platform/core/security/nether.git
8 years agoMove iptables-restore after full init 92/60292/1
r.kubiak [Wed, 24 Feb 2016 17:53:46 +0000 (18:53 +0100)]
Move iptables-restore after full init

This patch moves the loading of iptables rules
after all subsystems have been initialized. In
case any of the subsystems fails,  nether will
not leave any rules behind.

Change-Id: I86b63848d7864a684f2ed5d3f10c9e4419712617

8 years agoTemporary fix for images without proper nether patches. 90/60290/1 accepted/tizen/common/20160225.160641 accepted/tizen/ivi/20160225.082022 accepted/tizen/mobile/20160225.081929 accepted/tizen/tv/20160225.081947 accepted/tizen/wearable/20160225.082000 submit/tizen/20160224.165550 submit/tizen/20160224.170026 submit/tizen_common/20160224.170035
r.kubiak [Wed, 24 Feb 2016 16:51:11 +0000 (17:51 +0100)]
Temporary fix for images without proper nether patches.

If the nether patches are not in the kernel, the rule
that was commented out, will stop all outgoing network traffic.
This should not be the case thanks to the queue-bypass
parameter to iptables, but it seems to fail anyway.

Since the kernel patches are not yet merged, nether is
useless anyway. This will fix any issues until this changes.

Change-Id: Ic6c6876a62588f76d0f7e4105d2866320474149f

8 years agoFixed the -d option. 98/58098/1
r.kubiak [Wed, 27 Jan 2016 11:44:39 +0000 (12:44 +0100)]
Fixed the -d option.

Change-Id: I82c08e1558bf23fb7c446f0eddd8540692a8d51e

8 years agoBump release version 97/58097/1
r.kubiak [Wed, 27 Jan 2016 11:36:06 +0000 (12:36 +0100)]
Bump release version

Change-Id: I07b1c7ec8f0cc4c78c20fbaf3a3d5031d682ec17

8 years agoThis patch disables the "-d" option for systemd, nether 94/52594/1 accepted/tizen/ivi/20160218.023857 accepted/tizen/mobile/20160125.011644 accepted/tizen/tv/20160125.011651 accepted/tizen/wearable/20160125.011655 submit/tizen/20160122.121634 submit/tizen_common/20160122.121757 submit/tizen_common/20160218.142243 submit/tizen_ivi/20160217.000000 submit/tizen_ivi/20160217.000003
r.kubiak [Tue, 24 Nov 2015 13:28:58 +0000 (14:28 +0100)]
This patch disables the "-d" option for systemd, nether
does not fork into background and systemd is keeping
nether alive.

Change-Id: I1674e27919694773814104c0f0045a7ee3d21694

8 years agoAdded apache LICENSE file 73/52173/1 accepted/tizen/mobile/20151119.232410 accepted/tizen/tv/20151119.232431 accepted/tizen/wearable/20151119.232437 submit/tizen/20151119.145050 submit/tizen_common/20151123.122441
r.kubiak [Thu, 19 Nov 2015 12:48:26 +0000 (13:48 +0100)]
Added apache LICENSE file

Change-Id: If9ab9b33a53e93121cfbbe227d2f9b77845a69da

8 years agoFix potential failures with inheritance 59/52059/2
Aleksander Zdyb [Wed, 18 Nov 2015 14:34:32 +0000 (15:34 +0100)]
Fix potential failures with inheritance

Classes being inherited should generally have virtual destructors.
There was no problem at the moment, but it will help preventing failures
in the future.

Change-Id: I5ddd7c6bf5f8bd4751082244bc3730bc3d78691c

8 years agoAdded performance test scripts and programs 19/49219/1 submit/tizen/20151110.144250
r.kubiak [Thu, 8 Oct 2015 14:22:55 +0000 (16:22 +0200)]
Added performance test scripts and programs

Change-Id: Iaf497786d993e98e6020290e0c5cb33af1461e23

8 years agoAdded a cynara backend option (passed as a primary backend 18/49218/1
r.kubiak [Thu, 8 Oct 2015 13:32:24 +0000 (15:32 +0200)]
Added a cynara backend option (passed as a primary backend
option -P) cache-size, to control the client side of cynara
caache (default is 1000). This size is in cynara objects
not kilo-mega/bytes.

Change-Id: Ia02053990d01d37a00f8d78ab743d60a7a0e758b

8 years agoAdded loopback rules, so that the REJECT target 17/49217/1
r.kubiak [Wed, 7 Oct 2015 15:40:26 +0000 (17:40 +0200)]
Added loopback rules, so that the REJECT target
can transmit ICMP packets to the process.

Change-Id: Idb5494f72e380164ab1473d18ef1f41a83e03ebe

8 years agoCynaara backend init, needs to return a valid 16/49216/1
r.kubiak [Wed, 7 Oct 2015 15:39:19 +0000 (17:39 +0200)]
Cynaara backend init, needs to return a valid
descriptor otherwise an error will be reported.

Change-Id: I3ea749bd39b7a61cb05d00a8d2cb63c51336cebb

8 years agoAdded a relaxed mode. 48/46448/2
RomanKubiak [Thu, 20 Aug 2015 11:31:02 +0000 (13:31 +0200)]
Added a relaxed mode.

This allows to run nether in a permissive/relaxed
mode where all DENY requestes are actualy allowed
but logged via AUDIT.

Change-Id: I0f67f061b2697a80d610d1988b706bd92de05944

8 years agoFixed cynara socket initialization. 72/46072/1
RomanKubiak [Thu, 13 Aug 2015 14:26:05 +0000 (16:26 +0200)]
Fixed cynara socket initialization.

