Date: Mon, 13 Jan 2003 18:42:56 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Radoslav Vasilev <rado@cablebg.net> Cc: freebsd-net@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: kld && inetsw.pr_protocol overriding + old reuse Message-ID: <3E237930.FC51AB75@mindspring.com> References: <000b01c2bb5e$eb42f8f0$13e309d9@deckland>
next in thread | previous in thread | raw e-mail | index | archive | help
Radoslav Vasilev wrote: > I'm interested in whether the following could be acomplished: > there's KLD module, installing some new syscalls in the kernel, as well as > installing new ``struct ipprotosw'' for some protocol or another(let's > assume IPPROTO_UDP). > Could we just add some code in the begging of the new protocol handler > (counting, statistics , etc...) and call the old one after doing that. If > possible, what should be the preparation for that last call ? > Any help appreciated! This can't really be done, without actually hacking over top of the location that contained the code associated with the previous symbol. The reason for this is that the input path sometimes ends up making direct calls, assuming that the protocol stack is stacked the way it's expected to be stacked (e.g. direct calls to routines that are in struct ipprotosw). If you need to hack over the function, you need a lot more knowledge of assembly language; it is occasionally useful for profiling an existing system. The usual reason for wanting to do this is to make TCP/IP connections that are invisible to the OS, in order to attempt to turn FreeBSD boxes into DDOS robots, without the knowledge of their owners. 8-|. If you have a specific reason for this, you can replace the entry points with explicit entry points for your own routines, that call the real (renamed) routines, indirectly, and then replace the pointers. This will work fine on systems which legitimately belong to you, and for which you are willing to recompile the kernel, in order to make your modules work. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E237930.FC51AB75>