Merge branch 'topic/johanna/filter_subnet_table' of https://github.com/J-Gras/bro into topic/johanna/filter_subnet_table

* 'topic/johanna/filter_subnet_table' of https://github.com/J-Gras/bro:
  Fixed &read_expire for subnet-indexed tables
  Added &read_expire testcase for subnet tables

Includes a bit of refactoring of commit code & code related to the
feature.

src/Val.cc

@@ -1787,7 +1787,16 @@ Val* TableVal::Lookup(Val* index, bool use_default_val)
 		{
 		TableEntryVal* v = (TableEntryVal*) subnets->Lookup(index);
 		if ( v )
+			{
+			if ( attrs && attrs->FindAttr(ATTR_EXPIRE_READ) )
+					{
+					v->SetExpireAccess(network_time);
+					if ( LoggingAccess() && expire_time )
+						ReadOperation(index, v);
+					}
+
 			return v->Value() ? v->Value() : this;
+			}
 
 		if ( ! use_default_val )
 			return 0;
@@ -1810,9 +1819,7 @@ Val* TableVal::Lookup(Val* index, bool use_default_val)
 
 			if ( v )
 				{
-				if ( attrs &&
-				     ! (attrs->FindAttr(ATTR_EXPIRE_WRITE) ||
-					attrs->FindAttr(ATTR_EXPIRE_CREATE)) )
+				if ( attrs && attrs->FindAttr(ATTR_EXPIRE_READ) )
 					{
 					v->SetExpireAccess(network_time);
 					if ( LoggingAccess() && expire_time )
@@ -1836,7 +1843,7 @@ Val* TableVal::Lookup(Val* index, bool use_default_val)
 VectorVal* TableVal::LookupSubnets(const SubNetVal* search)
 	{
 	if ( ! subnets )
-			reporter->InternalError("LookupSubnets called on wrong table type");
+		reporter->InternalError("LookupSubnets called on wrong table type");
 
 	VectorVal* result = new VectorVal(internal_type("subnet_vec")->AsVectorType());
 
@@ -1853,7 +1860,7 @@ VectorVal* TableVal::LookupSubnets(const SubNetVal* search)
 TableVal* TableVal::LookupSubnetValues(const SubNetVal* search)
 	{
 	if ( ! subnets )
-			reporter->InternalError("LookupSubnetValues called on wrong table type");
+		reporter->InternalError("LookupSubnetValues called on wrong table type");
 
 	TableVal* nt = new TableVal(this->Type()->Ref()->AsTableType());
 
@@ -1870,9 +1877,12 @@ TableVal* TableVal::LookupSubnetValues(const SubNetVal* search)
 
 		if ( entry )
 			{
-			entry->SetExpireAccess(network_time);
-			if ( LoggingAccess() && attrs->FindAttr(ATTR_EXPIRE_READ) )
-				ReadOperation(s, entry);
+			if ( attrs && attrs->FindAttr(ATTR_EXPIRE_READ) )
+				{
+				entry->SetExpireAccess(network_time);
+				if ( LoggingAccess() && expire_time )
+					ReadOperation(s, entry);
+				}
 			}
 
 		Unref(s); // assign does not consume index
@@ -2526,7 +2536,7 @@ bool TableVal::DoUnserialize(UnserialInfo* info)
 		}
 
 	// If necessary, activate the expire timer.
-	if ( attrs)
+	if ( attrs )
 		{
 		CheckExpireAttr(ATTR_EXPIRE_READ);
 		CheckExpireAttr(ATTR_EXPIRE_WRITE);

testing/btest/Baseline/language.expire_subnet/output

@@ -0,0 +1,27 @@
+All:
+0 --> zero
+2 --> two
+4 --> four
+1 --> one
+3 --> three
+192.168.3.0/24 --> three
+192.168.0.0/16 --> zero
+192.168.4.0/24 --> four
+192.168.1.0/24 --> one
+192.168.2.0/24 --> two
+Time: 0 secs
+
+Accessed table nums: two; three
+Accessed table nets: two; three, zero
+Time: 7.0 secs 518.0 msecs 828.0 usecs
+
+Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Num: 4 --> four at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Num: 1 --> one at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Subnet: 192.168.1.0/24 --> one at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Num: 2 --> two at 15.0 secs 150.0 msecs 681.0 usecs
+Expired Num: 3 --> three at 15.0 secs 150.0 msecs 681.0 usecs
+Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.0 usecs
+Expired Subnet: 192.168.0.0/16 --> zero at 15.0 secs 150.0 msecs 681.0 usecs
+Expired Subnet: 192.168.2.0/24 --> two at 15.0 secs 150.0 msecs 681.0 usecs

testing/btest/language/expire_subnet.test

@@ -0,0 +1,96 @@
+# @TEST-EXEC: bro -C -r $TRACES/var-services-std-ports.trace %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+redef table_expire_interval = 1sec;
+
+global start_time: time;
+
+function time_past(): interval
+	{
+	return network_time() - start_time;
+	}
+
+function expire_nums(tbl: table[count] of string, idx: count): interval
+	{
+	print fmt("Expired Num: %s --> %s at %s", idx, tbl[idx], time_past());
+	return 0sec;
+	}
+
+function expire_nets(tbl: table[subnet] of string, idx: subnet): interval
+	{
+	print fmt("Expired Subnet: %s --> %s at %s", idx, tbl[idx], time_past());
+	return 0sec;
+	}
+
+global nums: table[count] of string &read_expire=8sec &expire_func=expire_nums;
+global nets: table[subnet] of string &read_expire=8sec &expire_func=expire_nets;
+global step: count;
+
+### Test ###
+
+function execute_test()
+	{
+	local num_a = nums[2];
+	local num_b = nums[3];
+
+	local net_a = nets[192.168.2.0/24];
+	#local net_b = nets[192.168.3.0/24];
+	local nets_b = "";
+	local nets_b_tbl: table[subnet] of string;
+
+	nets_b_tbl = filter_subnet_table(192.168.3.0/24, nets);
+	for ( idx in nets_b_tbl )
+		nets_b += cat(", ", nets_b_tbl[idx]);
+	nets_b = nets_b[2:];
+	
+	# writing resets expire as expected
+	#nets[192.168.2.0/24] = "accessed";
+	#nets[192.168.3.0/24] = "accessed";
+
+	print fmt("Accessed table nums: %s; %s", num_a, num_b);
+	print fmt("Accessed table nets: %s; %s", net_a, nets_b);
+	print fmt("Time: %s", time_past());
+	print "";
+	}
+
+### Events ###
+
+event bro_init()
+	{
+	step = 0;
+
+	nums[0] = "zero";
+	nums[1] = "one";
+	nums[2] = "two";
+	nums[3] = "three";
+	nums[4] = "four";
+
+	nets[192.168.0.0/16] = "zero";
+	nets[192.168.1.0/24] = "one";
+	nets[192.168.2.0/24] = "two";
+	nets[192.168.3.0/24] = "three";
+	nets[192.168.4.0/24] = "four";
+	}
+
+event new_packet(c: connection, p: pkt_hdr)
+	{
+	if ( step == 0 )
+		{
+		++step;
+		start_time = network_time();
+
+		print "All:";
+		for ( num in nums )
+			print fmt("%s --> %s", num, nums[num]);
+		for ( net in nets )
+			print fmt("%s --> %s", net, nets[net]);
+		print fmt("Time: %s", time_past());
+		print "";
+		}
+
+	if ( (time_past() > 7sec) && (step == 1) )
+		{
+		++step;
+		execute_test();
+		}
+	}