel_user_space_howto.html#ss3.3) – askb Sep 21 '14 at 03:38
0

You can achieve your goal by using Netfilter framework. Netfilter framework helps intercept a ingrees/egrees packet. The points where packets can be intercepted inside the Kernel/Network stack are called as HOOKS in Netfilter.We can write a kernel module, which can get hooked at any of these HOOKS. The kernel module must have a function defined by us, which can parse the packet and its headers and than take a decision to whether drop a packet, send it to kernel stack, queue it to user space etc.

The packet of our interest can be intercepted at IP_PREROUTING hook and queued by returning NF_QUEUE from our function. The packets will be queued and can be accessed by any application.

Please go through Netfilter documentation.

Regards, Roy

rstnsrrao
  • 43
  • 6