Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/awelzel/deprecate-broker-auto-publish'

Browse source 
* origin/topic/awelzel/deprecate-broker-auto-publish:
  sumstats: Remove copy() for Broker::publish() calls
  broker/Publish: Use event time instead of network time
  broker/Eventhandler: Deprecate Broker::auto_publish() for v8.1
  btest: Remove Broker::auto_publish() usages
  frameworks/control: Remove Broker::auto_publish()
  catch-and-release: Remove Broker::auto_publish()
  ssl/validate-certs: Remove Broker::auto_publish()
  sumstats: Remove Broker::auto_publish()
  cluster_started: No Broker::auto_publish() use
  openflow: Remove Broker::auto_publish()
  dhcp: Remove Broker::auto_publish()
  frameworks/notice: Remove Broker::auto_publish()
  netcontrol: Replace Broker::auto_publish()
  intel: Switch to Cluster::publish()
  broker: Support publish() of unspecified set() / table()
  types: Fix table() resulting in table_type->IsSet() == true
This commit is contained in:
Arne Welzel 2024-11-14 14:15:24 +01:00
commit 18bfdb8a2b
47 changed files with 705 additions and 279 deletions
Download patch file Download diff file Expand all files Collapse all files

12
scripts/policy/frameworks/cluster/experimental.zeek
View file

@ -48,11 +48,6 @@ global is_cluster_started = F;
@load ./nodes-experimental/manager
@endif
event zeek_init() &priority=4
{
Broker::auto_publish(Cluster::manager_topic, Cluster::Experimental::node_fully_connected);
}
hook Cluster::connect_node_hook(connectee: Cluster::NamedNode)
{
add connectees_pending[connectee$name];
@ -71,8 +66,11 @@ event Cluster::node_up(name: string, id: string) &priority=-10
# pending connectee is left.
delete connectees_pending[name];
if ( |connectees_pending| == 0 )
event Cluster::Experimental::node_fully_connected(Cluster::node, Broker::node_id(),
is_cluster_started);
{
event node_fully_connected(Cluster::node, Broker::node_id(), is_cluster_started);
Broker::publish(Cluster::manager_topic, node_fully_connected,
Cluster::node, Broker::node_id(), is_cluster_started);
}
}
event Cluster::Experimental::node_fully_connected(name: string, id: string, resending: bool)

25
scripts/policy/frameworks/control/controllee.zeek
View file

@ -15,16 +15,6 @@ module Control;
event zeek_init() &priority=-10
{
Broker::subscribe(Control::topic_prefix + "/" + Broker::node_id());
Broker::auto_publish(Control::topic_prefix + "/id_value_response",
Control::id_value_response);
Broker::auto_publish(Control::topic_prefix + "/peer_status_response",
Control::peer_status_response);
Broker::auto_publish(Control::topic_prefix + "/net_stats_response",
Control::net_stats_response);
Broker::auto_publish(Control::topic_prefix + "/configuration_update_response",
Control::configuration_update_response);
Broker::auto_publish(Control::topic_prefix + "/shutdown_response",
Control::shutdown_response);
if ( Control::controllee_listen )
Broker::listen();
@ -33,7 +23,8 @@ event zeek_init() &priority=-10
event Control::id_value_request(id: string)
{
local val = lookup_ID(id);
event Control::id_value_response(id, fmt("%s", val));
local reply_topic = Control::topic_prefix + "/id_value_response";
Broker::publish(reply_topic, Control::id_value_response, id, fmt("%s", val));
}
event Control::peer_status_request()
@ -53,7 +44,8 @@ event Control::peer_status_request()
bpeer$status);
}
event Control::peer_status_response(status);
local topic = Control::topic_prefix + "/peer_status_response";
Broker::publish(topic, Control::peer_status_response, status);
}
event Control::net_stats_request()
@ -61,7 +53,8 @@ event Control::net_stats_request()
local ns = get_net_stats();
local reply = fmt("%.6f recvd=%d dropped=%d link=%d\n", network_time(),
ns$pkts_recvd, ns$pkts_dropped, ns$pkts_link);
event Control::net_stats_response(reply);
local topic = Control::topic_prefix + "/net_stats_response";
Broker::publish(topic, Control::net_stats_response, reply);
}
event Control::configuration_update_request()
@ -73,13 +66,15 @@ event Control::configuration_update_request()
# the configuration is going to be updated. This event could be handled
# by other scripts if they need to do some ancillary processing if
# redef-able consts are modified at runtime.
event Control::configuration_update_response();
local topic = Control::topic_prefix + "/configuration_update_response";
Broker::publish(topic, Control::configuration_update_response);
}
event Control::shutdown_request()
{
# Send the acknowledgement event.
event Control::shutdown_response();
local topic = Control::topic_prefix + "/shutdown_response";
Broker::publish(topic, Control::shutdown_response);
# Schedule the shutdown to let the current event queue flush itself first.
schedule 1sec { terminate_event() };
}

