summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
r.kubiak [Wed, 24 Feb 2016 17:53:46 +0000 (18:53 +0100)]
Move iptables-restore after full init
This patch moves the loading of iptables rules
after all subsystems have been initialized. In
case any of the subsystems fails, nether will
not leave any rules behind.
Change-Id: I86b63848d7864a684f2ed5d3f10c9e4419712617
r.kubiak [Wed, 24 Feb 2016 16:51:11 +0000 (17:51 +0100)]
Temporary fix for images without proper nether patches.
If the nether patches are not in the kernel, the rule
that was commented out, will stop all outgoing network traffic.
This should not be the case thanks to the queue-bypass
parameter to iptables, but it seems to fail anyway.
Since the kernel patches are not yet merged, nether is
useless anyway. This will fix any issues until this changes.
Change-Id: Ic6c6876a62588f76d0f7e4105d2866320474149f
r.kubiak [Wed, 27 Jan 2016 11:44:39 +0000 (12:44 +0100)]
Fixed the -d option.
Change-Id: I82c08e1558bf23fb7c446f0eddd8540692a8d51e
r.kubiak [Wed, 27 Jan 2016 11:36:06 +0000 (12:36 +0100)]
Bump release version
Change-Id: I07b1c7ec8f0cc4c78c20fbaf3a3d5031d682ec17
r.kubiak [Tue, 24 Nov 2015 13:28:58 +0000 (14:28 +0100)]
This patch disables the "-d" option for systemd, nether
does not fork into background and systemd is keeping
nether alive.
Change-Id: I1674e27919694773814104c0f0045a7ee3d21694
r.kubiak [Thu, 19 Nov 2015 12:48:26 +0000 (13:48 +0100)]
Added apache LICENSE file
Change-Id: If9ab9b33a53e93121cfbbe227d2f9b77845a69da
Aleksander Zdyb [Wed, 18 Nov 2015 14:34:32 +0000 (15:34 +0100)]
Fix potential failures with inheritance
Classes being inherited should generally have virtual destructors.
There was no problem at the moment, but it will help preventing failures
in the future.
Change-Id: I5ddd7c6bf5f8bd4751082244bc3730bc3d78691c
r.kubiak [Thu, 8 Oct 2015 14:22:55 +0000 (16:22 +0200)]
Added performance test scripts and programs
Change-Id: Iaf497786d993e98e6020290e0c5cb33af1461e23
r.kubiak [Thu, 8 Oct 2015 13:32:24 +0000 (15:32 +0200)]
Added a cynara backend option (passed as a primary backend
option -P) cache-size, to control the client side of cynara
caache (default is 1000). This size is in cynara objects
not kilo-mega/bytes.
Change-Id: Ia02053990d01d37a00f8d78ab743d60a7a0e758b
r.kubiak [Wed, 7 Oct 2015 15:40:26 +0000 (17:40 +0200)]
Added loopback rules, so that the REJECT target
can transmit ICMP packets to the process.
Change-Id: Idb5494f72e380164ab1473d18ef1f41a83e03ebe
r.kubiak [Wed, 7 Oct 2015 15:39:19 +0000 (17:39 +0200)]
Cynaara backend init, needs to return a valid
descriptor otherwise an error will be reported.
Change-Id: I3ea749bd39b7a61cb05d00a8d2cb63c51336cebb
RomanKubiak [Thu, 20 Aug 2015 11:31:02 +0000 (13:31 +0200)]
Added a relaxed mode.
This allows to run nether in a permissive/relaxed
mode where all DENY requestes are actualy allowed
but logged via AUDIT.
Change-Id: I0f67f061b2697a80d610d1988b706bd92de05944
RomanKubiak [Thu, 13 Aug 2015 14:26:05 +0000 (16:26 +0200)]
Fixed cynara socket initialization.
Change-Id: I38fe7751f087a719657e9d6a6da58cea3bf4a9d4
RomanKubiak [Thu, 13 Aug 2015 11:06:23 +0000 (13:06 +0200)]
Added optional interface information (output interface only)
Small fix for daemon mode.
