2003-02-03 Vincent Glaume * src/island-plugins.c, src/include/island.h, src/include/plugin-island.h: new files to start the islanding support * src/comm-agent.c, src/include/cm.h: modified to support the islanding stuff * plugins/island/island.c: fist step of the islanding implementation: the idea is to shutdown the UP interfaces ; to get a list of these interfaces, if_nameindex() is used, but please note it doesn't behave the same on every system (it seems that it gets only UP interfaces with an IP address on Linux, whereas it gets all UP interfaces on BSD) 2003-01-04 Vincent Glaume * src/firewall-plugins.c, src/include/plugin-firewall.h: added a callback to the fw plugin to delete rules when the ttl has expired. * src/comm-agent.c: added a call to the firewall rule cleaning function, implying a new use of timeout of poll. * plugins/firewall/netfilter/netfilter.c: implemented the stuff related to the cleaning of expired functions. 2002-12-21 Vincent Glaume * plugins/firewall/ipfilter: added the ipfilter plugin first steps. * plugins/firewall/netfilter/netfilter.c: corrected some errors in port handling. replaced hardcoded protocols values by IPPROTO_X. * configure.in: added necessary stuff to compile the ipfilter plugin. * src/comm-agent.c: changed prelude_client_recv_msg to prevent it from crashing on FreeBSD when the manager disconnects (poll doesn't behave the same way on Linux and FreeBSD in this case). 2002-12-07 Vincent Glaume * src/comm-agent.c, src/pconfig.c, src/prelude-cm-agent.c: added include files to compile on FreeBSD 2002-12-03 Vincent Glaume * configure.in: corrected an error in the file search process. added a directory to search for libiptc headers. * plugins/firewall/netfilter/netfilter.c: added a way to prevent the appending of an already inserted rule in the Prelude user-defined chain ('-c' option to activate this). renamed process_unknown_msg() into process_misc_msg(). modified the add_jumps function: a warning/help message may be printed to explain how to use correctly the plugin; jumps to the user-defined chain are added only to the built-in chains, to avoid the strange libiptc behaviour in the loop. * src/comm-agent.c: print_firewall_rule(): added the missing "break" instructions. use a tmp buffer to print the attack source address (because of inet_ntoa static buffer). * src/include/pconfig.h: added the netfilter_checks field to the configuration structure. * src/pconfig.c: initialize this new field. 2002-08-30 Vincent Glaume * docs/man/prelude-cm-agent.8: started a man page. 2002-08-29 Vincent Glaume * plugins/firewall/netfilter/netfilter.c: added 2 options: "--flush" will delete all the old entries in the chain dedicated to Prelude, "--add-jump" will add to every builtin chain a jump instruction to the Prelude chain. * prelude-cm-agent/src/comm-agent.c: removed a useless printf. * src/pconfig.c: corrected an error in the netmasks table. 2002-08-28 Vincent Glaume * src/pconfig.c: added a --debug option to choose to print the firewall rules we receive, or not. added a --protected-nets to specify which network(s) the agent is supposed to protect. this is done to replace the hard-coded values. * src/pconfig.h: config_agent_t adapted to deal with the new options. * src/include/cm.h: 2 new tags defined to deal with the agent registration: they are used to send the information related to the protected nets. * src/comm-agent.c: build_np_msg() creates the "net protection" message, while register_connection() only sends it.