Sockopt for communication between netfilter kernel and user

There are more than one method for user-mode interaction and kernel-mode communication. sockopt is a convenient method and is easy to write. the disadvantage is that copy_from_user ()/copy_to_user () is used to communicate with the user through the kernel. The efficiency is not high. It is usually used to transmit control option information, and is not suitable for a large number of data transmission user State functions: send: int setsockopt (int sockfd, int proto, int cmd, void * data, int datelen); Receive: int getsockopt (int sockfd, int proto, int cmd, void * data, int datalen) the first parameter is the socket descriptor; the second parameter is the sock protocol, and SOL_SOCKET/SOL_IP is used for ip raw, the available SOL_SOCKET/SOL_IP/SOL_TCP/SOL_UDP of TCP/UDP socket, that is, the high-level s The ocket can all use the command word of the lower-layer socket, IPPROTO_IP; the third parameter cmd is the Operation Command word, which is defined by the user; the fourth parameter is the start position pointer of the data buffer, during the set operation, the buffer data is written to the kernel. During the get operation, the data in the kernel is read into the buffer. For the fifth parameter, the kernel function registration is: nf_register_sockopt (struct nf_sockopt_ops * sockops) release: nf_unregister_sockopt (struct nf_sockopt_ops * sockops) structure nf_sockopt_ops test_sockops [cpp] static struct nf_sockopt_ops nso = {. pf = PF_INET, // protocol family. set_optmin = constant, // defines the minimum set command. set_optmax = constant + N, // defines the maximum se T command. set = recv_msg, // defines the set processing function. get_optmin = constant, // defines the minimum get command. get_optmax = constant + N, // defines the maximum get command word. get = send_msg, // define the set processing function}. The command word cannot be repeated with the existing kernel, so it should be large or small. The command is very important and used as an identifier. [Cpp] # define SOCKET_OPS_BASE 128 # define Merge (SOCKET_OPS_BASE) # define SOCKET_OPS_GET (SOCKET_OPS_BASE) # define Merge (SOCKET_OPS_BASE + 1) the set/get processing function is called directly by the set/getsockopt function of the user space. The setsockopt function writes data to the kernel and uses getsockopt to read data to the kernel. The parameters of another set and get processing functions at www.2cto.com should be int recv_msg (struct sock * sk, int cmd, void _ user * user, unsigned int len) int send_msg (struct sock * sk, int cmd, void _ user * user, unsigned int * len) is attached with the module for modifying the kernel state of the program of netizens. c [cpp] # include <linux/module. h> # include <linux/kernel. h> # include <linux/types. h> # include <linux/string. h> # include <linux/netfilter_00004.h> # include <linux/init. h> # include <asm/uaccess. h> # Define SOCKET_OPS_BASE 128 # define SOCKET_OPS_SET (SOCKET_OPS_BASE) # define SOCKET_OPS_GET (SOCKET_OPS_BASE) # define SOCKET_OPS_MAX (SOCKET_OPS_BASE + 1) # define KMSG "-------- kernel ---------" # define KMSG_LEN sizeof ("-------- kernel ---------") MODULE_LICENSE ("GPL"); MODULE_AUTHOR ("SiasJack "); /* Author */MODULE_DESCRIPTION ("sockopt module, simple module"); // description of MODULE_VERSION ("1.0"); // version: static int recv _ Msg (struct sock * sk, int cmd, void _ user * user, unsigned int len) {int ret = 0; printk (KERN_INFO "sockopt: recv_msg () \ n "); if (cmd = SOCKET_OPS_SET) {char umsg [64]; int len = sizeof (char) * 64; memset (umsg, 0, len ); ret = copy_from_user (umsg, user, len); printk ("recv_msg: umsg = % s. ret = % d \ n ", umsg, ret);} return 0;} static int send_msg (struct sock * sk, int cmd, void _ user * user, int * len) {Int