mirror of
https://github.com/zeek/zeek.git
synced 2025-10-13 03:58:20 +00:00
Rename Pacf to NetControl
This commit is contained in:
Johanna Amann
parent
eb9fbd1258
commit
0e213352d7
61 changed files with 498 additions and 498 deletions
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
@TEST-START-FILE send.bro
|
||||
|
||||
@load base/frameworks/pacf
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
const broker_port: port &redef;
|
||||
redef exit_only_after_terminate = T;
|
||||
|
|
@ -17,8 +17,8 @@ redef exit_only_after_terminate = T;
|
|||
event bro_init()
|
||||
{
|
||||
suspend_processing();
|
||||
local pacf_acld = Pacf::create_acld(Pacf::AcldConfig($acld_host=127.0.0.1, $acld_port=broker_port, $acld_topic="bro/event/pacftest"));
|
||||
Pacf::activate(pacf_acld, 0);
|
||||
local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=broker_port, $acld_topic="bro/event/netcontroltest"));
|
||||
NetControl::activate(netcontrol_acld, 0);
|
||||
}
|
||||
|
||||
event BrokerComm::outgoing_connection_established(peer_address: string,
|
||||
|
|
@ -39,31 +39,31 @@ event connection_established(c: connection)
|
|||
{
|
||||
local id = c$id;
|
||||
|
||||
local flow1 = Pacf::Flow(
|
||||
local flow1 = NetControl::Flow(
|
||||
$src_h=addr_to_subnet(c$id$orig_h),
|
||||
$dst_h=addr_to_subnet(c$id$resp_h)
|
||||
);
|
||||
local e1: Pacf::Entity = [$ty=Pacf::FLOW, $flow=flow1];
|
||||
local r1: Pacf::Rule = [$ty=Pacf::DROP, $target=Pacf::FORWARD, $entity=e1, $expire=10hrs, $location="here"];
|
||||
local e1: NetControl::Entity = [$ty=NetControl::FLOW, $flow=flow1];
|
||||
local r1: NetControl::Rule = [$ty=NetControl::DROP, $target=NetControl::FORWARD, $entity=e1, $expire=10hrs, $location="here"];
|
||||
|
||||
local flow2 = Pacf::Flow(
|
||||
local flow2 = NetControl::Flow(
|
||||
$dst_p=c$id$resp_p
|
||||
);
|
||||
local e2: Pacf::Entity = [$ty=Pacf::FLOW, $flow=flow2];
|
||||
local r2: Pacf::Rule = [$ty=Pacf::DROP, $target=Pacf::FORWARD, $entity=e2, $expire=10hrs, $location="here"];
|
||||
local e2: NetControl::Entity = [$ty=NetControl::FLOW, $flow=flow2];
|
||||
local r2: NetControl::Rule = [$ty=NetControl::DROP, $target=NetControl::FORWARD, $entity=e2, $expire=10hrs, $location="here"];
|
||||
|
||||
Pacf::add_rule(r1);
|
||||
Pacf::add_rule(r2);
|
||||
Pacf::drop_address(id$orig_h, 10hrs);
|
||||
NetControl::add_rule(r1);
|
||||
NetControl::add_rule(r2);
|
||||
NetControl::drop_address(id$orig_h, 10hrs);
|
||||
}
|
||||
|
||||
event Pacf::rule_added(r: Pacf::Rule, p: Pacf::PluginState, msg: string)
|
||||
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
|
||||
{
|
||||
print "rule added", r;
|
||||
Pacf::remove_rule(r$id);
|
||||
NetControl::remove_rule(r$id);
|
||||
}
|
||||
|
||||
event Pacf::rule_removed(r: Pacf::Rule, p: Pacf::PluginState, msg: string)
|
||||
event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
|
||||
{
|
||||
print "rule removed", r;
|
||||
}
|
||||
|
|
@ -72,7 +72,7 @@ event Pacf::rule_removed(r: Pacf::Rule, p: Pacf::PluginState, msg: string)
|
|||
|
||||
@TEST-START-FILE recv.bro
|
||||
|
||||
@load base/frameworks/pacf
|
||||
@load base/frameworks/netcontrol
|
||||
@load base/frameworks/broker
|
||||
|
||||
const broker_port: port &redef;
|
||||
|
|
@ -81,7 +81,7 @@ redef exit_only_after_terminate = T;
|
|||
event bro_init()
|
||||
{
|
||||
BrokerComm::enable();
|
||||
BrokerComm::subscribe_to_events("bro/event/pacftest");
|
||||
BrokerComm::subscribe_to_events("bro/event/netcontroltest");
|
||||
BrokerComm::listen(broker_port, "127.0.0.1");
|
||||
}
|
||||
|
||||
|
|
@ -90,18 +90,18 @@ event BrokerComm::incoming_connection_established(peer_name: string)
