From owner-freebsd-net@FreeBSD.ORG Wed Jun 15 00:26:01 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E9ADF16A41C for ; Wed, 15 Jun 2005 00:26:01 +0000 (GMT) (envelope-from julian@elischer.org) Received: from bigwoop.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4639E43D48 for ; Wed, 15 Jun 2005 00:26:01 +0000 (GMT) (envelope-from julian@elischer.org) Received: from [208.206.78.97] (julian.vicor-nb.com [208.206.78.97]) by bigwoop.vicor-nb.com (Postfix) with ESMTP id C07327A403; Tue, 14 Jun 2005 17:25:58 -0700 (PDT) Message-ID: <42AF7596.7020102@elischer.org> Date: Tue, 14 Jun 2005 17:25:58 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050423 X-Accept-Language: en, hu MIME-Version: 1.0 To: Petri Helenius References: <3727392705061414032cf7ea95@mail.gmail.com> <42AF499C.1020707@he.iki.fi> In-Reply-To: <42AF499C.1020707@he.iki.fi> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net , Aziz Kezzou Subject: Re: Netgraph question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jun 2005 00:26:02 -0000 Petri Helenius wrote: > Aziz Kezzou wrote: > >> Hi all, >> I worked a bit with netgraph nodes and I find them very amazing and >> powerfull... Since my netgraph experience is still quite limited ( >> they are out of the scope of my project actually) I would like to know >> if the following claim is true, I need to be sure because it is for my >> master thesis ;-) : >> >> "Negraph nodes allow us, theoritically, to "steal" and inject packets >> of _any_ type from/at _any_ level of the network subsystem" >> >> > Specially with the emphasis, I don't think the claim holds. You cannot > mix and match the "ordinary" network subsystem nodes with netgraph > nodes at will unless that's accommodated for. However while the > flexibility can be considered high, it's not ultimately powerful. I think that the true statement would be something like: "a root enabled process can arange to intercept and inject packets from any part of th enetwork system which has netgraph hooks." This then make s one ask "where are there netgraph hooks?" and the answer would be: any tty interface any network interface (using a node gleb has I believe) any ethernet interface any vlan interface a socket (netgraph can open sockets and attach to them) any sync card with a netgraph hook (sr and ar) at the firewall (ipfw can pass to netgraph) see also: divert sockets > > Pete > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"