1

I am filtering packets using netfilter. Now, I need to place those packet-data into file. I know that we can not directly read/write files from kernel (infect, we should not), but recently I come to know that we can do this using the splice.

Previously, I tried to copy all the packets to user space and then dump them into a file, but it was having very slow operation and I was missing packets. I tried using the netlink and also tried using standard udp sockets to copy from kernel space to user space. I got no good results using this methods because I have very high packet rate.

Please suggest me one good way to write packets to file within kernel space. If anyone having idea/example of using the splice, it would be very much appreciated. thnx.

JohnG
  • 807
  • 1
  • 12
  • 20
  • I think you should check this [link](http://stackoverflow.com/questions/1184274/how-to-read-write-files-within-a-linux-kernel-module) – Raj Sep 18 '12 at 08:51

1 Answers1

0

have you tried elevating the priority of the socket using raw sockets? This generally does the trick when faster socket operation is required. I still feel writing files from the kernel space is a bad idea, especially if you have to dump packet data to the file.

if you think, the copy_to_user delay is what is causing the delay (ideally it shouldn't, but extreme cases, yes) try allocating a chunk of memory from kernel and map to userspace. And do the skbuff allocation from this pool. And then, do the regular socket or netlink to doorbell. Then from the userspace, you can directly access the packet from this area. Its some work, but should help in extreme conditions.

However, If you want to do it anyway, here is a nice article - http://www.linuxjournal.com/node/8110/print

joe
  • 1,136
  • 9
  • 17