milabs
commented
11 years ago I don't really think that netlink is not a good idea, but if you need the information about the mmap implementation take a look at the PFQ project. It aims to direct NIC packets capturing at wire speed and the performance is a key goal. As I see it they used mmap'ed area to share kernel-user ring buffers. Besides that, they registered a special proto family PF_Q so the socket created with that type can be used for mmaping and polling.
Well, see the project for details :)
alexandernst
I'd like to move away from the entire NetLink madness to mmap. I think procmon will gain in both speed and stability.
Anyways, I have been looking at the link you gave me ( http://people.ee.ethz.ch/~arkeller/linux/kernel_user_space_howto.html#ss8.1 ) here http://stackoverflow.com/questions/19233717/sharing-or-sending-data-from-lkm-to-userland and it seems as I'll have to face two big problems.
The first one is how to notify userland that there is more data availabe. I kept reading the link and I found I could use http://people.ee.ethz.ch/~arkeller/linux/kernel_user_space_howto.html#ss6.1 to notify userland when it should read more data.
But then, here it goes the second big problem: mmap is just writing to a buffer, like a file. Right now I'm saving and sending each message (containing name of program, pid, operation, details, etc... the
syscall_infostruct) like a piece of data, encoded and decoded with thede/serialize.cfiles. Each message looks like:So it's really easy to just read the
msg_sizefrom there, and then read that size and cast it to asyscall_infostruct.The problem is that I won't be able to do the same thing when I'm doing mmap, as everything will be written continuosly. Or will I?
Anyways, I'm open to any suggestions about this @milabs :)