From 147283c8f505a022f56e0691d4fbecf5044f0fcb Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Tue, 6 Sep 2022 11:53:23 -0700
Subject: [PATCH] Management framework: add websocket support to controller

The controller now listens on an additional port, defaulting to 2149, for Broker
connections via websockets. Configuration works as for the existing traditional
Broker port (2150), via ZEEK_CONTROLLER_WEBSOCKET_ADDR and
ZEEK_CONTROLLER_WEBSOCKET_PORT environment variables, as well as corresponding
redef'able constants.

To disable the websockets feature, leave ZEEK_CONTROLLER_WEBSOCKET_PORT unset
and redefine Management::Controller::default_port_websocket to 0/unknown.
---
 .../management/controller/config.zeek         | 81 ++++++++++++++++---
 .../management/controller/main.zeek           | 20 ++++-
 2 files changed, 89 insertions(+), 12 deletions(-)

diff --git a/scripts/policy/frameworks/management/controller/config.zeek b/scripts/policy/frameworks/management/controller/config.zeek
index eb1e0ca2d6..9f96155d9f 100644
--- a/scripts/policy/frameworks/management/controller/config.zeek
+++ b/scripts/policy/frameworks/management/controller/config.zeek
@@ -24,21 +24,43 @@ export {
 	## but for the stderr stream.
 	const stderr_file = "stderr" &redef;
 
-	## The network address the controller listens on. By default this uses
-	## the value of the ZEEK_CONTROLLER_ADDR environment variable, but you
-	## may also redef to a specific value. When empty, the implementation
-	## falls back to :zeek:see:`Management::default_address`.
+	## The network address the controller listens on for Broker clients. By
+	## default this uses the ZEEK_CONTROLLER_ADDR environment variable, but
+	## you may also redef to a specific value. When empty, the
+	## implementation falls back to :zeek:see:`Management::default_address`.
 	const listen_address = getenv("ZEEK_CONTROLLER_ADDR") &redef;
 
-	## The network port the controller listens on. Counterpart to
-	## :zeek:see:`Management::Controller::listen_address`, defaulting to the
-	## ZEEK_CONTROLLER_PORT environment variable.
+	## The network port the controller listens on for Broker clients.
+	## Defaults to the ZEEK_CONTROLLER_PORT environment variable.
+	## When that is not set, the implementation falls back to
+	## :zeek:see:`Management::Controller::default_port`.
 	const listen_port = getenv("ZEEK_CONTROLLER_PORT") &redef;
 
 	## The fallback listen port if :zeek:see:`Management::Controller::listen_port`
-	## remains empty.
+	## remains empty. When set to 0/unknown, the controller won't listen
+	## for Broker connections. Don't do this if your management agents
+	## connect to the controller (instead of the default other way around),
+	## as they require Broker connectivity.
 	const default_port = 2150/tcp &redef;
 
+	## The network address the controller listens on for websocket
+	## clients. By default this uses the ZEEK_CONTROLLER_WEBSOCKET_ADDR
+	## environment variable, but you may also redef to a specific
+	## value. When empty, the implementation falls back to
+	## :zeek:see:`Management::default_address`.
+	const listen_address_websocket = getenv("ZEEK_CONTROLLER_WEBSOCKET_ADDR") &redef;
+
+	## The network port the controller listens on for websocket clients.
+	## Defaults to the ZEEK_CONTROLLER_WEBSOCKET_PORT environment
+	## variable. When that is not set, the implementation falls back to
+	## :zeek:see:`Management::Controller::default_port_websocket`.
+	const listen_port_websocket = getenv("ZEEK_CONTROLLER_WEBSOCKET_PORT") &redef;
+
+	## The fallback listen port if :zeek:see:`Management::Controller::listen_port_websocket`
+	## remains empty. When set to 0/unknown, the controller won't listen
+	## for websocket clients.
+	const default_port_websocket = 2149/tcp &redef;
+
 	## Whether the controller should auto-assign listening ports to cluster
 	## nodes that need them and don't have them explicitly specified in
 	## cluster configurations.
@@ -66,11 +88,21 @@ export {
 	## Returns the effective name of the controller.
 	global get_name: function(): string;
 
