path: root/glougloud/README.txt
diff options
authorLaurent Ghigonis <laurent@p1sec.com>2012-07-22 02:13:20 +0200
committerLaurent Ghigonis <laurent@p1sec.com>2012-07-22 02:13:20 +0200
commit8dbc8b226c89f78579b787f40b403b12ca756b97 (patch)
tree7ee7cf7e7c417a7e0b48098ea2afa8e13bafaa64 /glougloud/README.txt
parentprecise linux version (diff)
add "Notes on architecture and security" section
Diffstat (limited to 'glougloud/README.txt')
1 files changed, 18 insertions, 0 deletions
diff --git a/glougloud/README.txt b/glougloud/README.txt
index 7bdda58..8a8c702 100644
--- a/glougloud/README.txt
+++ b/glougloud/README.txt
@@ -31,3 +31,21 @@ nc -vvv -u 4430 |hexdump -C
You get informations of traffic flowing on the monitored interface.
+=== Notes on architecture and security ===
+glougloud is architectured in 3 processes:
+ * main process, runs as root, opens the capture interfaces with
+libpcap and resolves DNS names
+ * server process, runs as _glougloud user and chrooted in _glougloud
+home, listens and accepts or refuses clients connections
+ * user process, runs as _glougloud user and chrooted in _glougloud
+home, parses the captured network traffic and sends a summary to the
+connected clients
+The 3 processes exchanges messages througt messages, with OpenBSD imsg
+Note that glougloud activates extra protections on pcap capture only
+on OpenBSD by reimplementing some of libpcap functions, see
+glougloud.c my_pcap_open_live()