diff --git a/src/Val.cc b/src/Val.cc index 35233e9056..ed4ca40e14 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -1787,7 +1787,16 @@ Val* TableVal::Lookup(Val* index, bool use_default_val) { TableEntryVal* v = (TableEntryVal*) subnets->Lookup(index); if ( v ) + { + if ( attrs && attrs->FindAttr(ATTR_EXPIRE_READ) ) + { + v->SetExpireAccess(network_time); + if ( LoggingAccess() && expire_time ) + ReadOperation(index, v); + } + return v->Value() ? v->Value() : this; + } if ( ! use_default_val ) return 0; @@ -1810,9 +1819,7 @@ Val* TableVal::Lookup(Val* index, bool use_default_val) if ( v ) { - if ( attrs && - ! (attrs->FindAttr(ATTR_EXPIRE_WRITE) || - attrs->FindAttr(ATTR_EXPIRE_CREATE)) ) + if ( attrs && attrs->FindAttr(ATTR_EXPIRE_READ) ) { v->SetExpireAccess(network_time); if ( LoggingAccess() && expire_time ) @@ -1836,7 +1843,7 @@ Val* TableVal::Lookup(Val* index, bool use_default_val) VectorVal* TableVal::LookupSubnets(const SubNetVal* search) { if ( ! subnets ) - reporter->InternalError("LookupSubnets called on wrong table type"); + reporter->InternalError("LookupSubnets called on wrong table type"); VectorVal* result = new VectorVal(internal_type("subnet_vec")->AsVectorType()); @@ -1853,7 +1860,7 @@ VectorVal* TableVal::LookupSubnets(const SubNetVal* search) TableVal* TableVal::LookupSubnetValues(const SubNetVal* search) { if ( ! subnets ) - reporter->InternalError("LookupSubnetValues called on wrong table type"); + reporter->InternalError("LookupSubnetValues called on wrong table type"); TableVal* nt = new TableVal(this->Type()->Ref()->AsTableType()); @@ -1870,9 +1877,12 @@ TableVal* TableVal::LookupSubnetValues(const SubNetVal* search) if ( entry ) { - entry->SetExpireAccess(network_time); - if ( LoggingAccess() && attrs->FindAttr(ATTR_EXPIRE_READ) ) - ReadOperation(s, entry); + if ( attrs && attrs->FindAttr(ATTR_EXPIRE_READ) ) + { + entry->SetExpireAccess(network_time); + if ( LoggingAccess() && expire_time ) + ReadOperation(s, entry); + } } Unref(s); // assign does not consume index @@ -2526,7 +2536,7 @@ bool TableVal::DoUnserialize(UnserialInfo* info) } // If necessary, activate the expire timer. - if ( attrs) + if ( attrs ) { CheckExpireAttr(ATTR_EXPIRE_READ); CheckExpireAttr(ATTR_EXPIRE_WRITE); diff --git a/testing/btest/Baseline/language.expire_subnet/output b/testing/btest/Baseline/language.expire_subnet/output new file mode 100644 index 0000000000..70ca3943cb --- /dev/null +++ b/testing/btest/Baseline/language.expire_subnet/output @@ -0,0 +1,27 @@ +All: +0 --> zero +2 --> two +4 --> four +1 --> one +3 --> three +192.168.3.0/24 --> three +192.168.0.0/16 --> zero +192.168.4.0/24 --> four +192.168.1.0/24 --> one +192.168.2.0/24 --> two +Time: 0 secs + +Accessed table nums: two; three +Accessed table nets: two; three, zero +Time: 7.0 secs 518.0 msecs 828.0 usecs + +Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.0 usecs +Expired Num: 4 --> four at 8.0 secs 835.0 msecs 30.0 usecs +Expired Num: 1 --> one at 8.0 secs 835.0 msecs 30.0 usecs +Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.0 usecs +Expired Subnet: 192.168.1.0/24 --> one at 8.0 secs 835.0 msecs 30.0 usecs +Expired Num: 2 --> two at 15.0 secs 150.0 msecs 681.0 usecs +Expired Num: 3 --> three at 15.0 secs 150.0 msecs 681.0 usecs +Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.0 usecs +Expired Subnet: 192.168.0.0/16 --> zero at 15.0 secs 150.0 msecs 681.0 usecs +Expired Subnet: 192.168.2.0/24 --> two at 15.0 secs 150.0 msecs 681.0 usecs diff --git a/testing/btest/language/expire_subnet.test b/testing/btest/language/expire_subnet.test new file mode 100644 index 0000000000..12d5e56b5a --- /dev/null +++ b/testing/btest/language/expire_subnet.test @@ -0,0 +1,96 @@ +# @TEST-EXEC: bro -C -r $TRACES/var-services-std-ports.trace %INPUT >output +# @TEST-EXEC: btest-diff output + +redef table_expire_interval = 1sec; + +global start_time: time; + +function time_past(): interval + { + return network_time() - start_time; + } + +function expire_nums(tbl: table[count] of string, idx: count): interval + { + print fmt("Expired Num: %s --> %s at %s", idx, tbl[idx], time_past()); + return 0sec; + } + +function expire_nets(tbl: table[subnet] of string, idx: subnet): interval + { + print fmt("Expired Subnet: %s --> %s at %s", idx, tbl[idx], time_past()); + return 0sec; + } + +global nums: table[count] of string &read_expire=8sec &expire_func=expire_nums; +global nets: table[subnet] of string &read_expire=8sec &expire_func=expire_nets; +global step: count; + +### Test ### + +function execute_test() + { + local num_a = nums[2]; + local num_b = nums[3]; + + local net_a = nets[192.168.2.0/24]; + #local net_b = nets[192.168.3.0/24]; + local nets_b = ""; + local nets_b_tbl: table[subnet] of string; + + nets_b_tbl = filter_subnet_table(192.168.3.0/24, nets); + for ( idx in nets_b_tbl ) + nets_b += cat(", ", nets_b_tbl[idx]); + nets_b = nets_b[2:]; + + # writing resets expire as expected + #nets[192.168.2.0/24] = "accessed"; + #nets[192.168.3.0/24] = "accessed"; + + print fmt("Accessed table nums: %s; %s", num_a, num_b); + print fmt("Accessed table nets: %s; %s", net_a, nets_b); + print fmt("Time: %s", time_past()); + print ""; + } + +### Events ### + +event bro_init() + { + step = 0; + + nums[0] = "zero"; + nums[1] = "one"; + nums[2] = "two"; + nums[3] = "three"; + nums[4] = "four"; + + nets[192.168.0.0/16] = "zero"; + nets[192.168.1.0/24] = "one"; + nets[192.168.2.0/24] = "two"; + nets[192.168.3.0/24] = "three"; + nets[192.168.4.0/24] = "four"; + } + +event new_packet(c: connection, p: pkt_hdr) + { + if ( step == 0 ) + { + ++step; + start_time = network_time(); + + print "All:"; + for ( num in nums ) + print fmt("%s --> %s", num, nums[num]); + for ( net in nets ) + print fmt("%s --> %s", net, nets[net]); + print fmt("Time: %s", time_past()); + print ""; + } + + if ( (time_past() > 7sec) && (step == 1) ) + { + ++step; + execute_test(); + } + }