-	## Returns a :zeek:see:`Broker::NetworkInfo` record describing the controller.
+	## Returns a :zeek:see:`Broker::NetworkInfo` record describing the
+	## controller's Broker connectivity.
 	global network_info: function(): Broker::NetworkInfo;
 
-	## Returns a :zeek:see:`Broker::EndpointInfo` record describing the controller.
+	## Returns a :zeek:see:`Broker::NetworkInfo` record describing the
+	## controller's websocket connectivity.
+	global network_info_websocket: function(): Broker::NetworkInfo;
+
+	## Returns a :zeek:see:`Broker::EndpointInfo` record describing the
+	## controller's Broker connectivity.
 	global endpoint_info: function(): Broker::EndpointInfo;
+
+	## Returns a :zeek:see:`Broker::EndpointInfo` record describing the
+	## controller's websocket connectivity.
+	global endpoint_info_websocket: function(): Broker::EndpointInfo;
 }
 
 function get_name(): string
@@ -100,6 +132,25 @@ function network_info(): Broker::NetworkInfo
 	return ni;
 	}
 
+function network_info_websocket(): Broker::NetworkInfo
+	{
+	local ni: Broker::NetworkInfo;
+
+	if ( Management::Controller::listen_address_websocket != "" )
+		ni$address = Management::Controller::listen_address_websocket;
+	else if ( Management::default_address != "" )
+		ni$address = Management::default_address;
+	else
+		ni$address = "0.0.0.0";
+
+	if ( Management::Controller::listen_port_websocket != "" )
+		ni$bound_port = to_port(Management::Controller::listen_port_websocket);
+	else
+		ni$bound_port = Management::Controller::default_port_websocket;
+
+	return ni;
+	}
+
 function endpoint_info(): Broker::EndpointInfo
 	{
 	local epi: Broker::EndpointInfo;
@@ -109,3 +160,13 @@ function endpoint_info(): Broker::EndpointInfo
 
 	return epi;
 	}
+
+function endpoint_info_websocket(): Broker::EndpointInfo
+	{
+	local epi: Broker::EndpointInfo;
+
+	epi$id = Management::Controller::get_name();
+	epi$network = network_info_websocket();
+
+	return epi;
+	}
diff --git a/scripts/policy/frameworks/management/controller/main.zeek b/scripts/policy/frameworks/management/controller/main.zeek
index 8a757cb19e..ed5ca712d8 100644
--- a/scripts/policy/frameworks/management/controller/main.zeek
+++ b/scripts/policy/frameworks/management/controller/main.zeek
@@ -1504,14 +1504,30 @@ event zeek_init()
 	# via configurations uploaded by a client, with connections established
 	# upon deployment.
 
+	local broker_info = "no Broker port";
+	local websocket_info = "no Websocket port";
+
 	local cni = Management::Controller::network_info();
 
-	Broker::listen(cat(cni$address), cni$bound_port);
+	if ( cni$bound_port != 0/unknown )
+		{
+		Broker::listen(cat(cni$address), cni$bound_port);
+		broker_info = fmt("Broker port %s:%s", cni$address, cni$bound_port);
+		}
+
+	cni = Management::Controller::network_info_websocket();
+
+	if ( cni$bound_port != 0/unknown )
+		{
+		Broker::listen_websocket(cat(cni$address), cni$bound_port);
+		websocket_info = fmt("websocket port %s:%s", cni$address, cni$bound_port);
+		}
 
 	Broker::subscribe(Management::Agent::topic_prefix);
 	Broker::subscribe(Management::Controller::topic);
 
-	Management::Log::info(fmt("controller is live, Broker ID %s", Broker::node_id()));
+	Management::Log::info(fmt("controller is live, Broker ID %s, %s, %s",
+	    Broker::node_id(), broker_info, websocket_info));
 
 	# If we have a persisted deployed configuration, we need to make sure
 	# it's actually running. The agents involved might be gone, running a