49
scripts/policy/frameworks/netcontrol/catch-and-release.zeek
View file

@ -226,26 +226,6 @@ global blocks: table[addr] of BlockInfo = {}
&create_expire=0secs
&expire_func=per_block_interval;
@if ( Cluster::is_enabled() )
@if ( Cluster::local_node_type() == Cluster::MANAGER )
event zeek_init()
{
Broker::auto_publish(Cluster::worker_topic, NetControl::catch_release_block_new);
Broker::auto_publish(Cluster::worker_topic, NetControl::catch_release_block_delete);
}
@else
event zeek_init()
{
Broker::auto_publish(Cluster::manager_topic, NetControl::catch_release_add);
Broker::auto_publish(Cluster::manager_topic, NetControl::catch_release_delete);
Broker::auto_publish(Cluster::manager_topic, NetControl::catch_release_encountered);
}
@endif
@endif
function cr_check_rule(r: Rule): bool &is_used
{
if ( r$ty == DROP && r$entity$ty == ADDRESS )
@ -397,14 +377,18 @@ function drop_address_catch_release(a: addr, location: string &default=""): Bloc
log$message = "Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.";
Log::write(CATCH_RELEASE, log);
blocks[a] = bi;
event NetControl::catch_release_block_new(a, bi);
@if ( Cluster::is_enabled() )
Broker::publish(Cluster::worker_topic, NetControl::catch_release_block_new, a, bi);
@endif
@endif
@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
event NetControl::catch_release_add(a, location);
Broker::publish(Cluster::manager_topic, NetControl::catch_release_add, a, location);
@endif
return bi;
}
# No entry in blocks.
local block_interval = catch_release_intervals[0];
@if ( ! Cluster::is_enabled() || ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) )
@ -416,8 +400,9 @@ function drop_address_catch_release(a: addr, location: string &default=""): Bloc
if ( location != "" )
bi$location = location;
blocks[a] = bi;
event NetControl::catch_release_block_new(a, bi);
blocks[a] = bi;
@if ( Cluster::is_enabled() )
Broker::publish(Cluster::worker_topic, NetControl::catch_release_block_new, a, bi);
@endif
log = populate_log_record(a, bi, DROP_REQUESTED);
Log::write(CATCH_RELEASE, log);
return bi;
@ -428,7 +413,7 @@ function drop_address_catch_release(a: addr, location: string &default=""): Bloc
@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
bi = BlockInfo($watch_until=network_time()+catch_release_intervals[1], $block_until=network_time()+block_interval, $current_interval=0, $current_block_id="");
event NetControl::catch_release_add(a, location);
Broker::publish(Cluster::manager_topic, NetControl::catch_release_add, a, location);
return bi;
@endif
@ -450,10 +435,10 @@ function unblock_address_catch_release(a: addr, reason: string &default=""): boo
remove_rule(bi$current_block_id, reason);
@endif
@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
event NetControl::catch_release_block_delete(a);
Broker::publish(Cluster::worker_topic, NetControl::catch_release_block_delete, a);
@endif
@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
event NetControl::catch_release_delete(a, reason);
Broker::publish(Cluster::manager_topic, NetControl::catch_release_delete, a, reason);
@endif
return T;
@ -509,14 +494,14 @@ function catch_release_seen(a: addr)
Log::write(CATCH_RELEASE, log);
@endif
@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
event NetControl::catch_release_block_new(a, bi);
Broker::publish(Cluster::worker_topic, NetControl::catch_release_block_new, a, bi);
@endif
@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
if ( a in catch_release_recently_notified )
return;
if ( a in catch_release_recently_notified )
return;
event NetControl::catch_release_encountered(a);
add catch_release_recently_notified[a];
Broker::publish(Cluster::manager_topic, NetControl::catch_release_encountered, a);
add catch_release_recently_notified[a];
@endif
return;

16
scripts/policy/protocols/ssl/validate-certs.zeek
View file

@ -61,39 +61,27 @@ export {
global intermediate_cache: table[string] of vector of opaque of x509;
@if ( Cluster::is_enabled() )
event zeek_init()
{
Broker::auto_publish(Cluster::worker_topic, SSL::intermediate_add);
Broker::auto_publish(Cluster::manager_topic, SSL::new_intermediate);
}
@endif
function add_to_cache(key: string, value: vector of opaque of x509)
{
intermediate_cache[key] = value;
@if ( Cluster::is_enabled() )
event SSL::new_intermediate(key, value);
Broker::publish(Cluster::manager_topic, SSL::new_intermediate, key, value);
@endif
}
@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
event SSL::intermediate_add(key: string, value: vector of opaque of x509)
{
intermediate_cache[key] = value;
}
@endif
@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
event SSL::new_intermediate(key: string, value: vector of opaque of x509)
{
if ( key in intermediate_cache )
return;
intermediate_cache[key] = value;
event SSL::intermediate_add(key, value);
Broker::publish(Cluster::worker_topic, SSL::intermediate_add, key, value);
}
@endif
function cache_validate(chain: vector of opaque of x509): X509::Result
{