On Nov 17, 2003, at 2:44 AM, Marek Kozubal wrote: On Sat, 15 Nov 2003, Matt Jaffa wrote: Marek Kozubal, How do I write a user land daemon that the Kernel KEXT can actually call, and how do I call it from within the Kernel extension? One of the biggest questions I have is, Is there better documentation on how to do everything? The online documentation, just teaches you how to compile, non of the specifics on the capabilities of everything, Is there a book out there that i can buy that will help alot? Well I posted about an RPC system that used MIG to communicate between a KEXT and user land daemon, this works currently, however Jim and Quinn both don't like it because the kernel isnt a true mig task and there are naked rights floating around, etc. What I said was that it was SPI (i.e. subject to change). Let's face it, anytime you create a KEXT outside the IOKit domain, you will likely run into compatibility problems down the line. We are fixing that (as Joshua pointed out in a subsequent post). But generic "sending" from the kernel to a user-level daemon will often run into "edge-conditions" that make it difficult to manage. For example, what if the daemon becomes unresponsive? Do you keep queueing forever until the kernel is starved for resources? Do you just drop messages? Do you block waiting for space? What thread are you running under when you try to do this? etc, ... You get the idea. So, more likely than codifying a generic set of IPC/RPC mechanisms from kernel to user, we will likely be codifying specific ones. Like a way to reflect filesystem operations and/or network operations out to user-space. That way, we know what the constraints are, and can chose the proper actions when we run up against some of these edge conditions. And this brings up back to the suggestion that you use ipfw - because it was specifically designed to reflect this kind of traffic out to user-space. That is, if you are going to use anything on these machines at all (instead of just using a proxy server on your network as others have suggested). The argument that any admin user could change the firewall rules doesn't really hold water. They can remove your kext as well. --Jim _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.