|
|||
print "BrokerComm::incoming_connection_established";
|
||||
}
|
||||
|
||||
event Pacf::acld_add_rule(id: count, r: Pacf::Rule, ar: Pacf::AclRule)
|
||||
event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
|
||||
{
|
||||
print "add_rule", id, r, ar;
|
||||
|
||||
BrokerComm::event("bro/event/pacftest", BrokerComm::event_args(Pacf::acld_rule_added, id, r, ar$command));
|
||||
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_added, id, r, ar$command));
|
||||
}
|
||||
|
||||
event Pacf::acld_remove_rule(id: count, r: Pacf::Rule, ar: Pacf::AclRule)
|
||||
event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
|
||||
{
|
||||
print "remove_rule", id, r, ar;
|
||||
|
||||
BrokerComm::event("bro/event/pacftest", BrokerComm::event_args(Pacf::acld_rule_removed, id, r, ar$command));
|
||||
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_removed, id, r, ar$command));
|
||||
|
||||
if ( r$cid == 4 )
|
||||
terminate();
|
||||
|
|
@ -6,7 +6,7 @@
|
|||
# @TEST-EXEC: sleep 1
|
||||
# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT"
|
||||
# @TEST-EXEC: btest-bg-wait 20
|
||||
# @TEST-EXEC: btest-diff manager-1/pacf.log
|
||||
# @TEST-EXEC: btest-diff manager-1/netcontrol.log
|
||||
# @TEST-EXEC: btest-diff worker-1/.stdout
|
||||
# @TEST-EXEC: btest-diff worker-2/.stdout
|
||||
|
||||
|
|
@ -21,19 +21,19 @@ redef Cluster::nodes = {
|
|||
redef Log::default_rotation_interval = 0secs;
|
||||
#redef exit_only_after_terminate = T;
|
||||
|
||||
@load base/frameworks/pacf
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local pacf_debug = Pacf::create_debug(T);
|
||||
Pacf::activate(pacf_debug, 0);
|
||||
local netcontrol_debug = NetControl::create_debug(T);
|
||||
NetControl::activate(netcontrol_debug, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
Pacf::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
|
||||
Pacf::drop_address(id$orig_h, 15sec);
|
||||
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
|
||||
NetControl::drop_address(id$orig_h, 15sec);
|
||||
}
|
||||
|
||||
event terminate_me() {
|
||||
|
|
@ -44,7 +44,7 @@ event remote_connection_closed(p: event_peer) {
|
|||
schedule 1sec { terminate_me() };
|
||||
}
|
||||
|
||||
event Pacf::rule_added(r: Pacf::Rule, p: Pacf::PluginState, msg: string &default="")
|
||||
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string &default="")
|
||||
{
|
||||
print "Rule added", r$id, r$cid;
|
||||
}
|
||||
20
testing/btest/scripts/base/frameworks/netcontrol/basic.bro
Normal file
20
testing/btest/scripts/base/frameworks/netcontrol/basic.bro
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stdout
|
||||
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local netcontrol_debug = NetControl::create_debug(T);
|
||||
NetControl::activate(netcontrol_debug, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
|
||||
NetControl::drop_address(id$orig_h, 15sec);
|
||||
NetControl::whitelist_address(id$orig_h, 15sec);
|
||||
NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 30sec);
|
||||
}
|
||||
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
@TEST-START-FILE send.bro
|
||||
|
||||
@load base/frameworks/pacf
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
const broker_port: port &redef;
|
||||
redef exit_only_after_terminate = T;
|
||||
|
|
@ -17,8 +17,8 @@ redef exit_only_after_terminate = T;
|
|||
event bro_init()
|
||||
{
|
||||
suspend_processing();
|
||||
local pacf_broker = Pacf::create_broker(127.0.0.1, broker_port, "bro/event/pacftest", T);
|
||||
Pacf::activate(pacf_broker, 0);
|
||||
local netcontrol_broker = NetControl::create_broker(127.0.0.1, broker_port, "bro/event/netcontroltest", T);
