Date: Tue, 14 Jun 2005 17:25:58 -0700 From: Julian Elischer <julian@elischer.org> To: Petri Helenius <pete@he.iki.fi> Cc: freebsd-net <freebsd-net@freebsd.org>, Aziz Kezzou <french.linuxian@gmail.com> Subject: Re: Netgraph question Message-ID: <42AF7596.7020102@elischer.org> In-Reply-To: <42AF499C.1020707@he.iki.fi> References: <3727392705061414032cf7ea95@mail.gmail.com> <42AF499C.1020707@he.iki.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
Petri Helenius wrote: > Aziz Kezzou wrote: > >> Hi all, >> I worked a bit with netgraph nodes and I find them very amazing and >> powerfull... Since my netgraph experience is still quite limited ( >> they are out of the scope of my project actually) I would like to know >> if the following claim is true, I need to be sure because it is for my >> master thesis ;-) : >> >> "Negraph nodes allow us, theoritically, to "steal" and inject packets >> of _any_ type from/at _any_ level of the network subsystem" >> >> > Specially with the emphasis, I don't think the claim holds. You cannot > mix and match the "ordinary" network subsystem nodes with netgraph > nodes at will unless that's accommodated for. However while the > flexibility can be considered high, it's not ultimately powerful. I think that the true statement would be something like: "a root enabled process can arange to intercept and inject packets from any part of th enetwork system which has netgraph hooks." This then make s one ask "where are there netgraph hooks?" and the answer would be: any tty interface any network interface (using a node gleb has I believe) any ethernet interface any vlan interface a socket (netgraph can open sockets and attach to them) any sync card with a netgraph hook (sr and ar) at the firewall (ipfw can pass to netgraph) see also: divert sockets > > Pete > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42AF7596.7020102>