在内核模块中侦听Netlink广播 [英] Listening for netlink broadcasts in a kernel module
本文介绍了在内核模块中侦听Netlink广播的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
SELinux模块将网络链接广播发送到任何侦听套接字.我想知道是否有可能从另一个内核模块中监听netlink广播?
The SELinux module sends out a netlink broadcast to any listening sockets. I'm wondering if it's possible to listen for netlink broadcast from within another kernel module?
通过SELinux网络链接代码:
From SELinux netlink code:
netlink_broadcast(selnl, skb, 0, SELNLGRP_AVC, GFP_USER);
推荐答案
我发现您可以通过使用常规套接字来监听netlink数据.而且,是的,在内核空间中是可能的.
I found that you can listen for netlink data through the use of regular sockets. And, yes, it's possible in kernel-space.
您基本上需要创建并绑定到套接字:
You basically need to create and bind to a socket:
struct sock *sock = NULL;
struct sockaddr_nl addr = { 0 };
/* Create a netlink socket for SELinux traffic */
int rc = sock_create_kern(AF_NETLINK, SOCK_RAW, NETLINK_SELINUX,
&ctx.sock);
if (rc)
return rc;
addr.nl_family = AF_NETLINK;
addr.nl_pid = 0;
addr.nl_groups = SELNLGRP_AVC;
rc = kernel_bind(ctx.sock, (struct sockaddr *) &addr, sizeof(addr));
if (rc)
return rc;
/* Setup socket callback */
sock = ctx.sock->sk;
sock->sk_data_ready = netlink_data_ready;
sock->sk_allocation = GFP_KERNEL;
要接收数据:
static void netlink_data_ready(struct sock *sk, int bytes)
{
struct sk_buff *skb = NULL;
struct nlmsghdr *nlh = NULL;
int rc = 0;
/* Receive the data packet (blocking) */
skb = skb_recv_datagram(sk, 0, 0, &rc);
if (rc) {
printk(KERN_ERROR "Failed on skb_recv_datagram(). rc=%d.", -rc);
return;
}
nlh = (struct nlmsghdr *) skb->data;
if (!nlh || !NLMSG_OK(nlh, bytes)) {
printk(KERN_ERROR "Invalid netlink header data.");
return;
}
if (nlh->nlmsg_type == SELNL_MSG_POLICYLOAD ||
nlh->nlmsg_type == SELNL_MSG_SETENFORCE) {
/* Insert code here */
}
}
这篇关于在内核模块中侦听Netlink广播的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文