Change-Id: I8fa3974ad54f5fd4b403672ba3a4abe3c8e7c568
RomanKubiak [Mon, 10 Aug 2015 15:23:43 +0000 (17:23 +0200)]
Fix for bad policy install path
Change-Id: I90e8e565d8f9efd46c34833a74cf59012163d6b0
RomanKubiak [Tue, 4 Aug 2015 12:39:48 +0000 (14:39 +0200)]
Packet copying is now optional.
We need to copy packets to userspace to get
TCP/IP information (address, port, protocol)
This has been made optional now.
Change-Id: Ic753a8ecacdf460b2587f65457a80e1da9bb21a6
RomanKubiak [Tue, 4 Aug 2015 12:24:51 +0000 (14:24 +0200)]
Added a fix for malformed policy files.
Change-Id: Ia362e8003df4eb3af0ccb2d47482d58d1b3edee9
RomanKubiak [Tue, 4 Aug 2015 12:04:53 +0000 (14:04 +0200)]
Fixed a compilation error when cynara is not available.
Change-Id: Ifa595f3cc1ef31d758cb40f468a46e1a36f8abd7
RomanKubiak [Mon, 3 Aug 2015 13:19:40 +0000 (15:19 +0200)]
Modified sources to eliminate pedantic warnings
from gcc.
- split function declaration and implementation
- delt with unsigned/signed comparison in Cynara
backend
Change-Id: I1b77af78292915efa9e850d32445c97d5893c513
RomanKubiak [Fri, 24 Jul 2015 13:14:34 +0000 (15:14 +0200)]
Fixed EOLs/TABs/spaces
Included fixes and changes from change I16970c3dedd9071c970523a478fbf35e009d13ef
as commented by Jan Olszak and Rafal Krypa
refer to https://review.tizen.org/gerrit/#/c/44086/ for details
Removed const qualifiers on method return types.
Removed unused parameters from method definitions.
Change-Id: Ic03f4b35cdb476005749d2c93a413a83c09490fd
RomanKubiak [Thu, 23 Jul 2015 12:31:43 +0000 (14:31 +0200)]
Switched all enums to "enum class : uint8_t" types
Change-Id: I0c24cb67e2cb362a2c1970edca6f1947e05b806a
RomanKubiak [Wed, 22 Jul 2015 15:14:38 +0000 (17:14 +0200)]
runAsDaemon function to work in the background
a fix for iptables rules to only catch the first
"new" packet not ALL
Change-Id: Ib5f2359a7a74da97a9b48d808005a5fe166975bb
RomanKubiak [Mon, 20 Jul 2015 14:11:10 +0000 (16:11 +0200)]
Added audit support
Updated cmake to include certain constants
Made boost optional not required
Fixed spec
Added iptables-restore support
Change-Id: I3b965023bd5c5a07612f80fa2e040454e7db42a2
RomanKubiak [Thu, 16 Jul 2015 14:57:24 +0000 (16:57 +0200)]
Added the README.md file for github
Added license info to files
Using unique_ptr<> in manager
Broke up the process() method in manager
Change-Id: I980d281d7decae6d1e23b9f5937117449ac627e3
RomanKubiak [Thu, 16 Jul 2015 14:57:12 +0000 (16:57 +0200)]
Added nether helper scripts and a simple example policy
for the file backend.
Change-Id: Ife2f173d9964cb9f65a9c88d8779872020ab6e46
RomanKubiak [Thu, 16 Jul 2015 14:56:05 +0000 (16:56 +0200)]
Included vasum logger class.
Some modifications
- added an option to disable colours in stderr logger
- added a syslog backend if journal is not available
- added a file backend
Change-Id: Id6ed1c56f871be8970879277b331b26d0e3969f3
RomanKubiak [Thu, 16 Jul 2015 14:55:05 +0000 (16:55 +0200)]
Build subsystem for nether (cmake, codeblocks, spec)
Change-Id: I35e39dc7e34087126b0a8aa2999cd0f7eb733fe3
RomanKubiak [Thu, 16 Jul 2015 14:54:22 +0000 (16:54 +0200)]
Initial source code for nether 0.0.1 (source code only)
Change-Id: I16970c3dedd9071c970523a478fbf35e009d13ef
KyungMi Lee [Thu, 16 Jul 2015 07:46:44 +0000 (00:46 -0700)]
Initial empty repository
projects / platform / core / security / nether.git / log