glougloud - glouglou daemon, for network traffic visualisation in real time


=== Requirements ===

* libglouglou

Known to work on OpenBSD 5.1 and Linux 3.4


=== Installation ===

git clone git@meg:glouglou

sudo useradd -d /var/empty/ -s /sbin/nologin _glougloud


=== Usage ===

* Run the daemon

cd glouglou/glougloud/
sudo ./glougloud

It logs to /var/log/glougloud.
For the moment it monitors lo0 interface.

* Connect to the daemon

nc -vvv -u 127.0.0.1 4430 |hexdump -C

You get informations of traffic flowing on the monitored interface.


=== Notes on architecture and security ===

glougloud is architectured in 3 processes:
 * main process, runs as root, opens the capture interfaces with
libpcap and resolves DNS names
 * server process, runs as _glougloud user and chrooted in _glougloud
home, listens and accepts or refuses clients connections
 * user process, runs as _glougloud user and chrooted in _glougloud
home, parses the captured network traffic and sends a summary to the
connected clients

The 3 processes exchanges messages througt messages, with OpenBSD imsg
framework.

Note that glougloud activates extra protections on pcap capture only
on OpenBSD by reimplementing some of libpcap functions, see
glougloud.c my_pcap_open_live()