:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [816152:74580343]
:POSTROUTING ACCEPT [824147:75308906]
--A OUTPUT -p tcp -j NFQUEUE --queue-num 0 --queue-bypass
--A OUTPUT -p udp -j NFQUEUE --queue-num 0 --queue-bypass
+-A OUTPUT -p tcp -m state --state NEW -j NFQUEUE --queue-num 0 --queue-bypass
+#-A OUTPUT -p udp -j NFQUEUE --queue-num 0 --queue-bypass
-A OUTPUT -p icmp -j NFQUEUE --queue-num 0 --queue-bypass
COMMIT
*filter
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Roman Kubiak (r.kubiak@samsung.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+/**
+ * @file
+ * @author Roman Kubiak (r.kubiak@samsung.com)
+ * @brief Run a process as a daemon
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <time.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+bool runAsDaemon()
+{
+ pid_t pid = fork();
+
+ if (pid == -1)
+ return (false);
+ else if (pid != 0)
+ exit (0);
+
+ if (setsid() == -1)
+ return (false);
+
+ /* Catch, ignore and handle signals */
+ signal(SIGCHLD, SIG_IGN);
+ signal(SIGHUP, SIG_IGN);
+
+ pid = fork();
+
+ /*
+ * Fork a second child and exit immediately to prevent zombies. This
+ * causes the second child process to be orphaned, making the init
+ * process responsible for its cleanup. And, since the first child is
+ * a session leader without a controlling terminal, it's possible for
+ * it to acquire one by opening a terminal in the future (System V-
+ * based systems). This second fork guarantees that the child is no
+ * longer a session leader, preventing the daemon from ever acquiring
+ * a controlling terminal.
+ */
+ if (pid == -1)
+ return (false);
+ else if (pid != 0)
+ exit(0);
+
+ if (chdir("/") == -1)
+ return (false);
+
+ umask(0);
+
+ /** Close all open file descriptors */
+ for (int x = sysconf(_SC_OPEN_MAX); x>0; x--)
+ {
+ close (x);
+ }
+
+ if (open("/dev/null",O_RDONLY) == -1)
+ return (false);
+
+ if (open("/dev/null",O_WRONLY) == -1)
+ return (false);
+
+ if (open("/dev/null",O_RDWR) == -1)
+ return (false);
+
+ return (true);
+}
<Unit filename="include/logger/logger-scope.hpp" />
<Unit filename="include/logger/logger.hpp" />
<Unit filename="include/nether_CynaraBackend.h" />
+ <Unit filename="include/nether_Daemon.h" />
<Unit filename="include/nether_DummyBackend.h" />
<Unit filename="include/nether_FileBackend.h" />
<Unit filename="include/nether_Manager.h" />
#include "nether_Types.h"
#include "nether_Utils.h"
#include "nether_Manager.h"
+#include "nether_Daemon.h"
using namespace std;
void showHelp(char *arg);
#if defined(_DEBUG)
<< " debug"
#endif
- << " daemon=" << netherConfig.daemonMode
+ << " daemon=" << netherConfig.daemonMode
<< " queue=" << netherConfig.queueNumber);
LOGD("primary-backend=" << backendTypeToString (netherConfig.primaryBackendType)
<< " primary-backend-args=" << netherConfig.primaryBackendArgs);
return (1);
}
+ if (netherConfig.daemonMode)
+ {
+ if (!runAsDaemon())
+ {
+ LOGE("Failed to run as daemon: " << strerror(errno));
+ exit (1);
+ }
+ }
+
manager.process();
return (0);
projects / platform / core / security / nether.git / commitdiff