next up previous contents index
Next: Part IV: Component Libraries Up: 16.4 Running OSKit kernels Previous: 16.4.1 Disk

16.4.2 Networking

 

If you're using the emulated network then there's nothing you have to do, things should work the same as a Unix executable. If you're accessing an interface directly you'll have to do some more work. Since OSKit kernels assume that they're the only thing that can access the net, the best way to do networking is to dedicate an interface for use by the OSKit on Unix.

There are a couple environment variables that you'll need to set:

There are also some differences between running on Linux and FreeBSD.

Linux

First off, you're going to have to run as root to be able to take over an ethernet interface under Linux. This makes sense, since if any user could hijack an interface you'd be in big trouble.

You're going to want to turn arp off on the interface you'll be using. Also, set the IP address to be a local address (see rfc1918, http://www.faqs.org/rfcs/rfc1918.html). The following commands assume that you're using eth1.

ifconfig eth1 -arp up 10.1.1.1

You can also use ipfwadm to make sure the linux network stack never sees the packets. The following commands will add a rule to deny packets for all protocol types for both input and output.

ipfwadm -I -a deny -P all -W eth1
ipfwadm -O -a deny -P all -W eth1

FreeBSD

The Unix support library networking code uses the Berkeley Packet Filter (``BPF'') to get it's packets. If your kernel isn't compiled with BPF support you'll have to build a new kernel. To do this, put options bpfilter 2 in your kernel config file and rebuild. You should set the number of packet filter instances to at least 2 so that you can run tcpdump along with your OSKit kernel. Normally you'll have to be root to use the packet filter, but access is only determined by the permissions on /dev/bpfn, so you don't necessarily have to. You'll have to determine for yourself if the risk of having an exploitable packet filter is greater than the risk of running your OSKit kernels as root.


next up previous contents index
Next: Part IV: Component Libraries Up: 16.4 Running OSKit kernels Previous: 16.4.1 Disk

Utah Flux Research Group