Petri Helenius wrote:
Aziz Kezzou wrote:
Hi all,
I worked a bit with netgraph nodes and I find them very amazing and
powerfull... Since my netgraph experience is still quite limited (
they are out of the scope of my project actually) I would like to know
if the following claim is true, I need to be sure because it is for my
master thesis ;-) :
"Negraph nodes allow us, theoritically, to "steal" and inject packets
of _any_ type from/at _any_ level of the network subsystem"
Specially with the emphasis, I don't think the claim holds. You cannot
mix and match the "ordinary" network subsystem nodes with netgraph
nodes at will unless that's accommodated for. However while the
flexibility can be considered high, it's not ultimately powerful.
I think that the true statement would be something like:
"a root enabled process can arange to intercept and inject packets from
any part of th enetwork system
which has netgraph hooks."
This then make s one ask
"where are there netgraph hooks?"
and the answer would be:
any tty interface
any network interface (using a node gleb has I believe)
any ethernet interface
any vlan interface
a socket (netgraph can open sockets and attach to them)
any sync card with a netgraph hook (sr and ar)
at the firewall (ipfw can pass to netgraph)
see also: divert sockets
Pete
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
