diff --git a/CHANGES b/CHANGES index 08b4f961a1..ec90e4aa50 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,27 @@ +6.2.0-dev.519 | 2024-02-06 11:51:26 +0000 + + * Netcontrol: add rule_added_policy (Johanna Amann, Corelight) + + rule_added_policy allows the modification of rules just after they have + been added. This allows the implementation of some more complex features + - like changing rule states depending on insertion in other plugins. + + * Netcontrol: more logging in catch-and-release (Johanna Amann, Corelight) + + Catch-and-release logs now include the plugin that is responsible for an + action. Furthermore, the catch-and-release log also includes instances + where a rule already existed, and where an error occurred during an + operation. + + * Netcontrol: allow supplying explicit name to Debug plugin (Johanna Amann, Corelight) + + This change extends the arguments of NetControl::create_debug, and + allows the specification of an optional name argument, which can be used + instead of the default-generated name. + + This is helpful when one wants to attach several plugins to verify + behavior in those cases. + 6.2.0-dev.515 | 2024-02-06 11:22:26 +0100 * Obj: Implement with_location_of() as template (Arne Welzel, Corelight) diff --git a/NEWS b/NEWS index 8dac5d28ee..9415e0c2bf 100644 --- a/NEWS +++ b/NEWS @@ -187,6 +187,9 @@ New Functionality hook Intel::seen_policy(s: Intel::Seen, found: bool) +- A new ``NetControl::rule_added_policy`` hook has been introduced to allow modification + of NetControl rules after they have been added. + Changed Functionality --------------------- @@ -213,6 +216,10 @@ Changed Functionality unbounded MIME message nesting. This limit is configurable with ``MIME::max_depth``. A new weird named ``exceeded_mime_max_depth`` is reported when reached. +- The ``netcontrol_catch_release.log`` now contains a plugin column that shows which + plugin took an action. The logs also contain information when errors or existing + rules are encountered. + Removed Functionality --------------------- diff --git a/VERSION b/VERSION index bf1918b9c5..084b4904f3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -6.2.0-dev.515 +6.2.0-dev.519 diff --git a/scripts/base/frameworks/netcontrol/main.zeek b/scripts/base/frameworks/netcontrol/main.zeek index 4687c2d52d..ee18666002 100644 --- a/scripts/base/frameworks/netcontrol/main.zeek +++ b/scripts/base/frameworks/netcontrol/main.zeek @@ -262,6 +262,20 @@ export { ## r: The rule to be added. global NetControl::rule_policy: hook(r: Rule); + ## Hook that allows the modification of rule states after they are returned from + ## the plugins and have been added to the rules database. This allows low-level + ## modification of the handling of rules like, e.g., changing rule expiration depending + ## on context. + ## + ## r: The rule now in place. + ## + ## p: The state for the plugin that put it into place. + ## + ## exists: If the adding plugin flagged the rule as already existing. + ## + ## msg: An optional informational message by the plugin. + global NetControl::rule_added_policy: hook(r: Rule, p: PluginState, exists: bool, msg: string); + ##### Plugin functions ## Function called by plugins once they finished their activation. After all @@ -945,6 +959,8 @@ function rule_added_impl(r: Rule, p: PluginState, exists: bool, msg: string &def # rule was completely added. rule$_added = T; } + + hook NetControl::rule_added_policy(rule, p, exists, msg); } function rule_removed_impl(r: Rule, p: PluginState, msg: string &default="") &is_used diff --git a/scripts/base/frameworks/netcontrol/plugins/debug.zeek b/scripts/base/frameworks/netcontrol/plugins/debug.zeek index f159cda73f..66cda5a056 100644 --- a/scripts/base/frameworks/netcontrol/plugins/debug.zeek +++ b/scripts/base/frameworks/netcontrol/plugins/debug.zeek @@ -12,7 +12,21 @@ export { ## ## do_something: If true, the plugin will claim it supports all operations; if ## false, it will indicate it doesn't support any. - global create_debug: function(do_something: bool) : PluginState; + ## + ## name: Optional name that for the plugin. + global create_debug: function(do_something: bool, name: string &default="") : PluginState; + + ## Instantiates a debug plugin for the NetControl framework. This variation + ## of the plugin will return "exists" to any rule operations. + ## + ## name: Name of this plugin. + global create_debug_exists: function(name: string) : PluginState; + + ## Instantiates a debug plugin for the NetControl framework. This variation + ## of the plugin will return "error" to any rule operations. + ## + ## name: Name of this plugin. + global create_debug_error: function(name: string) : PluginState; } function do_something(p: PluginState) : bool @@ -22,7 +36,7 @@ function do_something(p: PluginState) : bool function debug_name(p: PluginState) : string { - return fmt("Debug-%s", (do_something(p) ? "All" : "None")); + return p$config["name"]; } function debug_log(p: PluginState, msg: string) @@ -55,6 +69,34 @@ function debug_add_rule(p: PluginState, r: Rule) : bool return F; } +function debug_add_rule_exists(p: PluginState, r: Rule) : bool + { + local s = fmt("add_rule_exists: %s", r); + debug_log(p, s); + + if ( do_something(p) ) + { + event NetControl::rule_exists(r, p); + return T; + } + + return F; + } + +function debug_add_rule_error(p: PluginState, r: Rule) : bool + { + local s = fmt("add_rule_error: %s", r); + debug_log(p, s); + + if ( do_something(p) ) + { + event NetControl::rule_error(r, p, "debug error"); + return T; + } + + return F; + } + function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool { local s = fmt("remove_rule (%s): %s", reason, r); @@ -73,13 +115,35 @@ global