Commit Graph

17 Commits

Author SHA1 Message Date
Adam Ierymenko
74afef8eb1 Think through and refine a few things in rules, especially edge case TEE and REDIRECT behavior and semantics. 2016-08-31 16:50:22 -07:00
Adam Ierymenko
54489a7f61 rename SAMENESS to DIFFERENCE which is less confusing 2016-08-31 14:14:58 -07:00
Adam Ierymenko
8e3004591b Add overlooked MATCH_ICMP to rule set. 2016-08-31 14:01:15 -07:00
Adam Ierymenko
6bd5aba4fa fix frame size range bug 2016-08-26 13:26:26 -07:00
Adam Ierymenko
5eaf397a94 Add a debug log feature in the filter, which only works if enabled in Network.cpp. 2016-08-25 13:31:23 -07:00
Adam Ierymenko
8e3463d47a Add length limit to TEE and REDIRECT, and completely factor out old C json-parser to eliminate a dependency. 2016-08-24 13:37:57 -07:00
Adam Ierymenko
9a3c652a51 Get rid of expiration in Capability and Tag and move this to NetworkConfig so it can be set network-wide and reset if needed. Also add NetworkConfig field for this and centralize checking of credential time validity. 2016-08-22 18:06:46 -07:00
Adam Ierymenko
b0d888d235 Signing of Capability and Tag objects. 2016-08-22 14:25:59 -07:00
Adam Ierymenko
d166b494ee Rule parse fix. 2016-08-10 13:41:22 -07:00
Adam Ierymenko
2ba9343607 Encode and decode of tags and capabilities in NetworkConfig. 2016-08-09 08:32:42 -07:00
Adam Ierymenko
00fd9c3a15 It builds... almost ready to test some rules engine stuff. 2016-08-08 17:33:26 -07:00
Adam Ierymenko
e2f783ebbd . 2016-08-05 15:02:01 -07:00
Adam Ierymenko
98152d974a More cleanup and removal of DeferredPackets, will do the latter in a more elegant way. 2016-08-04 11:40:38 -07:00
Adam Ierymenko
f057bb63cd More work on tags and capabilities. 2016-08-04 09:02:35 -07:00
Adam Ierymenko
7e6e56e2bc Bunch of work on pushing and replication of tags and capabilities, and protocol cleanup. 2016-08-03 18:04:08 -07:00
Adam Ierymenko
67cb03742e Add tag rules and split out rule serialize/deserialize so the code can be reused. 2016-08-03 14:12:38 -07:00
Adam Ierymenko
ecc1324bb0 Rules engine work: capability based security model with tags and capabilities, and some cleanup across other places. 2016-08-02 13:36:17 -07:00