Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/johanna/netcontrol-updates'

Browse source 
* origin/topic/johanna/netcontrol-updates:
  Netcontrol: add rule_added_policy
  Netcontrol: more logging in catch-and-release
  Netcontrol: allow supplying explicit name to Debug plugin
This commit is contained in:
Johanna Amann 2024-02-06 11:51:26 +00:00
commit 160ccda45f
17 changed files with 494 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

24
CHANGES
View file

@ -1,3 +1,27 @@
6.2.0-dev.519 | 2024-02-06 11:51:26 +0000
* Netcontrol: add rule_added_policy (Johanna Amann, Corelight)
rule_added_policy allows the modification of rules just after they have
been added. This allows the implementation of some more complex features
- like changing rule states depending on insertion in other plugins.
* Netcontrol: more logging in catch-and-release (Johanna Amann, Corelight)
Catch-and-release logs now include the plugin that is responsible for an
action. Furthermore, the catch-and-release log also includes instances
where a rule already existed, and where an error occurred during an
operation.
* Netcontrol: allow supplying explicit name to Debug plugin (Johanna Amann, Corelight)
This change extends the arguments of NetControl::create_debug, and
allows the specification of an optional name argument, which can be used
instead of the default-generated name.
This is helpful when one wants to attach several plugins to verify
behavior in those cases.
6.2.0-dev.515 | 2024-02-06 11:22:26 +0100 6.2.0-dev.515 | 2024-02-06 11:22:26 +0100
* Obj: Implement with_location_of() as template (Arne Welzel, Corelight) * Obj: Implement with_location_of() as template (Arne Welzel, Corelight)

7
NEWS
View file

@ -187,6 +187,9 @@ New Functionality
hook Intel::seen_policy(s: Intel::Seen, found: bool) hook Intel::seen_policy(s: Intel::Seen, found: bool)
- A new ``NetControl::rule_added_policy`` hook has been introduced to allow modification
of NetControl rules after they have been added.
Changed Functionality Changed Functionality
--------------------- ---------------------
@ -213,6 +216,10 @@ Changed Functionality
unbounded MIME message nesting. This limit is configurable with ``MIME::max_depth``. unbounded MIME message nesting. This limit is configurable with ``MIME::max_depth``.
A new weird named ``exceeded_mime_max_depth`` is reported when reached. A new weird named ``exceeded_mime_max_depth`` is reported when reached.
- The ``netcontrol_catch_release.log`` now contains a plugin column that shows which
plugin took an action. The logs also contain information when errors or existing
rules are encountered.
Removed Functionality Removed Functionality
--------------------- ---------------------

2
VERSION
View file

@ -1 +1 @@
6.2.0-dev.515 6.2.0-dev.519

16
scripts/base/frameworks/netcontrol/main.zeek
View file

@ -262,6 +262,20 @@ export {
## r: The rule to be added. ## r: The rule to be added.
global NetControl::rule_policy: hook(r: Rule); global NetControl::rule_policy: hook(r: Rule);
## Hook that allows the modification of rule states after they are returned from
## the plugins and have been added to the rules database. This allows low-level
## modification of the handling of rules like, e.g., changing rule expiration depending
## on context.
##
## r: The rule now in place.
##
## p: The state for the plugin that put it into place.
##
## exists: If the adding plugin flagged the rule as already existing.
##
## msg: An optional informational message by the plugin.
global NetControl::rule_added_policy: hook(r: Rule, p: PluginState, exists: bool, msg: string);
##### Plugin functions ##### Plugin functions
## Function called by plugins once they finished their activation. After all ## Function called by plugins once they finished their activation. After all
@ -945,6 +959,8 @@ function rule_added_impl(r: Rule, p: PluginState, exists: bool, msg: string &def
# rule was completely added. # rule was completely added.
rule$_added = T; rule$_added = T;
} }
hook NetControl::rule_added_policy(rule, p, exists, msg);
} }
function rule_removed_impl(r: Rule, p: PluginState, msg: string &default="") &is_used function rule_removed_impl(r: Rule, p: PluginState, msg: string &default="") &is_used

