From 53d9832d5adb526bf80f1d225a13941c7d05bdb2 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 4 Oct 2012 16:32:34 -0500 Subject: [PATCH] Fix a problem with non-manager cluster nodes applying Notice::policy. This could, for example, result in duplicate emails being sent (one from manager and one from worker) if Notice::emailed_types is redef'd in local.bro (or any script that gets loaded on all cluster nodes). The problem was that Notice::policy is used to populate the internal Notice::ordered_policy vector in a priority 10 bro_init handler (in scripts/base/frameworks/notice/main.bro) and then that is what is used when applying policy to notices. In order for scripts/base/frameworks/notice/cluster.bro to prevent Notice::policy from being used on non-manager nodes, it needs to clear it in a bro_init hander of higher priority than 10. --- scripts/base/frameworks/notice/cluster.bro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/base/frameworks/notice/cluster.bro b/scripts/base/frameworks/notice/cluster.bro index 087c3ead51..3ee113acf3 100644 --- a/scripts/base/frameworks/notice/cluster.bro +++ b/scripts/base/frameworks/notice/cluster.bro @@ -23,7 +23,7 @@ redef Cluster::worker2manager_events += /Notice::cluster_notice/; @if ( Cluster::local_node_type() != Cluster::MANAGER ) # The notice policy is completely handled by the manager and shouldn't be # done by workers or proxies to save time for packet processing. -event bro_init() &priority=-11 +event bro_init() &priority=11 { Notice::policy = table(); }