Netgraph question
Julian Elischer
julian at elischer.org
Wed Jun 15 00:26:02 GMT 2005
Petri Helenius wrote:
> Aziz Kezzou wrote:
>
>> Hi all,
>> I worked a bit with netgraph nodes and I find them very amazing and
>> powerfull... Since my netgraph experience is still quite limited (
>> they are out of the scope of my project actually) I would like to know
>> if the following claim is true, I need to be sure because it is for my
>> master thesis ;-) :
>>
>> "Negraph nodes allow us, theoritically, to "steal" and inject packets
>> of _any_ type from/at _any_ level of the network subsystem"
>>
>>
> Specially with the emphasis, I don't think the claim holds. You cannot
> mix and match the "ordinary" network subsystem nodes with netgraph
> nodes at will unless that's accommodated for. However while the
> flexibility can be considered high, it's not ultimately powerful.
I think that the true statement would be something like:
"a root enabled process can arange to intercept and inject packets from
any part of th enetwork system
which has netgraph hooks."
This then make s one ask
"where are there netgraph hooks?"
and the answer would be:
any tty interface
any network interface (using a node gleb has I believe)
any ethernet interface
any vlan interface
a socket (netgraph can open sockets and attach to them)
any sync card with a netgraph hook (sr and ar)
at the firewall (ipfw can pass to netgraph)
see also: divert sockets
>
> Pete
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list