70
scripts/base/frameworks/netcontrol/plugins/debug.zeek
View file

@ -12,7 +12,21 @@ export {
## ##
## do_something: If true, the plugin will claim it supports all operations; if ## do_something: If true, the plugin will claim it supports all operations; if
## false, it will indicate it doesn't support any. ## false, it will indicate it doesn't support any.
global create_debug: function(do_something: bool) : PluginState; ##
## name: Optional name that for the plugin.
global create_debug: function(do_something: bool, name: string &default="") : PluginState;
## Instantiates a debug plugin for the NetControl framework. This variation
## of the plugin will return "exists" to any rule operations.
##
## name: Name of this plugin.
global create_debug_exists: function(name: string) : PluginState;
## Instantiates a debug plugin for the NetControl framework. This variation
## of the plugin will return "error" to any rule operations.
##
## name: Name of this plugin.
global create_debug_error: function(name: string) : PluginState;
} }
function do_something(p: PluginState) : bool function do_something(p: PluginState) : bool
@ -22,7 +36,7 @@ function do_something(p: PluginState) : bool
function debug_name(p: PluginState) : string function debug_name(p: PluginState) : string
{ {
return fmt("Debug-%s", (do_something(p) ? "All" : "None")); return p$config["name"];
} }
function debug_log(p: PluginState, msg: string) function debug_log(p: PluginState, msg: string)
@ -55,6 +69,34 @@ function debug_add_rule(p: PluginState, r: Rule) : bool
return F; return F;
} }
function debug_add_rule_exists(p: PluginState, r: Rule) : bool
{
local s = fmt("add_rule_exists: %s", r);
debug_log(p, s);
if ( do_something(p) )
{
event NetControl::rule_exists(r, p);
return T;
}
return F;
}
function debug_add_rule_error(p: PluginState, r: Rule) : bool
{
local s = fmt("add_rule_error: %s", r);
debug_log(p, s);
if ( do_something(p) )
{
event NetControl::rule_error(r, p, "debug error");
return T;
}
return F;
}
function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool
{ {
local s = fmt("remove_rule (%s): %s", reason, r); local s = fmt("remove_rule (%s): %s", reason, r);
@ -73,13 +115,35 @@ global debug_plugin = Plugin(
$remove_rule = debug_remove_rule $remove_rule = debug_remove_rule
); );
function create_debug(do_something: bool) : PluginState function create_debug(do_something: bool, name: string) : PluginState
{ {
local p: PluginState = [$plugin=debug_plugin]; local p: PluginState = [$plugin=debug_plugin];
# FIXME: Why's the default not working? # FIXME: Why's the default not working?
p$config = table(); p$config = table();
p$config["all"] = (do_something ? "1" : "0"); p$config["all"] = (do_something ? "1" : "0");
if ( name == "" )
p$config["name"] = fmt("Debug-%s", (do_something ? "All" : "None"));
else
p$config["name"] = name;
return p; return p;
} }
function create_debug_error(name: string) : PluginState
{
local p: PluginState = copy([$plugin=debug_plugin]);
p$config["name"] = name;
p$config["all"] = "1";
p$plugin$add_rule = debug_add_rule_error;
return p;
}
function create_debug_exists(name: string) : PluginState
{
local p: PluginState = copy([$plugin=debug_plugin]);
p$config["name"] = name;
p$config["all"] = "1";
p$plugin$add_rule = debug_add_rule_exists;
return p;
}

