pktd: A Packet Capture and Injection Daemon

Administrators can be highly reluctant to run foreign measurement tools on their hosts because (a) such tools frequently require privileged execution in order to transmit customized measurement packets and/or to passively capture network traffic, and (b) the administrators lack mechanisms to control the rate, duration, type, destination, and contents of traffic generated by the measurements. We present preliminary work on pktd, a packet capture and injection multiplexer daemon that provides controlled, finegrained access to the network device. On systems running pktd, client measurement tools are not given direct access to the network device. Instead, they are obliged to request access via pktd. By providing administrators control over the pktd mechanism, they can easily and securely enforce their desired policies concerning which clients should be granted which sorts of network access capabilities. Thus, pktd can serve as the sole trusted, privileged entity for conducting measurements, eliminating the need for administrators to vet the individual measurement tools.