Change-Id: I38fe7751f087a719657e9d6a6da58cea3bf4a9d4

8 years agoAdded optional interface information (output interface only) 52/46052/1
RomanKubiak [Thu, 13 Aug 2015 11:06:23 +0000 (13:06 +0200)]
Added optional interface information (output interface only)

Small fix for daemon mode.

Change-Id: I8fa3974ad54f5fd4b403672ba3a4abe3c8e7c568

8 years agoFix for bad policy install path 51/46051/1
RomanKubiak [Mon, 10 Aug 2015 15:23:43 +0000 (17:23 +0200)]
Fix for bad policy install path

Change-Id: I90e8e565d8f9efd46c34833a74cf59012163d6b0

8 years agoPacket copying is now optional. 12/45312/2
RomanKubiak [Tue, 4 Aug 2015 12:39:48 +0000 (14:39 +0200)]
Packet copying is now optional.

We need to copy packets to userspace to get
TCP/IP information (address, port, protocol)

This has been made optional now.

Change-Id: Ic753a8ecacdf460b2587f65457a80e1da9bb21a6

8 years agoAdded a fix for malformed policy files. 97/45297/1
RomanKubiak [Tue, 4 Aug 2015 12:24:51 +0000 (14:24 +0200)]
Added a fix for malformed policy files.

Change-Id: Ia362e8003df4eb3af0ccb2d47482d58d1b3edee9

8 years agoFixed a compilation error when cynara is not available. 93/45293/1
RomanKubiak [Tue, 4 Aug 2015 12:04:53 +0000 (14:04 +0200)]
Fixed a compilation error when cynara is not available.

Change-Id: Ifa595f3cc1ef31d758cb40f468a46e1a36f8abd7

8 years agoModified sources to eliminate pedantic warnings 08/45208/1
RomanKubiak [Mon, 3 Aug 2015 13:19:40 +0000 (15:19 +0200)]
Modified sources to eliminate pedantic warnings
from gcc.

- split function declaration and implementation
- delt with unsigned/signed comparison in Cynara
  backend

Change-Id: I1b77af78292915efa9e850d32445c97d5893c513

8 years agoFixed EOLs/TABs/spaces 75/44675/3
RomanKubiak [Fri, 24 Jul 2015 13:14:34 +0000 (15:14 +0200)]
Fixed EOLs/TABs/spaces
Included fixes and changes from change I16970c3dedd9071c970523a478fbf35e009d13ef
as commented by Jan Olszak and Rafal Krypa

refer to https://review.tizen.org/gerrit/#/c/44086/ for details

Removed const qualifiers on method return types.
Removed unused parameters from method definitions.

Change-Id: Ic03f4b35cdb476005749d2c93a413a83c09490fd

9 years agoSwitched all enums to "enum class : uint8_t" types 99/44599/2
RomanKubiak [Thu, 23 Jul 2015 12:31:43 +0000 (14:31 +0200)]
Switched all enums to "enum class : uint8_t" types

Change-Id: I0c24cb67e2cb362a2c1970edca6f1947e05b806a

9 years agorunAsDaemon function to work in the background 00/44500/3
RomanKubiak [Wed, 22 Jul 2015 15:14:38 +0000 (17:14 +0200)]
runAsDaemon function to work in the background
a fix for iptables rules to only catch the first
"new" packet not ALL

Change-Id: Ib5f2359a7a74da97a9b48d808005a5fe166975bb

9 years agoAdded audit support 93/44293/2
RomanKubiak [Mon, 20 Jul 2015 14:11:10 +0000 (16:11 +0200)]
Added audit support
Updated cmake to include certain constants
Made boost optional not required
Fixed spec
Added iptables-restore support

Change-Id: I3b965023bd5c5a07612f80fa2e040454e7db42a2

9 years agoAdded the README.md file for github 90/44090/4
RomanKubiak [Thu, 16 Jul 2015 14:57:24 +0000 (16:57 +0200)]
Added the README.md file for github
Added license info to files
Using unique_ptr<> in manager
Broke up the process() method in manager

Change-Id: I980d281d7decae6d1e23b9f5937117449ac627e3

9 years agoAdded nether helper scripts and a simple example policy 89/44089/1
RomanKubiak [Thu, 16 Jul 2015 14:57:12 +0000 (16:57 +0200)]
Added nether helper scripts and a simple example policy
for the file backend.

Change-Id: Ife2f173d9964cb9f65a9c88d8779872020ab6e46

9 years agoIncluded vasum logger class. 88/44088/1
RomanKubiak [Thu, 16 Jul 2015 14:56:05 +0000 (16:56 +0200)]
Included vasum logger class.
Some modifications
- added an option to disable colours in stderr logger
- added a syslog backend if journal is not available
- added a file backend

Change-Id: Id6ed1c56f871be8970879277b331b26d0e3969f3

9 years agoBuild subsystem for nether (cmake, codeblocks, spec) 87/44087/1
RomanKubiak [Thu, 16 Jul 2015 14:55:05 +0000 (16:55 +0200)]
Build subsystem for nether (cmake, codeblocks, spec)

Change-Id: I35e39dc7e34087126b0a8aa2999cd0f7eb733fe3

9 years agoInitial source code for nether 0.0.1 (source code only) 86/44086/1
RomanKubiak [Thu, 16 Jul 2015 14:54:22 +0000 (16:54 +0200)]
Initial source code for nether 0.0.1 (source code only)

Change-Id: I16970c3dedd9071c970523a478fbf35e009d13ef

9 years agoInitial empty repository master
KyungMi Lee [Thu, 16 Jul 2015 07:46:44 +0000 (00:46 -0700)]
Initial empty repository