|
||||
NetControl::activate(netcontrol_broker, 0);
|
||||
}
|
||||
|
||||
event BrokerComm::outgoing_connection_established(peer_address: string,
|
||||
|
|
@ -38,22 +38,22 @@ event BrokerComm::outgoing_connection_broken(peer_address: string,
|
|||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
Pacf::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 10hrs);
|
||||
Pacf::drop_address(id$orig_h, 10hrs);
|
||||
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 10hrs);
|
||||
NetControl::drop_address(id$orig_h, 10hrs);
|
||||
}
|
||||
|
||||
event Pacf::rule_added(r: Pacf::Rule, p: Pacf::PluginState, msg: string)
|
||||
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
|
||||
{
|
||||
print "rule added", r;
|
||||
Pacf::remove_rule(r$id);
|
||||
NetControl::remove_rule(r$id);
|
||||
}
|
||||
|
||||
event Pacf::rule_removed(r: Pacf::Rule, p: Pacf::PluginState, msg: string)
|
||||
event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
|
||||
{
|
||||
print "rule removed", r;
|
||||
}
|
||||
|
||||
event Pacf::rule_timeout(r: Pacf::Rule, i: Pacf::FlowInfo, p: Pacf::PluginState)
|
||||
event NetControl::rule_timeout(r: NetControl::Rule, i: NetControl::FlowInfo, p: NetControl::PluginState)
|
||||
{
|
||||
print "rule timeout", r, i;
|
||||
}
|
||||
|
|
@ -62,7 +62,7 @@ event Pacf::rule_timeout(r: Pacf::Rule, i: Pacf::FlowInfo, p: Pacf::PluginState)
|
|||
|
||||
@TEST-START-FILE recv.bro
|
||||
|
||||
@load base/frameworks/pacf
|
||||
@load base/frameworks/netcontrol
|
||||
@load base/frameworks/broker
|
||||
|
||||
const broker_port: port &redef;
|
||||
|
|
@ -71,7 +71,7 @@ redef exit_only_after_terminate = T;
|
|||
event bro_init()
|
||||
{
|
||||
BrokerComm::enable();
|
||||
BrokerComm::subscribe_to_events("bro/event/pacftest");
|
||||
BrokerComm::subscribe_to_events("bro/event/netcontroltest");
|
||||
BrokerComm::listen(broker_port, "127.0.0.1");
|
||||
}
|
||||
|
||||
|
|
@ -80,19 +80,19 @@ event BrokerComm::incoming_connection_established(peer_name: string)
|
|||
print "BrokerComm::incoming_connection_established";
|
||||
}
|
||||
|
||||
event Pacf::broker_add_rule(id: count, r: Pacf::Rule)
|
||||
event NetControl::broker_add_rule(id: count, r: NetControl::Rule)
|
||||
{
|
||||
print "add_rule", id, r;
|
||||
|
||||
BrokerComm::event("bro/event/pacftest", BrokerComm::event_args(Pacf::broker_rule_added, id, r, ""));
|
||||
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_added, id, r, ""));
|
||||
}
|
||||
|
||||
event Pacf::broker_remove_rule(id: count, r: Pacf::Rule)
|
||||
event NetControl::broker_remove_rule(id: count, r: NetControl::Rule)
|
||||
{
|
||||
print "remove_rule", id, r;
|
||||
|
||||
BrokerComm::event("bro/event/pacftest", BrokerComm::event_args(Pacf::broker_rule_timeout, id, r, Pacf::FlowInfo()));
|
||||
BrokerComm::event("bro/event/pacftest", BrokerComm::event_args(Pacf::broker_rule_removed, id, r, ""));
|
||||
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo()));
|
||||
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_removed, id, r, ""));
|
||||
|
||||
if ( r$cid == 3 )
|
||||
terminate();
|
||||
|
|
@ -1,23 +1,23 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff pacf.log
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stdout
|
||||
|
||||
@load base/frameworks/pacf
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local pacf_debug = Pacf::create_debug(T);
|
||||
Pacf::activate(pacf_debug, 0);
|
||||
local netcontrol_debug = NetControl::create_debug(T);
|
||||
NetControl::activate(netcontrol_debug, 0);
|
||||
}
|
||||
|
||||
module Pacf;
|
||||
module NetControl;
