CGossipComm Class Reference

#include <gossip_comm.h>

List of all members.

Public Member Functions

 CGossipComm (std::string sFileName)
int Run ()
void StartNetworkThread ()
int SendCommand (const std::string &sCommand)
int SendCommand ()
int FindFile (const std::string &sFile)
bool LoadSubscription ()
const int * GetSocketPair ()

Private Member Functions

int GetSockFd ()
void OnCommandReceived (byte *buffer, size_t length)
void CheckEvent (int iFd)
int SendToGossip (const std::string &sFileName, uint8_t module)
int CreateSocket ()
void FindBootStrapNode ()
int ParseConfig ()
std::string GetString (std::vector< std::string > &vConf, const std::string &sLine)
std::string GetTwoSidedString (std::vector< std::string > &vConf, const std::string &sLine, std::string &sLeft)
void StrTrim (std::string &str) const
bool VerifySignature (const std::string &sFileName)
int PublishCert (const std::string &sCert)
std::string CopyFileToKeyDir (const std::string &sFile)
std::string CopyFileToCommandDir (const std::string &sFile)
std::string MakeAbsPath (const std::string &sPath)
void PublishCACerts ()
std::string GetCAName (const std::string &sCert)
bool FileExistsInKeyDir (const std::string &sFileName)
bool VerifyCA ()
bool CollectCerts (std::string &sFileName)
bool ReverseVerification (bool bVerifyCA=true)
std::string GetPath (const std::string &sFileName)
std::string GetCertificateName (const std::string &sCert)
bool IsSignedByHigherCA (const std::string &sIssuer)
void DeleteFileFromCache (const std::string &sPath)
bool IsSubscribed (const std::string &sFrom)
void GossipAndExecute (const std::string &sFileName, const std::string &sFileToExecute)
bool IsFirstTimeReceived (const std::string &sFile)
int InitSocketPair ()
void ShutdownNetworkThread ()
void BootStrapKadReq (int ip, int port)
uint8_t CheckFileType (const std::string &sFile)
int GetKadBootIPandPort (const std::string &sFile, int &ip, int &port) const
void GetAddrPortFromString (const std::string &sLine, int &ip, int &port) const
bool CheckSelfReceived (const std::string &sFrom) const
int ExtractRunLevel (const std::string &sFrom) const
bool CheckSenderIntigrity (const std::string &sFile, const std::string &sCert)
int LoadPolicyProfile ()
uint8_t CheckModuleType (const std::string &sFile)
int ReportFeedback (const std::string &sFileName, bool bSuccess)

Static Private Member Functions

static void * ThreadCallback (void *arg)

Private Attributes

std::string m_sConfigFile
pthread_t m_Thread
int m_iSockFd
uint32_t m_uGossipIP
uint16_t m_uGossipPort
uint32_t m_uClientIP
uint16_t m_uClientPort
std::string m_sTestCertificate
std::string m_sKeyDir
bool m_bSignEnable
boost::uuids::uuid m_ClientName
std::string m_sClientName
std::map< std::string, std::string > m_packet
std::vector< std::string > m_vCAs
std::vector< std::string > m_vSubscribed
std::string m_sSubscriptionFileName
bool m_bSubscribedAll
std::string m_sTrustedCAName
std::string m_sTrustedCAPath
std::string m_sCommandRepository
std::string m_sLogFileName
std::string m_sCommandFileName
std::map< std::string, std::string > m_cert
CDigiSig m_digisig
std::map< std::string, int > m_ca_in_file
std::set< std::string > m_issuer_set
int m_iTransportProtocol
std::map< std::string, int > m_MessageIDMap
int m_iSockPairFd [2]
bool m_bInit
int m_iBootServerIP
int m_iBootServerPort
std::map< std::string, uint8_t > m_recv_file_types
bool m_bBootstrapEnable
std::map< std::string, std::string > m_UserId
std::string m_sDefaultUserId
std::string m_sClientCertDir
std::string m_sPolicyProfile
std::map< int, std::string > m_ProfileMap
std::map< std::string, uint8_t > m_recv_module_types
bool m_bValidateCert
std::deque< std::string > m_vCert


Detailed Description

Placement of Policy component in TCP/IP stack
c2_system_arch.jpg

C2 System Architecture


Constructor & Destructor Documentation

CGossipComm::CGossipComm ( std::string  sFileName  ) 

