Virtual machine and kernel communication using netlink

Question

I wrote a linux kernel module and a user space application. They had been communicating very well via netlink. But I got errno 111 (connection refused) when I was trying to run the user space application on an emulated node in CORE (Common Open Research Emulator). Could you help me find the cause (according to CORE, an emulated node is a virtual machine, which uses the same kernel as the local host)?

Thanks a lot!

Answer 1

The reason why I got "connection refused" error is because the user-land and kernel-land processes were not residing in the same network space. The kernel-land process was listening in the "root" space, while the user-land process was sending in another space.

CORE uses Linux virtualization. It creates separate process and network spaces for each emulated node. If an application is running on a CORE node, its user-land process has its own process-ID space and network stack space. The messages sent by the application were confined within the CORE node's own spaces.

To enable kernel-land and user-land communication when CORE is used, we should let the application switch to the kernel's network space first, and then create a netlink socket and send messages over the socket.

To switch to the kernel's network space, we need first mount /proc to /proc_root. And then, in the application, add {fd = open("/proc_root/1/ns/net", O_RDONLY); setns(fd, 0);} before sending messages to the kernel-land process using Netlink.

Answer 2

My guess is that it happened because of lack of linux capabilities (CAP_NET_ADMIN). Did you check capabilities of your user space process and your VM process?