Communication Protocols
As its name implies, a communication protocol is a set of rules and conventions used by two communicating processes (for example, the TCP/IP protocol suite). In FreeBSD, a communication protocol is defined by its entries in a protocol switch table. As such, by modifying these entries, a rootkit can alter the data sent and received by either communication endpoint. To better illustrate this "attack" allow me to digress.
The protosw Structure
The context of each protocol switch table is maintained in a protosw structure, which is defined in the <sys/protosw.h> header as follows:
struct protosw { short pr_type; /* socket type */ struct domain *pr_domain; /* domain protocol */ short pr_protocol; /* protocol number */ short pr_flags; ...Get Designing BSD Rootkits now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