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
Pacf::drop_address_catch_release(id$orig_h);
|
||||
NetControl::drop_address_catch_release(id$orig_h);
|
||||
# second one should be ignored because duplicate
|
||||
Pacf::drop_address_catch_release(id$orig_h);
|
||||
NetControl::drop_address_catch_release(id$orig_h);
|
||||
|
||||
# mean call directly into framework - simulate new connection
|
||||
delete current_blocks[id$orig_h];
|
||||
27
testing/btest/scripts/base/frameworks/netcontrol/hook.bro
Normal file
27
testing/btest/scripts/base/frameworks/netcontrol/hook.bro
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff netcontrol.log
|
||||
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local netcontrol_debug = NetControl::create_debug(T);
|
||||
NetControl::activate(netcontrol_debug, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
|
||||
NetControl::drop_address(id$orig_h, 15sec);
|
||||
NetControl::whitelist_address(id$orig_h, 15sec);
|
||||
NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 30sec);
|
||||
}
|
||||
|
||||
hook NetControl::rule_policy(r: NetControl::Rule)
|
||||
{
|
||||
if ( r$expire == 15sec )
|
||||
break;
|
||||
|
||||
r$entity$flow$src_h = 0.0.0.0/0;
|
||||
}
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log
|
||||
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local netcontrol_debug = NetControl::create_debug(T);
|
||||
local netcontrol_debug_2 = NetControl::create_debug(T);
|
||||
local of_controller = OpenFlow::log_new(42);
|
||||
local netcontrol_of = NetControl::create_openflow(of_controller);
|
||||
NetControl::activate(netcontrol_debug, 10);
|
||||
NetControl::activate(netcontrol_of, 10);
|
||||
NetControl::activate(netcontrol_debug_2, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
|
||||
NetControl::drop_address(id$orig_h, 15sec);
|
||||
NetControl::whitelist_address(id$orig_h, 15sec);
|
||||
NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 30sec);
|
||||
}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff netcontrol.log
|
||||
# @TEST-EXEC: btest-diff openflow.log
|
||||
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
global of_controller: OpenFlow::Controller;
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
of_controller = OpenFlow::log_new(42);
|
||||
local netcontrol_of = NetControl::create_openflow(of_controller);
|
||||
NetControl::activate(netcontrol_of, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
|
||||
NetControl::drop_address(id$orig_h, 15sec);
|
||||
}
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local netcontrol_packetfilter = NetControl::create_packetfilter();
|
||||
NetControl::activate(netcontrol_packetfilter, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local e = NetControl::Entity($ty=NetControl::ADDRESS, $ip=addr_to_subnet(c$id$orig_h));
|
||||
local r = NetControl::Rule($ty=NetControl::DROP, $target=NetControl::MONITOR, $entity=e, $expire=10min);
|
||||
|
||||
NetControl::add_rule(r);
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff netcontrol.log
|
||||
# @TEST-EXEC: btest-diff openflow.log
|
||||
|
||||
@load base/frameworks/netcontrol
|
||||
|
||||
global of_controller: OpenFlow::Controller;
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
of_controller = OpenFlow::log_new(42);
|
||||
local netcontrol_of = NetControl::create_openflow(of_controller);
|
||||
NetControl::activate(netcontrol_of, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
NetControl::quarantine_host(c$id$orig_h, 8.8.8.8, 192.169.18.1, 10hrs);
|
||||
}
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff pacf.log
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stdout