Constructor of the CGossipComm class; it takes configuration file name as its argument An example of such configuration file is:

#IP address on which the Communication module is running on.
gossip_ip = localhost
#Port number on which the Communication module is running on.
gossip_port = 7772

#ID of the node; it is a UUID.
client_name = e211d574-48ee-492a-b199-ccd337d61101

# Node's IP and port; Not important, leav as they are.
client_ip = localhost
client_port = 0

#Is digital signature enables? It should be 'yes' always.
digital_sign = yes

#path of the certificate cache directory. In this path, Policy component saves
#all certificates it collects from the p2p network.

certificate_cache_dir = shared_dir

#The node's trusted CA file location.
trusted_ca=keys/76005f60-0fd9-4b08-a6ee-70fdad47a840.pem

#The name of the trusted CA.
trusted_ca_name = 76005f60-0fd9-4b08-a6ee-70fdad47a840

#Gossip can be done with TCP and UDP transport protocol. It should be TCP
#always.

tcp_gossip = yes

#The directory where all gossip messages are stored.
command_store = download

#Log file name where the policy component logs everything.
log_file = log.txt

#Name of the subscription file. If "All" string is found in this file, then 
#commands from any sender node will be executed. If any node ID is specified
#in this file, then only command from that node ID will be executed.
#The file can contain multiple Node ID.

subscription_file = subscription.txt

#The name of the command file which will be sent for sending command.
command_file_name = command.sh

#Should the node collect bootstrap node's ip:port from bootstrap server?
bootstrap_enable = yes

#bootstrap server's ip address.
bootstrap_server_ip = 130.55.115.201

#bootstrap server's port.
bootstrap_server_port = 75670

#Policy component supports multiple user identity. 
# here, list all the user identity. 
# user identity is formatted with the name+sensitivity level.
user_id_1 = e211d574-48ee-492a-b199-ccd337d61101+4
user_id_2 = e211d574-48ee-492a-b199-ccd337d61101+7

#Which id should be the default for sending command?
default_user = user_id_1

#Noed's certificate directory where the private key of the node
#and the trusted certificates are stored.
client_certificate_dir = keys

#Profile file name. In this file name, the sensitivity level and corresponding
#parameters are stored.
policy_profile = profile.txt


Member Function Documentation

void CGossipComm::BootStrapKadReq ( int  ip,
int  port 
) [private]

Once received authenticated IP and port from bootstraping server, policy component asks the Communication module for doing Kademlia Bootstrapping.

bool CGossipComm::CheckSenderIntigrity ( const std::string &  sFile,
const std::string &  sCert 
) [private]

Check whether the sender's name in his certificate and his anounced name in sFrom are same.

bool CGossipComm::CollectCerts ( std::string &  sFileName  )  [private]

From a certificate, if the policy component tries to find the issuer certificate. If the issuer certificate is not found in the certificate cache directore, then it calls FindFile(const std::string&) function.

std::string CGossipComm::CopyFileToCommandDir ( const std::string &  sFile  )  [private]

Copies 'sFile' to the command directory. Generally all command files are stored in this directory.

std::string CGossipComm::CopyFileToKeyDir ( const std::string &  sFile  )  [private]

Copies 'sFile' to the Key directory and returns the path of the copied file. The name of the key directory is specified in the configuration file. Key directory generally means a certificate cache directory.

int CGossipComm::CreateSocket (  )  [private]

A TCP socket is created to talk to the Communication module.

int CGossipComm::ExtractRunLevel ( const std::string &  sFrom  )  const [private]

Find the sensitivity level from the sender's name.

void CGossipComm::FindBootStrapNode (  )  [private]

Bootstrap node's IP and port can be known from the central bootstrap server. To find such a bootstrap IP and port, the function asks the Communication module to communicate with the bootstrap server and receive ip and port.

int CGossipComm::FindFile ( const std::string &  sFile  ) 

Asks Communication module for finding sFile using Kademlia protocol.

const int* CGossipComm::GetSocketPair (  )  [inline]

A socket pair is created to communicate between the main thread and the network thread. If the main thread exists, it writes shutdown on this socket pair so that network thread shutdowns and thus a graceful shutdown takes place.

void CGossipComm::GossipAndExecute ( const std::string &  sFileName,
const std::string &  sFileToExecute 
) [private]

