Merge remote-tracking branch 'origin/topic/johanna/netcontrol-updates'

* origin/topic/johanna/netcontrol-updates:
  Netcontrol: add rule_added_policy
  Netcontrol: more logging in catch-and-release
  Netcontrol: allow supplying explicit name to Debug plugin

testing/btest/Baseline/scripts.base.frameworks.netcontrol.rule-added-hook-2/netcontrol.log

@@ -0,0 +1,25 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	plugin-2
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	plugin-2
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-2
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-2
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-2
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-2
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-2
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.frameworks.netcontrol.rule-added-hook/netcontrol.log

@@ -0,0 +1,22 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	plugin-2
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	plugin-2
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-2
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-2
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	plugin-1
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log

@@ -5,12 +5,12 @@
 #unset_field	-
 #path	netcontrol_catch_release
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message
-#types	time	string	addr	enum	interval	interval	time	time	count	string	string
-XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::ADDED	600.000000	3600.000000	-	XXXXXXXXXX.XXXXXX	1	test drop	Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.
-XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	-	XXXXXXXXXX.XXXXXX	1	test drop	-
-XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	test drop	-
-XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	test drop	-
-XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	test drop	-
-XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	test drop	-
+#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message	plugin
+#types	time	string	addr	enum	interval	interval	time	time	count	string	string	string
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::ADDED	600.000000	3600.000000	-	XXXXXXXXXX.XXXXXX	1	test drop	Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	-	XXXXXXXXXX.XXXXXX	1	test drop	-	Debug-All
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	test drop	-	-
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	test drop	-	Debug-All
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	test drop	-	-
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	test drop	-	Debug-All
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log

@@ -5,10 +5,10 @@
 #unset_field	-
 #path	netcontrol_catch_release
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message
-#types	time	string	addr	enum	interval	interval	time	time	count	string	string
-XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::DROP_REQUESTED	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
-XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::DROPPED	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
-XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::UNBLOCK	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
-XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::FORGOTTEN	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
+#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message	plugin
+#types	time	string	addr	enum	interval	interval	time	time	count	string	string	string
+XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::DROP_REQUESTED	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
+XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::DROPPED	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::UNBLOCK	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::FORGOTTEN	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol.log

@@ -0,0 +1,49 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	exists
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	exists
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	error
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	error
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	exists
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	error
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	exists
+XXXXXXXXXX.XXXXXX	2	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	600.000000	-	error
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	600.000000	-	-
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	3	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	3600.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	3600.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	4	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	86400.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	86400.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	5	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	604800.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	6	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	604800.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	7	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1

testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol_catch_release.log

@@ -0,0 +1,35 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol_catch_release
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message	plugin
+#types	time	string	addr	enum	interval	interval	time	time	count	string	string	string
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROP_REQUESTED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Already blocked using catch-and-release - ignoring duplicate	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Error occurred during rule operation: debug error	error
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	-
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::INFO	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::INFO	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	Error occurred during rule operation: debug error	error
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	-
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::INFO	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::INFO	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	Error occurred during rule operation: debug error	error
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	-
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	Error occurred during rule operation: debug error	error
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	-
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	Error occurred during rule operation: debug error	error
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	-
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	Error occurred during rule operation: debug error	error
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	plugin-1
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol.log

@@ -0,0 +1,35 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	plugin-2
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	plugin-2
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-2
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-2
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	600.000000	-	-
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	3600.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	86400.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	604800.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	604800.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2

testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol_catch_release.log

@@ -0,0 +1,29 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol_catch_release
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message	plugin
+#types	time	string	addr	enum	interval	interval	time	time	count	string	string	string
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROP_REQUESTED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Already blocked using catch-and-release - ignoring duplicate	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	plugin-2
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	-
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	plugin-2
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	-
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	plugin-2
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	-
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	plugin-2
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	-
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	plugin-2
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	-
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	plugin-2
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log

@@ -5,19 +5,19 @@
 #unset_field	-
 #path	netcontrol_catch_release
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message
-#types	time	string	addr	enum	interval	interval	time	time	count	string	string
-XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROP_REQUESTED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
-XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Already blocked using catch-and-release - ignoring duplicate
-XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
-XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-
-XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-
-XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-
-XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-
-XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-
-XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-
-XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-
-XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-
-XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-
-XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-
+#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message	plugin
+#types	time	string	addr	enum	interval	interval	time	time	count	string	string	string
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROP_REQUESTED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Already blocked using catch-and-release - ignoring duplicate	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	-
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	-
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	-
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	-
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	-
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	Debug-All
 #close XXXX-XX-XX-XX-XX-XX

testing/btest/scripts/base/frameworks/netcontrol/rule-added-hook.zeek

@@ -0,0 +1,46 @@
+# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: btest-diff netcontrol.log
+
+@load base/frameworks/netcontrol
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
+	local netcontrol_debug_exists = NetControl::create_debug_exists("plugin-2");
+	NetControl::activate(netcontrol_debug, 0);
+	NetControl::activate(netcontrol_debug_exists, 0);
+	}
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::drop_address(id$orig_h, 1sec);
+	}
+
+@TEST-START-NEXT
+
+@load base/frameworks/netcontrol
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
+	local netcontrol_debug_exists = NetControl::create_debug_exists("plugin-2");
+	NetControl::activate(netcontrol_debug, 0);
+	NetControl::activate(netcontrol_debug_exists, 0);
+	}
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::drop_address(id$orig_h, 1sec);
+	}
+
+hook NetControl::rule_added_policy(r: NetControl::Rule, p: NetControl::PluginState, exists: bool, msg: string)
+	{
+	if ( exists )
+		# force expiration, even if rule exists
+		if ( p$_id in r$_no_expire_plugins )
+			delete r$_no_expire_plugins[p$_id];
+	}
+
+

testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-two-plugins.zeek

@@ -0,0 +1,77 @@
+# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log
+# @TEST-EXEC: btest-diff netcontrol_catch_release.log
+
+@load base/frameworks/netcontrol
+@load policy/frameworks/netcontrol/catch-and-release
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
+	local netcontrol_debug_two = NetControl::create_debug(T, "plugin-2");
+	NetControl::activate(netcontrol_debug, 0);
+	NetControl::activate(netcontrol_debug_two, 0);
+	}
+
+global i: count = 0;
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::drop_address_catch_release(id$orig_h);
+	# second one should be ignored because duplicate
+	NetControl::drop_address_catch_release(id$orig_h);
+	}
+
+event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	if ( p$plugin$name(p) == "plugin-1" )
+		return;
+
+	if ( ++i >= 6 )
+		return;
+
+	# delete directly, without notifying anything.
+	NetControl::delete_rule(r$id, "testing");
+	NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
+	}
+
+
+@TEST-START-NEXT
+
+@load base/frameworks/netcontrol
+@load policy/frameworks/netcontrol/catch-and-release
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
+	local netcontrol_debug_two = NetControl::create_debug_exists("exists");
+	local netcontrol_debug_error = NetControl::create_debug_error("error");
+	NetControl::activate(netcontrol_debug_two, 0);
+	NetControl::activate(netcontrol_debug_error, 0);
+	NetControl::activate(netcontrol_debug, 0);
+	}
+
+global i: count = 0;
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::drop_address_catch_release(id$orig_h);
+	# second one should be ignored because duplicate
+	NetControl::drop_address_catch_release(id$orig_h);
+	}
+
+event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	if ( p$plugin$name(p) != "plugin-1" )
+		return;
+
+	if ( ++i >= 6 )
+		return;
+
+	# delete directly, without notifying anything.
+	NetControl::delete_rule(r$id, "testing");
+	NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
+	}
+