From 03532ff051273e5992abfd5e396870c9baa37e23 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Fri, 28 Sep 2012 16:38:34 -0400
Subject: [PATCH] Fixing a problem with intel distribution on clusters.

---
 scripts/base/frameworks/intel/__load__.bro |  1 +
 scripts/base/frameworks/intel/cluster.bro  | 21 +++++++++++++++++++++
 scripts/base/frameworks/intel/main.bro     |  2 +-
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/scripts/base/frameworks/intel/__load__.bro b/scripts/base/frameworks/intel/__load__.bro
index 806159d938..08d0f62222 100644
--- a/scripts/base/frameworks/intel/__load__.bro
+++ b/scripts/base/frameworks/intel/__load__.bro
@@ -3,6 +3,7 @@
 
 # The cluster framework must be loaded first.
 @load base/frameworks/cluster
+
 @if ( Cluster::is_enabled() )
 @load ./cluster
 @endif
diff --git a/scripts/base/frameworks/intel/cluster.bro b/scripts/base/frameworks/intel/cluster.bro
index ec1601fed3..de6e0dc6be 100644
--- a/scripts/base/frameworks/intel/cluster.bro
+++ b/scripts/base/frameworks/intel/cluster.bro
@@ -2,6 +2,7 @@
 ##! toward distributing intelligence information across clusters.
 
 @load base/frameworks/cluster
+@load ./input
 
 module Intel;
 
@@ -25,11 +26,31 @@ redef Cluster::manager2worker_events += /^Intel::cluster_.*$/;
 # If a worker finds intelligence and adds it, it should share it back to the manager.
 redef Cluster::worker2manager_events += /^Intel::(cluster_.*|match_no_items)$/;
 
+@if ( Cluster::local_node_type() != Cluster::MANAGER )
+redef Intel::data_store &synchronized;
+@endif
+
 @if ( Cluster::local_node_type() == Cluster::MANAGER )
 event Intel::match_no_items(s: Seen) &priority=5
 	{
 	event Intel::match(s, Intel::get_items(s));
 	}
+
+global initial_sync = F;
+event remote_connection_handshake_done(p: event_peer)
+	{
+	# Insert the data once something is connected.
+	# This should only push the data to a single host where the 
+	# normal Bro synchronization should take over.
+	if ( ! initial_sync )
+		{
+		initial_sync = T;
+		for ( net in data_store$net_data )
+			event Intel::cluster_new_item([$net=net, $meta=[$source=""]]);
+		for ( [str, str_type] in data_store$string_data )
+			event Intel::cluster_new_item([$str=str, $str_type=str_type, $meta=[$source=""]]);
+		}
+	}
 @endif
 
 event Intel::cluster_new_item(item: Intel::Item) &priority=5
diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro
index 465c98f644..b169592a06 100644
--- a/scripts/base/frameworks/intel/main.bro
+++ b/scripts/base/frameworks/intel/main.bro
@@ -126,7 +126,7 @@ type DataStore: record {
 	net_data:    table[subnet] of set[MetaData];
 	string_data: table[string, StrType] of set[MetaData];
 };
-global data_store: DataStore;
+global data_store: DataStore &redef;
 
 event bro_init() &priority=5
 	{