Hello,

I am developing kernel that set the iptables rules based on some data detection by my kernel module.

I could not figure out how to set the iptables rules from the kernel module itself.

Could you please help me to figure out how to set the iptables rules from the kernel module?


Best Regards,
---------------------------------------
Saurabh D Chokshi

As far as I am aware Linux does not use a pull but a push model. That is, the kernel does not (and should not ever) read userland data or exec arbitrary userland apps. Look at how iptables rule management or sysctls are handled for instance: userland reads from and supplies data to the kernel via /proc. Not the other way around. Linux Kernel Modules do not (and should not ever) muck with Netfilter Framework data the way you propose they should. That would be a grave violation.

Actually, now I am trying to write the rules into some file and reading the rules from user space and set the ip tables rules.

However, I am getting problem in writing and reading from the file. In my code, I am not getting any error and but not able to read and write into the file.

Could you please let me know where I am going wrong in my code?

My code is

#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/syscalls.h>
#include <linux/file.h>
#include <linux/fs.h>
#include <linux/fcntl.h>
#include <asm/uaccess.h>

static void write_file(char *filename, char *data)
{
struct file *file;

// mm_segment_t old_fs = get_fs();
// set_fs(KERNEL_DS);

file = filp_open(filename, O_WRONLY|O_CREAT, 0777);
ssize_t wc;
wc = vfs_write(file, data, strlen(data),0);
if(wc < strlen(data))
{
printk(KERN_INFO "Problem in Writing Data\n");
}
filp_close(file,0);
/* if (fd >= 0) {
sys_write(fd, data, strlen(data));
file = fget(fd);
if (file) {
vfs_write(file, data, strlen(data), &pos);
fput(file);
}
// sys_close(fd);

} // set_fs(old_fs); */
}

static void read_file(char *filename)
{
struct file *fd;
// char buf[1];

// mm_segment_t old_fs = get_fs();
// set_fs(KERNEL_DS);

fd = filp_open(filename, O_RDONLY, 0);
char buf[80];

// if (fd >= 0) {
printk(KERN_DEBUG);
vfs_read(fd,buf, 5, 0);
printk("Data Read : %s\n",buf);
// while (sys_read(fd, buf, 1) == 1)
// printk("%c", buf[0]);
// printk("\n");
// sys_close(fd);
// }
filp_close(fd,0);
}


static int __init init(void)
{
write_file("/tmp/test","Hello World\n");
read_file("/tmp/test");
return 0;
}

static void __exit exit(void)
{

}

MODULE_LICENSE("GPL");
module_init(init);
module_exit(exit);

Looks like you are trying to work with netfilter in which rules are depending a file.

check this out:
http://www.linuxjournal.com/article/7660.

It has the source code link at the bottom, which is a ftp client implemented in kernel socket (associated with some file writing thing you may need).

For netfilter, You could check this one for a simple intro:
http://www.linuxjournal.com/article/7184

Hope it helps,

-Kun

...and to support arguments I submit http://www.linuxjournal.com/article/8110. Since you managed to crosspost your questions you would have seen that anyway. Note that crossposting (or necroposting for that matter) your questions, regardless of the motivation or reason, is considered unwanted at LQ. Please don't.

Hi ,

I looked at the article you suggest me regarding the queries.

But, it did not work out.

Do you have any idea where this code could go wrong?

Thanks,
Saurabh Chokshi