如何识别用户空间和内核空间之间的特定套接字? [英] How to identify a specific socket between User Space and Kernel Space?

问题描述

我在用户空间中有一个库，可以拦截套接字层调用，例如socket()，connect()，accept()等.我只处理TCP套接字.

I have a library in User Space that intercepts socket layer calls such as socket(), connect(), accept(), etc. I'm only dealing with TCP sockets.

在内核空间中，我有一个网络内核模块，该模块处理所有TCP连接.我需要能够在驱动程序中识别出用户空间库拦截了哪些套接字.

Down in Kernel Space I have a network kernel module, which deals with all the TCP connections. I need to be able to identify in the driver which sockets were intercepted by the User Space library.

到目前为止，我一直在使用struct sock(内核)中的priority字段，可以在用户空间中使用setsockopt()进行设置.但这是一个肮脏的hack.

So far I've been using the priority field from struct sock (Kernel) that I can set with setsockopt() in User Space. But that's quite a dirty hack.

是否可以通过setsockopt()从用户空间安全使用和设置struct sock的任何私有字段?

Is there any kind of private field of struct sock I could safely use and set from User Space through setsockopt()?

谢谢.

推荐答案

实际上，没有这样的私有字段"选项只能由用户空间和内核代码使用.

There is really no such "private field" option that can be used solely by user space and your kernel code.

使用SO_PRIORITY选项似乎有点太麻烦了，因为它可以更改堆栈处理数据包的方式，并且可能导致难以理解的结果.一个更安全的选择是将SO_RCVBUF或SO_SNDBUF值与通常的默认值相比调整一些小的增量. Linux会将传入的值加倍，但是您可以从默认值中查找增量，并知道该增量的存在表明它是您的被拦截"套接字.

Using the SO_PRIORITY option seems a little too intrusive, as it can change how the stack processes packets, and it might lead to hard to understand results. A safer option would be to adjust the SO_RCVBUF or SO_SNDBUF values by some small delta from the usual default. Linux will double the value passed in, but you can look for the delta from the default values and know that the presence of the delta as a signal that this is your "intercepted" socket.

这篇关于如何识别用户空间和内核空间之间的特定套接字?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！