32
scripts/policy/frameworks/netcontrol/catch-and-release.zeek
View file

@ -73,6 +73,8 @@ export {
location: string &log &optional; location: string &log &optional;
## Additional informational string by the catch and release framework about this log-line. ## Additional informational string by the catch and release framework about this log-line.
message: string &log &optional; message: string &log &optional;
## Plugin triggering the log entry.
plugin: string &log &optional;
}; };
## Stops all packets involving an IP address from being forwarded. This function ## Stops all packets involving an IP address from being forwarded. This function
@ -270,11 +272,40 @@ event rule_added(r: Rule, p: PluginState, msg: string)
local bi = blocks[ip]; local bi = blocks[ip];
local log = populate_log_record(ip, bi, DROPPED); local log = populate_log_record(ip, bi, DROPPED);
log$plugin = p$plugin$name(p);
if ( msg != "" ) if ( msg != "" )
log$message = msg; log$message = msg;
Log::write(CATCH_RELEASE, log); Log::write(CATCH_RELEASE, log);
} }
event rule_exists(r: Rule, p: PluginState, msg: string)
{
if ( !cr_check_rule(r) )
return;
local ip = subnet_to_addr(r$entity$ip);
local bi = blocks[ip];
local log = populate_log_record(ip, bi, INFO);
log$plugin = p$plugin$name(p);
local infomsg = "Existing rule encountered while inserting rule";
log$message = msg + infomsg;
Log::write(CATCH_RELEASE, log);
}
event rule_error(r: Rule, p: PluginState, msg: string)
{
if ( !cr_check_rule(r) )
return;
local ip = subnet_to_addr(r$entity$ip);
local bi = blocks[ip];
local log = populate_log_record(ip, bi, INFO);
log$plugin = p$plugin$name(p);
log$message = "Error occurred during rule operation: " + msg;
Log::write(CATCH_RELEASE, log);
}
event rule_timeout(r: Rule, i: FlowInfo, p: PluginState) event rule_timeout(r: Rule, i: FlowInfo, p: PluginState)
{ {
@ -285,6 +316,7 @@ event rule_timeout(r: Rule, i: FlowInfo, p: PluginState)
local bi = blocks[ip]; local bi = blocks[ip];
local log = populate_log_record(ip, bi, UNBLOCK); local log = populate_log_record(ip, bi, UNBLOCK);
log$plugin = p$plugin$name(p);
if ( bi?$block_until ) if ( bi?$block_until )
{ {
local difference: interval = network_time() - bi$block_until; local difference: interval = network_time() - bi$block_until;

25
testing/btest/Baseline/scripts.base.frameworks.netcontrol.rule-added-hook-2/netcontrol.log Normal file
View file

@ -0,0 +1,25 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path netcontrol
#open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
#types time string enum string enum string enum string string string string int interval string string
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-2
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-2
0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2
XXXXXXXXXX.XXXXXX 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2
XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2
XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2
#close XXXX-XX-XX-XX-XX-XX

22
testing/btest/Baseline/scripts.base.frameworks.netcontrol.rule-added-hook/netcontrol.log Normal file
View file

@ -0,0 +1,22 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path netcontrol
#open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
#types time string enum string enum string enum string string string string int interval string string
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-2
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-2
0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-2
XXXXXXXXXX.XXXXXX 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - plugin-1
#close XXXX-XX-XX-XX-XX-XX

16
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log
View file

@ -5,12 +5,12 @@
#unset_field - #unset_field -
#path netcontrol_catch_release #path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message #fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string #types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::ADDED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic. XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::ADDED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic. -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop - XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop - Debug-All
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - -
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - Debug-All
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - -
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - Debug-All
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

12
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log
View file

@ -5,10 +5,10 @@
#unset_field - #unset_field -
#path netcontrol_catch_release #path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message #fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string #types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROP_REQUESTED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROP_REQUESTED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROPPED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROPPED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - Debug-All
XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::UNBLOCK 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::UNBLOCK 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - Debug-All
XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::FORGOTTEN 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::FORGOTTEN 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

49
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol.log Normal file
View file

@ -0,0 +1,49 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - exists
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - exists
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - error
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - error
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - exists
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - error
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - exists
XXXXXXXXXX.XXXXXX 2 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 600.000000 - error
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 600.000000 - -
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 3 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 3600.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 3 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 3600.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 4 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 86400.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 4 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 86400.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 5 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 5 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 6 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 6 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 7 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1

35
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol_catch_release.log Normal file
View file

@ -0,0 +1,35 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Error occurred during rule operation: debug error error
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - plugin-1
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - -
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::INFO 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::INFO 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - Error occurred during rule operation: debug error error
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - plugin-1
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - -
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::INFO 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::INFO 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - Error occurred during rule operation: debug error error
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - plugin-1
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - -
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - Error occurred during rule operation: debug error error
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - plugin-1
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - -
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - Error occurred during rule operation: debug error error
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - plugin-1
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - -
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - Error occurred during rule operation: debug error error
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - plugin-1
#close XXXX-XX-XX-XX-XX-XX

