/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Roman Kubiak (r.kubiak@samsung.com)
*
int auditDescriptor;
#endif // HAVE_AUDIT
sigset_t signalMask;
+ char m_packetBuffer[NETHER_PACKET_BUFFER_SIZE] __attribute__((aligned));
};
#endif
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Roman Kubiak (r.kubiak@samsung.com)
*
std::string packetToString(const NetherPacket &packet);
template<typename ... Args> std::string stringFormat(const char* format, Args ... args);
std::vector<std::string> tokenize(const std::string &str, const std::string &delimiters);
+std::string bufferToHexDumpString(const char *data, int size);
#endif // NETHER_UTILS_H
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 -2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Roman Kubiak (r.kubiak@samsung.com)
*
#include "nether_CynaraBackend.h"
#include "nether_FileBackend.h"
#include "nether_DummyBackend.h"
+#include "nether_Utils.h"
NetherManager::NetherManager(const NetherConfig &_netherConfig)
: netherPrimaryPolicyBackend(nullptr),
if(FD_ISSET(netlinkDescriptor, &watchedReadDescriptorsSet))
if(!handleNetlinkpacket())
- break;
+ return false;
if (backendDescriptor == -1)
continue;
{
LOGD("netlink descriptor active");
int packetReadSize;
- NetherPacket receivedPacket;
- char packetBuffer[NETHER_PACKET_BUFFER_SIZE] __attribute__((aligned));
/* some data arrives on netlink, read it */
- if((packetReadSize = recv(netlinkDescriptor, packetBuffer, sizeof(packetBuffer), 0)) >= 0)
+ if((packetReadSize = recv(netlinkDescriptor, m_packetBuffer, sizeof(m_packetBuffer), 0)) >= 0)
{
/* try to process the packet using netfilter_queue library, fetch packet info
needed for making a decision about it */
- if(netherNetlink->processPacket(packetBuffer, packetReadSize))
+ if(netherNetlink->processPacket(m_packetBuffer, packetReadSize))
{
return (true);
}
else
{
- /* if we can't process the incoming packets, it's bad. Let's exit now */
- LOGE("Failed to process netlink received packet, refusing to continue");
- return (false);
+ LOGE("Failed to process netlink packet");
+ LOGE(bufferToHexDumpString(m_packetBuffer, packetReadSize));
+ return (true);
}
}
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Roman Kubiak (r.kubiak@samsung.com)
*
if(nfq_get_uid(nfa, &packet.uid) == 0)
LOGW("Failed to get uid for packet id=" << packet.id);
- nfq_get_gid(nfa, &packet.gid);
+ if (nfq_get_gid(nfa, &packet.gid) == 0)
+ LOGW("Failed to get gid for packet id=" << packet.id);
secctxSize = nfq_get_secctx(nfa, &secctx);
/*
- * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2017 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Roman Kubiak (r.kubiak@samsung.com)
*
#include "nether_Utils.h"
+#include <iomanip>
+#include <sstream>
+
NetherVerdict stringToVerdict(char *verdictAsString)
{
if(verdictAsString)
v.emplace_back(str, start, str.length() - start); // add what's left of the string
return v;
}
+
+std::string bufferToHexDumpString(const char *data, int size)
+{
+ const int numCols = 16;
+ const uint8_t *buffer = reinterpret_cast<const uint8_t *>(data);
+ std::stringstream ss;
+
+ ss << "Buffer size: " << size << " B\n" << ss.str();
+
+ ss << std::hex << std::setfill('0');
+
+ for (int offset = 0; offset < size; offset += numCols)
+ {
+ ss << std::setw(sizeof(size) * 2)
+ << offset << ": ";
+
+ for (int c = 0; c < numCols; c++)
+ {
+ if ((offset + c) < size)
+ {
+ ss << std::setw(2)
+ << (unsigned int)buffer[offset + c] << " ";
+ }
+ else
+ {
+ ss << " ";
+ }
+ }
+
+ ss << " ";
+
+ for (int c = 0; c < numCols && (offset + c) < size; c++)
+ {
+ ss << (isprint(data[offset + c]) ? data[offset + c] : '.');
+ }
+
+ ss << std::endl;
+ }
+
+ return ss.str();
+}