ret = 0; printk (KERN_INFO "sockopt: send_msg () \ n"); if (cmd = SOCKET_OPS_GET) {ret = copy_to_user (user, KMSG, KMSG_LEN ); printk ("send_msg: umsg = % s. ret = % d. success \ n ", KMSG, ret);} return 0;} static struct nf_sockopt_ops test_sockops = {. pf = PF_INET ,. set_optmin = SOCKET_OPS_SET ,. set_optmax = SOCKET_OPS_MAX ,. set = recv_msg ,. get_optmin = SOCKET_OPS_GET ,. get_optmax = SOCKET_OPS_M AX ,. get = send_msg ,. owner = THIS_MODULE,}; static int _ init init_sockopt (void) {printk (KERN_INFO "sockopt: init_sockopt () \ n"); return nf_register_sockopt (& test_sockops );} static void _ exit exit_sockopt (void) {printk (KERN_INFO "sockopt: fini_sockopt () \ n"); nf_unregister_sockopt (& test_sockops);} module_init (init_sockopt ); module_exit (exit_sockopt); user. c [cpp] # include <unistd. h> # incl Ude <stdio. h> # include <sys/socket. h> # include <linux/in. h> # include <string. h> # include <errno. h> # define SOCKET_OPS_BASE 128 # define SOCKET_OPS_SET (SOCKET_OPS_BASE) # define SOCKET_OPS_GET (SOCKET_OPS_BASE) # define SOCKET_OPS_MAX (SOCKET_OPS_BASE + 1) # define UMSG "---------- user ------------" # define UMSG_LEN sizeof ("---------- user ------------") char kmsg [64]; int main (void) {int sockfd; int le N; int ret; sockfd = socket (AF_INET, SOCK_RAW, IPPROTO_RAW); if (sockfd <0) {printf ("can not create a socket \ n "); return-1;}/* call function recv_msg () */ret = setsockopt (sockfd, IPPROTO_IP, SOCKET_OPS_SET, UMSG, UMSG_LEN); printf ("setsockopt: ret = % d. msg = % s \ n ", ret, UMSG); len = sizeof (char) * 64;/* call function send_msg () */ret = getsockopt (sockfd, IPPROTO_IP, SOCKET_OPS_GET, kmsg, & len ); Printf ("getsockopt: ret = % d. msg = % s \ n", ret, kmsg); if (ret! = 0) {printf ("getsockopt error: errno = % d, errstr = % s \ n", errno, strerror (errno);} close (sockfd ); return 0;} Makefile ---- different system commands may be different. My fedora 12 [cpp] TARGET = socketopt OBJS = module. o MDIR = drivers/misc EXTRA_CFLAGS =-DEXPORT_SYMTAB CURRENT = $ (shell uname-r) KDIR =/lib/modules/$ (CURRENT)/build PWD = $ (shell pwd) DEST =/lib/modules/$ (CURRENT)/kernel/$ (MDIR) obj-m: = $ (TARGET ). o $ (TARGET)-objs: = $ (OBJS) default: make-C $ (KDIR) SUBDIRS = $ (PWD) modules gcc-o user. c $ (TARGET ). o: $ (OBJS) $ (LD) $ (LD_RFLAG)-r-o $ @ $ (OBJS) insmod: insmod $ (TARGET ). ko rmmod: rmmod $ (TARGET ). ko clean:-rm-rf *. o *. ko. $ (TARGET ). ko. cmd. *. flags *. mod. c modules. order Module. symvers. tmp_versions-rm-rf protocol /*. o protocol /. *. o. cmd *. markers-rm-rf user-include $ (KDIR)/Rules. the result of the make operation [cpp] [root @ root socket] # make // compile make-C/lib/modules/2.6.31.5-127. fc12.i686. PAE/build SUBDIRS =/root/study/c_study/socket modules make [1]: Entering directory '/usr/src/kernels/2.6.31.5-127. fc12.i686. PAE 'CC [M]/root/study/c_study/socket/module. o LD [M]/root/study/c_study/socket/socketopt. o Building modules, stage 2. MODPOST 1 modules CC/root/study/c_study/socket/socketopt. mod. o LD [M]/root/study/c_study/socket/socketopt. ko make [1]: Leaving directory '/usr/src/kernels/2.6.31.5-127. fc12.i686. PAE 'gcc-o user. c [root @ root socket] # [root @ root socket] # make insmod // load insmod socketopt. ko [root @ root socket] # [root @ root socket] # lsmod // check the loaded Module Size Used by socketopt 1968 0 sunrpc 158388 1 [root @ root socket] # dmesg- c // clear the previous system information [root @ root socket] #. /user // run the user State setsockopt: ret = 0. msg = ---------- user ------------ getsockopt: ret = 0. msg = -------- kernel --------- [root @ root socket] # dmesg // view the latest generated log sockopt: recv_msg () recv_msg: umsg = ---------- user ------------. ret = 0 sockopt: send_msg () send_msg: umsg = -------- kernel ---------. ret = 0. success