35
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol.log Normal file
View file

@ -0,0 +1,35 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-2
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-2
0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-2
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-2
XXXXXXXXXX.XXXXXX 2 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 600.000000 - -
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 3 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 3600.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 4 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 86400.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 5 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 6 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2

29
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol_catch_release.log Normal file
View file

@ -0,0 +1,29 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - plugin-1
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - plugin-2
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - -
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - plugin-1
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - plugin-2
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - -
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - plugin-1
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - plugin-2
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - -
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - plugin-1
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - plugin-2
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - -
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - plugin-1
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - plugin-2
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - -
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - plugin-1
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - plugin-2
#close XXXX-XX-XX-XX-XX-XX

30
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log
View file

@ -5,19 +5,19 @@
#unset_field - #unset_field -
#path netcontrol_catch_release #path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message #fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string #types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - Debug-All
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - -
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - Debug-All
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - -
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - Debug-All
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - -
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - Debug-All
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - -
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - Debug-All
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - -
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - Debug-All
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

46
testing/btest/scripts/base/frameworks/netcontrol/rule-added-hook.zeek Normal file
View file

@ -0,0 +1,46 @@
# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
# @TEST-EXEC: btest-diff netcontrol.log
@load base/frameworks/netcontrol
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
local netcontrol_debug_exists = NetControl::create_debug_exists("plugin-2");
NetControl::activate(netcontrol_debug, 0);
NetControl::activate(netcontrol_debug_exists, 0);
}
event connection_established(c: connection)
{
local id = c$id;
NetControl::drop_address(id$orig_h, 1sec);
}
@TEST-START-NEXT
@load base/frameworks/netcontrol
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
local netcontrol_debug_exists = NetControl::create_debug_exists("plugin-2");
NetControl::activate(netcontrol_debug, 0);
NetControl::activate(netcontrol_debug_exists, 0);
}
event connection_established(c: connection)
{
local id = c$id;
NetControl::drop_address(id$orig_h, 1sec);
}
hook NetControl::rule_added_policy(r: NetControl::Rule, p: NetControl::PluginState, exists: bool, msg: string)
{
if ( exists )
# force expiration, even if rule exists
if ( p$_id in r$_no_expire_plugins )
delete r$_no_expire_plugins[p$_id];
}

77
testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-two-plugins.zeek Normal file
View file

@ -0,0 +1,77 @@
# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log
# @TEST-EXEC: btest-diff netcontrol_catch_release.log
@load base/frameworks/netcontrol
@load policy/frameworks/netcontrol/catch-and-release
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
local netcontrol_debug_two = NetControl::create_debug(T, "plugin-2");
NetControl::activate(netcontrol_debug, 0);
NetControl::activate(netcontrol_debug_two, 0);
}
global i: count = 0;
event connection_established(c: connection)
{
local id = c$id;
NetControl::drop_address_catch_release(id$orig_h);
# second one should be ignored because duplicate
NetControl::drop_address_catch_release(id$orig_h);
}
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
if ( p$plugin$name(p) == "plugin-1" )
return;
if ( ++i >= 6 )
return;
# delete directly, without notifying anything.
NetControl::delete_rule(r$id, "testing");
NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
}
@TEST-START-NEXT
@load base/frameworks/netcontrol
@load policy/frameworks/netcontrol/catch-and-release
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
local netcontrol_debug_two = NetControl::create_debug_exists("exists");
local netcontrol_debug_error = NetControl::create_debug_error("error");
NetControl::activate(netcontrol_debug_two, 0);
NetControl::activate(netcontrol_debug_error, 0);
NetControl::activate(netcontrol_debug, 0);
}
global i: count = 0;
event connection_established(c: connection)
{
local id = c$id;
NetControl::drop_address_catch_release(id$orig_h);
# second one should be ignored because duplicate
NetControl::drop_address_catch_release(id$orig_h);
}
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
if ( p$plugin$name(p) != "plugin-1" )
return;
if ( ++i >= 6 )
return;
# delete directly, without notifying anything.
NetControl::delete_rule(r$id, "testing");
NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
}