PERFORCE change 36924 for review
Robert Watson
rwatson at FreeBSD.org
Tue Aug 26 02:15:52 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=36924
Change 36924 by rwatson at rwatson_paprika on 2003/08/25 19:15:19
Convert from notes into text for network interface description.
Add stub paragraph for routing sockets and the routing system.
Begin to put text into the IP networking section.
Affected files ...
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/arch-handbook/secarch/chapter.sgml#4 edit
Differences ...
==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/arch-handbook/secarch/chapter.sgml#4 (text+ko) ====
@@ -1880,34 +1880,50 @@
<sect2 id="secarch-netinterfaces">
<title>Network Interfaces</title>
- <para>XXX</para>
+ <para>Most network protocol stacks included with FreeBSD are
+ intended for use of local area and wide area networks.
+ I/O from external network devices is generally abstracted
+ behind a network interface--most frequently as a source
+ and sink of packets.
+ Generally access to network interfaces is performed using
+ the network stack, with higher level network services
+ abstracted by sockets.
+ Management of network interfaces occurs using management
+ sockets or sysctl, and generally requires privilege,
+ although access control varies by component.</para>
- <para>generally, access to network interfaces performed using the
- network stack, abstracted via sockets.
- management occurs via special network sockets, and sysctl, and
- requires privilege.
- Management of specific protocol interactions with the network
- stack is performed at the level of the network stack, and
- access control may vary by component.</para>
+ <para>The Berkeley Packet Filter (BPF) permits direct monitoring
+ and transmission at the interface level, and offers a
+ kernel-based filtering language to improve performance, avoiding
+ the copying of uninteresting packets into the user process.
+ the right to use bpf depends on the protections of bpf devices
+ in /dev, permitting unprivileged monitoring or transmission of
+ specific classes of packets.
+ However, enabled promiscuous mode on interfaces does require
+ privilege.</para>
+ </sect2>
- <para>bpf permits direct monitoring and transmission at the
- interface level, and offers a kernel-based filtering language
- to improve performance, avoiding the copying of uninteresting
- packets into the user process.</para>
+ <sect2 id="secarch-routing">
+ <title>Routing Sockets</title>
- <para>the right to use bpf depends on the protections of bpf
- devices in /dev, permitting unprivileged monitoring or
- transmission of specific classes of packets.
- however, enabled promiscuous mode on interfaces does require
- privilege.</para>
-
- <para>XXX revision here</para>
+ <para>The FreeBSD network stack provides centralized,
+ protocol-independent route management. XXX
+ </para>
</sect2>
<sect2 id="secarch-netinet">
<title>IP Networking Protection Model</title>
- <para>management interfaces (suser required to manage IP properties
+ <para>The IPv4 and IPv6 protocol stacks in FreeBSD provide
+ controlled access to the network interface as abstracted behind
+ a variety of socket types, including TCP, UDP, and raw sockets.
+ Internally, routing of packets in and out of interfaces are
+ controlled by the IPv4 and IPv6 routing tables, which is
+ manipulated using routing sockets. XXX
+
+
+
+management interfaces (suser required to manage IP properties
of network interfaces, routing), monitoring of credentials
associated with sockets.
monitoring interfaces generally do not require privilege, with
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list