debug_plugin = Plugin( $remove_rule = debug_remove_rule ); -function create_debug(do_something: bool) : PluginState +function create_debug(do_something: bool, name: string) : PluginState { local p: PluginState = [$plugin=debug_plugin]; # FIXME: Why's the default not working? p$config = table(); p$config["all"] = (do_something ? "1" : "0"); + if ( name == "" ) + p$config["name"] = fmt("Debug-%s", (do_something ? "All" : "None")); + else + p$config["name"] = name; return p; } + +function create_debug_error(name: string) : PluginState + { + local p: PluginState = copy([$plugin=debug_plugin]); + p$config["name"] = name; + p$config["all"] = "1"; + p$plugin$add_rule = debug_add_rule_error; + return p; + } + +function create_debug_exists(name: string) : PluginState + { + local p: PluginState = copy([$plugin=debug_plugin]); + p$config["name"] = name; + p$config["all"] = "1"; + p$plugin$add_rule = debug_add_rule_exists; + return p; + } diff --git a/scripts/policy/frameworks/netcontrol/catch-and-release.zeek b/scripts/policy/frameworks/netcontrol/catch-and-release.zeek index f0e1008a78..18a5f1eef7 100644 --- a/scripts/policy/frameworks/netcontrol/catch-and-release.zeek +++ b/scripts/policy/frameworks/netcontrol/catch-and-release.zeek @@ -73,6 +73,8 @@ export { location: string &log &optional; ## Additional informational string by the catch and release framework about this log-line. message: string &log &optional; + ## Plugin triggering the log entry. + plugin: string &log &optional; }; ## Stops all packets involving an IP address from being forwarded. This function @@ -270,11 +272,40 @@ event rule_added(r: Rule, p: PluginState, msg: string) local bi = blocks[ip]; local log = populate_log_record(ip, bi, DROPPED); + log$plugin = p$plugin$name(p); if ( msg != "" ) log$message = msg; Log::write(CATCH_RELEASE, log); } +event rule_exists(r: Rule, p: PluginState, msg: string) + { + if ( !cr_check_rule(r) ) + return; + + local ip = subnet_to_addr(r$entity$ip); + local bi = blocks[ip]; + + local log = populate_log_record(ip, bi, INFO); + log$plugin = p$plugin$name(p); + local infomsg = "Existing rule encountered while inserting rule"; + log$message = msg + infomsg; + Log::write(CATCH_RELEASE, log); + } + +event rule_error(r: Rule, p: PluginState, msg: string) + { + if ( !cr_check_rule(r) ) + return; + + local ip = subnet_to_addr(r$entity$ip); + local bi = blocks[ip]; + + local log = populate_log_record(ip, bi, INFO); + log$plugin = p$plugin$name(p); + log$message = "Error occurred during rule operation: " + msg; + Log::write(CATCH_RELEASE, log); + } event rule_timeout(r: Rule, i: FlowInfo, p: PluginState) { @@ -285,6 +316,7 @@ event rule_timeout(r: Rule, i: FlowInfo, p: PluginState) local bi = blocks[ip]; local log = populate_log_record(ip, bi, UNBLOCK); + log$plugin = p$plugin$name(p); if ( bi?$block_until ) { local difference: interval = network_time() - bi$block_until; diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.rule-added-hook-2/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.rule-added-hook-2/netcontrol.log new file mode 100644 index 0000000000..7d415e9fde --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.rule-added-hook-2/netcontrol.log @@ -0,0 +1,25 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path netcontrol +#open XXXX-XX-XX-XX-XX-XX +#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin +#types time string enum string enum string enum string string string string int interval string string +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-1 +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-1 +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-2 +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-2 +0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2 +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.rule-added-hook/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.rule-added-hook/netcontrol.log new file mode 100644 index 0000000000..bcc40cf2af --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.rule-added-hook/netcontrol.log @@ -0,0 +1,22 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path netcontrol +#open XXXX-XX-XX-XX-XX-XX +#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin +#types time string enum string enum string enum string string string string int interval string string +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-1 +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-1 +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-2 +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-2 +0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1 +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log index d89f95953a..bb48462316 100644 --- a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log +++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log @@ -5,12 +5,12 @@ #unset_field - #path netcontrol_catch_release #open XXXX-XX-XX-XX-XX-XX -#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message -#types time string addr enum interval interval time time count string string -XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::ADDED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic. -XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop - -XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - -XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - -XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - -XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - +#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin +#types time string addr enum interval interval time time count string string string +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::ADDED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic. - +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop - Debug-All +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - - +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - Debug-All +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - - +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - Debug-All #close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log index 5a9e366e16..b321be9a91 100644 --- a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log +++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log @@ -5,10 +5,10 @@ #unset_field - #path netcontrol_catch_release #open XXXX-XX-XX-XX-XX-XX -#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message -#types time string addr enum interval interval time time count string string -XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROP_REQUESTED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROPPED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::UNBLOCK 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::FORGOTTEN 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - +#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin +#types time string addr enum interval interval time time count string string string +XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROP_REQUESTED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - - +XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROPPED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - Debug-All +XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::UNBLOCK 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - Debug-All +XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::FORGOTTEN 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - - #close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol.log new file mode 100644 index 0000000000..d5e910f497 --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol.log @@ -0,0 +1,49 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - exists +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - exists +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - error +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - error +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-1 +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-1 +0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - exists +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - error +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - exists +XXXXXXXXXX.XXXXXX 2 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 600.000000 - error +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 600.000000 - - +XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: exists +XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: error +XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: exists +XXXXXXXXXX.XXXXXX 3 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 3600.000000 Re-drop by catch-and-release: error +XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 3 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 3600.000000 Re-drop by catch-and-release: - +XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: exists +XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: error +XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: exists +XXXXXXXXXX.XXXXXX 4 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 86400.000000 Re-drop by catch-and-release: error +XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 4 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 86400.000000 Re-drop by catch-and-release: - +XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists +XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: error +XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists +XXXXXXXXXX.XXXXXX 5 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 604800.000000 Re-drop by catch-and-release: error +XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 5 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: - +XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists +XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: error +XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists +XXXXXXXXXX.XXXXXX 6 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 604800.000000 Re-drop by catch-and-release: error +XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 6 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: - +XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists +XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: error +XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists +XXXXXXXXXX.XXXXXX 7 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 604800.000000 Re-drop by catch-and-release: error +XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol_catch_release.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol_catch_release.log new file mode 100644 index 0000000000..6fde19b61c --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol_catch_release.log @@ -0,0 +1,35 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path netcontrol_catch_release +#open XXXX-XX-XX-XX-XX-XX +#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin +#types time string addr enum interval interval time time count string string string +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - - +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate - +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Existing rule encountered while inserting rule exists +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Error occurred during rule operation: debug error error +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - plugin-1 +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - - +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::INFO 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - Existing rule encountered while inserting rule exists +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::INFO 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - Error occurred during rule operation: debug error error +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - plugin-1 +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - - +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::INFO 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - Existing rule encountered while inserting rule exists +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::INFO 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - Error occurred during rule operation: debug error error +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - plugin-1 +XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - - +XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - Existing rule encountered while inserting rule exists +XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - Error occurred during rule operation: debug error error +XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - plugin-1 +XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - - +XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - Existing rule encountered while inserting rule exists +XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - Error occurred during rule operation: debug error error +XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - plugin-1 +XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - - +XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - Existing rule encountered while inserting rule exists +XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - Error occurred during rule operation: debug error error +XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - plugin-1 +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol.log new file mode 100644 index 0000000000..9e0843362f --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol.log @@ -0,0 +1,35 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-1 +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-1 +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-2 +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-2 +0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-2 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-2 +XXXXXXXXXX.XXXXXX 2 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 600.000000 - - +XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-2 +XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-2 +XXXXXXXXXX.XXXXXX 3 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 3600.000000 Re-drop by catch-and-release: - +XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-2 +XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-2 +XXXXXXXXXX.XXXXXX 4 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 86400.000000 Re-drop by catch-and-release: - +XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2 +XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2 +XXXXXXXXXX.XXXXXX 5 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: - +XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2 +XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2 +XXXXXXXXXX.XXXXXX 6 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: - +XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2 +XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1 +XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2 diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol_catch_release.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol_catch_release.log new file mode 100644 index 0000000000..79767e81ae --- /dev/null +++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol_catch_release.log @@ -0,0 +1,29 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path netcontrol_catch_release +#open XXXX-XX-XX-XX-XX-XX +#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin +#types time string addr enum interval interval time time count string string string +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - - +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate - +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - plugin-1 +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - plugin-2 +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - - +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - plugin-1 +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - plugin-2 +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - - +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - plugin-1 +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - plugin-2 +XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - - +XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - plugin-1 +XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - plugin-2 +XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - - +XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - plugin-1 +XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - plugin-2 +XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - - +XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - plugin-1 +XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - plugin-2 +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log index 3e6f6b6826..662a9965e7 100644 --- a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log +++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log @@ -5,19 +5,19 @@ #unset_field - #path netcontrol_catch_release #open XXXX-XX-XX-XX-XX-XX -#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message -#types time