Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new networkfirewall probe #1724

Closed
wants to merge 6 commits into from
Closed

Add new networkfirewall probe #1724

wants to merge 6 commits into from

Conversation

gdidot
Copy link

@gdidot gdidot commented Apr 7, 2021

This PR adds the networkfirewall probe following the proposal OVAL-Community/OVAL#111.

This implementation is based on nftable and gets the currently used nftables configuration.
This implementation supports a limited number of nftables rule expressions.

These elements are :

  • input_interface :
    • iifname "XXX"  
  • output_interface
    • oifname "XXX"
  • transport_protocol
    • tcp, udp and sctp
    • ip protocol [tcp, udp, sctp]
    • ct [original/reply] protocol [tcp, udp, sctp]
  • source_inet_address
    • ip saddr 127.0.0.0/24
    • ip saddr 127.0.0.1
    • ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234
    • ip6 saddr 1234:1234:1234:1234:1234:1234:1234:1234/64
    • ct [original/reply] ip saddr 127.0.0.1
    • ct [original/reply] ip saddr 127.0.0.0/24
  • destination_inet_addr
    • ip daddr 127.0.0.0/24
    • ip daddr 127.0.0.1
    • ip6 daddr 1234:1234:1234:1234:1234:1234:1234:1234
    • ip6 daddr 1234:1234:1234:1234:1234:1234:1234:1234/64
    • ct [original/reply] ip daddr 127.0.0.1
    • ct [original/reply] ip daddr 127.0.0.0/24
  • source_port
    • [tcp/udp/sctp] sport XXX
    • ct [original/reply] proto-src 80
  • destination_port
    • [tcp/udp/sctp] dport XXX
    • ct [original/reply] proto-dest 80

gdidot and others added 6 commits April 7, 2021 10:11
@gdidot
Add start of the networkfirewall probe
f9be6f5 
Use jansson to handle the return of nftables

Finished rule filtering and start rule parsing

Reduce the support of the nftable's rules grammar
@gdidot
Relocate networkfirewall files
16211d5 
Add a method to get the transport protocol of a rule

Add a method to get the oiframe of a rule

Adding basic ipv4 saddr support

Add operation checking for transport_protcol and finish saddr implementation

 Add a method to get the sport for tcp/udp/sctp of a rule

Implementation of daddr

Add filtering_action support

Refactor of the filtering_action process

Add dport support

Add item creation to the main
@aorhant @gdidot
Added error handling
bfd5d30
@gdidot
Fix memory leak in networkfirewall probe
6176f0a 
Fix seg fault
@gdidot
Add documentation for the networkfirewall probe methods
d3486c5
@aorhant @gdidot
fix filter interface
0c889eb 
Add conditions to get_dport/sport function

add support for proto-src/dst

Apply clang-format on the networkfirewall files
@openscap-ci
Copy link

Can one of the admins verify this patch?

1 similar comment
@openscap-ci
Copy link

Can one of the admins verify this patch?

@evgenyz evgenyz marked this pull request as draft April 7, 2021 09:01
@gdidot gdidot changed the title Feature/networkfirewall Add new networkfirewall probe Apr 7, 2021
@evgenyz evgenyz mentioned this pull request Apr 30, 2021
Closed
@evgenyz
Copy link
Contributor

evgenyz commented Feb 9, 2024

I guess it doesn't make much sense given the conversation in OVAL PR.

@evgenyz evgenyz closed this Feb 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gdidot @openscap-ci @evgenyz @aorhant