Netgraph question

[Julian Elischer]

Petri Helenius wrote:

> Aziz Kezzou wrote:
>
>> Hi all,
>> I worked a bit with netgraph nodes and I find them very amazing and
>> powerfull... Since my netgraph experience is still quite limited (
>> they are out of the scope of my project actually) I would like to know
>> if the following claim is true, I need to be sure because it is for my
>> master thesis ;-) :
>>
>> "Negraph nodes allow us, theoritically, to "steal" and inject packets
>> of _any_ type from/at _any_ level of the network subsystem"
>>  
>>
> Specially with the emphasis, I don't think the claim holds. You cannot 
> mix and match the "ordinary" network subsystem nodes with netgraph 
> nodes at will unless that's accommodated for. However while the 
> flexibility can be considered high, it's not ultimately powerful.



I think that the true statement would be something like:

"a root enabled process can arange to intercept and inject packets from 
any part of th enetwork system
which has netgraph hooks."

This then make s one ask
"where are there netgraph hooks?"

and the answer would be:

any tty interface
any network interface (using a node gleb has I believe)
any ethernet interface
any vlan interface
a socket (netgraph can open sockets and attach to them)
any sync card with a netgraph hook (sr and ar)
at the firewall (ipfw can pass to netgraph)

see also: divert sockets

>
> Pete
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"