string addr enum interval interval time time count string string -XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate -XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - -XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - -XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - -XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - -XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - -XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - -XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - -XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - -XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - -XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - +#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin +#types time string addr enum interval interval time time count string string string +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - - +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate - +XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - Debug-All +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - - +XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - Debug-All +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - - +XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - Debug-All +XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - - +XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - Debug-All +XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - - +XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - Debug-All +XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - - +XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - Debug-All #close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/scripts/base/frameworks/netcontrol/rule-added-hook.zeek b/testing/btest/scripts/base/frameworks/netcontrol/rule-added-hook.zeek new file mode 100644 index 0000000000..3452d55736 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/netcontrol/rule-added-hook.zeek @@ -0,0 +1,46 @@ +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: btest-diff netcontrol.log + +@load base/frameworks/netcontrol + +event NetControl::init() + { + local netcontrol_debug = NetControl::create_debug(T, "plugin-1"); + local netcontrol_debug_exists = NetControl::create_debug_exists("plugin-2"); + NetControl::activate(netcontrol_debug, 0); + NetControl::activate(netcontrol_debug_exists, 0); + } + +event connection_established(c: connection) + { + local id = c$id; + NetControl::drop_address(id$orig_h, 1sec); + } + +@TEST-START-NEXT + +@load base/frameworks/netcontrol + +event NetControl::init() + { + local netcontrol_debug = NetControl::create_debug(T, "plugin-1"); + local netcontrol_debug_exists = NetControl::create_debug_exists("plugin-2"); + NetControl::activate(netcontrol_debug, 0); + NetControl::activate(netcontrol_debug_exists, 0); + } + +event connection_established(c: connection) + { + local id = c$id; + NetControl::drop_address(id$orig_h, 1sec); + } + +hook NetControl::rule_added_policy(r: NetControl::Rule, p: NetControl::PluginState, exists: bool, msg: string) + { + if ( exists ) + # force expiration, even if rule exists + if ( p$_id in r$_no_expire_plugins ) + delete r$_no_expire_plugins[p$_id]; + } + + diff --git a/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-two-plugins.zeek b/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-two-plugins.zeek new file mode 100644 index 0000000000..5b2fe6c5a0 --- /dev/null +++ b/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-two-plugins.zeek @@ -0,0 +1,77 @@ +# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT +# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log +# @TEST-EXEC: btest-diff netcontrol_catch_release.log + +@load base/frameworks/netcontrol +@load policy/frameworks/netcontrol/catch-and-release + +event NetControl::init() + { + local netcontrol_debug = NetControl::create_debug(T, "plugin-1"); + local netcontrol_debug_two = NetControl::create_debug(T, "plugin-2"); + NetControl::activate(netcontrol_debug, 0); + NetControl::activate(netcontrol_debug_two, 0); + } + +global i: count = 0; + +event connection_established(c: connection) + { + local id = c$id; + NetControl::drop_address_catch_release(id$orig_h); + # second one should be ignored because duplicate + NetControl::drop_address_catch_release(id$orig_h); + } + +event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string) + { + if ( p$plugin$name(p) == "plugin-1" ) + return; + + if ( ++i >= 6 ) + return; + + # delete directly, without notifying anything. + NetControl::delete_rule(r$id, "testing"); + NetControl::catch_release_seen(subnet_to_addr(r$entity$ip)); + } + + +@TEST-START-NEXT + +@load base/frameworks/netcontrol +@load policy/frameworks/netcontrol/catch-and-release + +event NetControl::init() + { + local netcontrol_debug = NetControl::create_debug(T, "plugin-1"); + local netcontrol_debug_two = NetControl::create_debug_exists("exists"); + local netcontrol_debug_error = NetControl::create_debug_error("error"); + NetControl::activate(netcontrol_debug_two, 0); + NetControl::activate(netcontrol_debug_error, 0); + NetControl::activate(netcontrol_debug, 0); + } + +global i: count = 0; + +event connection_established(c: connection) + { + local id = c$id; + NetControl::drop_address_catch_release(id$orig_h); + # second one should be ignored because duplicate + NetControl::drop_address_catch_release(id$orig_h); + } + +event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string) + { + if ( p$plugin$name(p) != "plugin-1" ) + return; + + if ( ++i >= 6 ) + return; + + # delete directly, without notifying anything. + NetControl::delete_rule(r$id, "testing"); + NetControl::catch_release_seen(subnet_to_addr(r$entity$ip)); + } +