If verification is successfull, then policy component gossips the command by sending the signed file to the Communication component and Executes the command if the command has arrived for the first time.

bool CGossipComm::IsSignedByHigherCA ( const std::string &  sIssuer  )  [private]

Checks if the Issuer name is the trusted higher CA or not.

bool CGossipComm::IsSubscribed ( const std::string &  sFrom  )  [private]

Checks whether the policy component has subscribed to the sFrom.

int CGossipComm::LoadPolicyProfile (  )  [private]

Load the policy profile which gives a map between the sensitivity level and the corresponding parameter.

bool CGossipComm::LoadSubscription (  ) 

Loads the subscription file in the run time. The name of the subscription file is specified in the configuration file. The module will execute commands which are from the nodes listed in the subscription file. If "All" is specified in the subscription file, then all commands will be executed regardless of the senders.

int CGossipComm::ParseConfig (  )  [private]

Parses the configuration file. Returns -1 if there is an error in the configuration file.

void CGossipComm::PublishCACerts (  )  [private]

Asks the Communication module to publish CA certificates. It is usefull to publish any CA certificates.

int CGossipComm::PublishCert ( const std::string &  sCert  )  [private]

Asks Communication module to publish the file sCert in the p2p network.

int CGossipComm::ReportFeedback ( const std::string &  sFileName,
bool  bSuccess 
) [private]

If a certificate is received, it is also sent back to the communication component. this is necessary only for pollution attack robustness technique.

bool CGossipComm::ReverseVerification ( bool  bVerifyCA = true  )  [private]

After receiving all relevent certificates, it verifies the whole certificate chain. Returns true if verification becomes successfull.

int CGossipComm::Run (  ) 

Main method for running this policy module. Returns -1 if it is unable to run for configuration error in the configuration file.

int CGossipComm::SendCommand (  ) 

It calls int SendCommand(const std::string& sCommand) by putting m_sCommandFileName as its argument. Returns -1 if fails.

int CGossipComm::SendCommand ( const std::string &  sCommand  ) 

Sends the command written the file sCommand to the Communication module. Before sending the command, it signs the command file using SMIME. For signing, private key and the certificate are required which are searched to the location specified in the configuration file. Returns -1 if fails.

int CGossipComm::SendToGossip ( const std::string &  sFileName,
uint8_t  module 
) [private]

sFileName file is sent to the Communication module for gossiping. module refers to the corresponding module such as MULTICAST or GOSSIP etc.

void CGossipComm::StartNetworkThread (  ) 

Runs the network thread; The thread waits for any communication from the Communication module.

void * CGossipComm::ThreadCallback ( void *  arg  )  [static, private]

Main function that is run by the network thread.

bool CGossipComm::VerifyCA (  )  [private]

Verifies a certificate in the certificate chain. Returns false if varification fails.

bool CGossipComm::VerifySignature ( const std::string &  sFileName  )  [private]

Verifies SMIME signature in the sFileName file.


Member Data Documentation

boost::uuids::uuid CGossipComm::m_ClientName [private]

The node's Identity

CDigiSig CGossipComm::m_digisig [private]

An object for Openssl interface for SMIME authentication.

int CGossipComm::m_iTransportProtocol [private]

Supports both TCP and UDP gossip. If UDP gossip, then does not attach the senders certificate in the SMIME message.

std::map<std::string, std::string> CGossipComm::m_packet [private]

A Map for certificate name and its issuer name relationship.

std::map<int,std::string> CGossipComm::m_ProfileMap [private]

Maps the sensitivity level and corresponding parameter in the profile.

std::string CGossipComm::m_sConfigFile [private]

Configuration file name

std::string CGossipComm::m_sKeyDir [private]

Certificate cache directory.

std::string CGossipComm::m_sTrustedCAName [private]

Name of the trusted CA.

std::string CGossipComm::m_sTrustedCAPath [private]

Path of the trusted CA file.

uint32_t CGossipComm::m_uGossipIP [private]

The IP address on which Communication module is listening.

uint16_t CGossipComm::m_uGossipPort [private]

The port on which Communication module is listening.

std::vector<std::string> CGossipComm::m_vCAs [private]

Vector for CA chain hierarchy.


The documentation for this class was generated from the following files:
Generated on Thu Sep 16 11:29:42 2010 for Policy Component by  doxygen 1.4.7