From 8dbc8b226c89f78579b787f40b403b12ca756b97 Mon Sep 17 00:00:00 2001
From: Laurent Ghigonis <laurent@p1sec.com>
Date: Sun, 22 Jul 2012 02:13:20 +0200
Subject: add "Notes on architecture and security" section

---
 glougloud/README.txt | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'glougloud')

diff --git a/glougloud/README.txt b/glougloud/README.txt
index 7bdda58..8a8c702 100644
--- a/glougloud/README.txt
+++ b/glougloud/README.txt
@@ -31,3 +31,21 @@ nc -vvv -u 127.0.0.1 4430 |hexdump -C
 
 You get informations of traffic flowing on the monitored interface.
 
+
+=== Notes on architecture and security ===
+
+glougloud is architectured in 3 processes:
+ * main process, runs as root, opens the capture interfaces with
+libpcap and resolves DNS names
+ * server process, runs as _glougloud user and chrooted in _glougloud
+home, listens and accepts or refuses clients connections
+ * user process, runs as _glougloud user and chrooted in _glougloud
+home, parses the captured network traffic and sends a summary to the
+connected clients
+
+The 3 processes exchanges messages througt messages, with OpenBSD imsg
+framework.
+
+Note that glougloud activates extra protections on pcap capture only
+on OpenBSD by reimplementing some of libpcap functions, see
+glougloud.c my_pcap_open_live()
-- 
cgit v1.2.3-59-g8ed1b