]> Joshua Wise's Git repositories - netwatch.git/blame - README
add GUIDE
[netwatch.git] / README
CommitLineData
c00c1c15
JP
1NetWatch!
2
3 This is NetWatch, a system for remote system-management-mode-based
4control of a machine without support from or awareness by the OS. It works by
5taking over a second network card to provide a standard VNC server, such that
6a machine elsewhere on the network can see the text or graphics console of the
7machine and inject keystrokes as needed.
8
f5d52870
JP
9 System management mode, introduced with the 386SL, essentially allows
10system driver code to run outside of OS control, caused by a special interrupt
11pin on the CPU. This was originally intended for applications such as laptop
12fan control; it is also the mechansim by which USB legacy keyboard emulation
13occurs. When a system management interrupt occurs, the northbridge remaps
14portions of memory to expose previously-hidden code, and asserts an SMI# signal,
15causing the CPU to save all its state into system management RAM and vector to
16a magic entry point.
17
18 This is somewhat slow, and so there is a moderate performance impact
19caused by running NetWatch, more significant when a VNC session is open.
20Because NetWatch is invisible to the OS, its CPU usage is difficult to monitor;
21we do so by comparing the MD5 throughput of the system with NetWatch
c00c1c15
JP
22running versus without. The only way that the OS could detect this performance
23drain is by spinning tightly and watching for a sudden jump in the CPU's time
24stamp counters.
25
26 Although it would be possible to start up NetWatch after an OS kernel
27has already loaded, it is easier and more useful to load it from GRUB before
28the OS boots, such that even the bootloader itself can be controlled over the
29network. We do this by providing a stub loader (grubload/) which can be invoked
30from GRUB, and takes care of loading the main NetWatch ELF image. Once this is
31done and NetWatch is up and running, the loader returns to real mode and
32reinvokes GRUB via the BIOS.
33
34 Our current development platform, the Intel ICH2, does not allow SMM
35traps on arbitrary PCI accesses. This makes stealing the network card from the
36OS somewhat difficult, since there is nothing SMM code can do to cleanly block
37access. NetWatch simply chooses its desired network card, and then repeatedly
38clobbers the PCI base address registers. Although Linux resets the BARs to sane
39values when it probes the PCI bus, by the time it attempts to actually load
40the network driver, the card will no longer be accessible; fortunately, the
41driver quickly gives up, and Linux no longer attempts to access the card.
42
43 The northbridge can be configured to invoke a system management
44interrupt every 64 milliseconds, and so the bulk of NetWatch's work is done
45from this interrupt: checking the network card for incoming packets, invoking
46lwIP, and sending any response packets necessary. SMM entry also occurs when
47when the OS reads from the keyboard I/O ports, to inject scan codes as needed.
48
49 Much of NetWatch is very hardware-dependent, and although we've tried
50to maintain clean interface separation to allow for easy porting, the current
51implementation requires:
52
53 - Intel ICH2 system chipset
54 - 3C509 Ethernet card to be used by NetWatch, plus another card of
55 any type for the OS
56 - BIOS which does not set the D_LCK bit. Any system old enough to be
57 based on the ICH2 is very likely to have a suitable BIOS.
58
f5d52870
JP
59 Current open issues are listed in the TODO file. See GUIDE for an
60overview of which source files do what.
This page took 0.031735 seconds and 4 git commands to generate.