|
||||
|
||||
@load base/frameworks/pacf
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local pacf_debug = Pacf::create_debug(T);
|
||||
Pacf::activate(pacf_debug, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
Pacf::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
|
||||
Pacf::drop_address(id$orig_h, 15sec);
|
||||
Pacf::whitelist_address(id$orig_h, 15sec);
|
||||
Pacf::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 30sec);
|
||||
}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff pacf.log
|
||||
|
||||
@load base/frameworks/pacf
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local pacf_debug = Pacf::create_debug(T);
|
||||
Pacf::activate(pacf_debug, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
Pacf::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
|
||||
Pacf::drop_address(id$orig_h, 15sec);
|
||||
Pacf::whitelist_address(id$orig_h, 15sec);
|
||||
Pacf::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 30sec);
|
||||
}
|
||||
|
||||
hook Pacf::rule_policy(r: Pacf::Rule)
|
||||
{
|
||||
if ( r$expire == 15sec )
|
||||
break;
|
||||
|
||||
r$entity$flow$src_h = 0.0.0.0/0;
|
||||
}
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff pacf.log
|
||||
|
||||
@load base/frameworks/pacf
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local pacf_debug = Pacf::create_debug(T);
|
||||
local pacf_debug_2 = Pacf::create_debug(T);
|
||||
local of_controller = OpenFlow::log_new(42);
|
||||
local pacf_of = Pacf::create_openflow(of_controller);
|
||||
Pacf::activate(pacf_debug, 10);
|
||||
Pacf::activate(pacf_of, 10);
|
||||
Pacf::activate(pacf_debug_2, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
Pacf::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
|
||||
Pacf::drop_address(id$orig_h, 15sec);
|
||||
Pacf::whitelist_address(id$orig_h, 15sec);
|
||||
Pacf::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 30sec);
|
||||
}
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff pacf.log
|
||||
# @TEST-EXEC: btest-diff openflow.log
|
||||
|
||||
@load base/frameworks/pacf
|
||||
|
||||
global of_controller: OpenFlow::Controller;
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
of_controller = OpenFlow::log_new(42);
|
||||
local pacf_of = Pacf::create_openflow(of_controller);
|
||||
Pacf::activate(pacf_of, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local id = c$id;
|
||||
Pacf::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
|
||||
Pacf::drop_address(id$orig_h, 15sec);
|
||||
}
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff conn.log
|
||||
|
||||
@load base/frameworks/pacf
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
local pacf_packetfilter = Pacf::create_packetfilter();
|
||||
Pacf::activate(pacf_packetfilter, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
local e = Pacf::Entity($ty=Pacf::ADDRESS, $ip=addr_to_subnet(c$id$orig_h));
|
||||
local r = Pacf::Rule($ty=Pacf::DROP, $target=Pacf::MONITOR, $entity=e, $expire=10min);
|
||||
|
||||
Pacf::add_rule(r);
|
||||
}
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff pacf.log
|
||||
# @TEST-EXEC: btest-diff openflow.log
|
||||
|
||||
@load base/frameworks/pacf
|
||||
|
||||
global of_controller: OpenFlow::Controller;
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
of_controller = OpenFlow::log_new(42);
|
||||
local pacf_of = Pacf::create_openflow(of_controller);
|
||||
Pacf::activate(pacf_of, 0);
|
||||
}
|
||||
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
Pacf::quarantine_host(c$id$orig_h, 8.8.8.8, 192.169.18.1, 10hrs);
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue