mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 04:28:20 +00:00
Make netcontrol cluster test stable.
It now consistently works for me.
This commit is contained in:
Johanna Amann
parent
8b7e8ecf15
commit
33c85895b8
4 changed files with 44 additions and 41 deletions
|
|
@ -3,21 +3,21 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path netcontrol
|
||||
#open 2016-08-05-17-46-57
|
||||
#open 2016-08-12-17-38-49
|
||||
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
|
||||
#types time string enum string enum string enum string string string string int interval string string
|
||||
1470419217.355712 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All
|
||||
1470419217.355712 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All
|
||||
1470419217.355712 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
|
||||
1470419220.470685 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All
|
||||
1470419220.470685 worker-1:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All
|
||||
1470419220.470685 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All
|
||||
1470419220.470685 worker-1:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All
|
||||
1470419220.570873 worker-1:2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All
|
||||
1470419220.570873 worker-1:2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All
|
||||
1470419220.572465 worker-1:2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All
|
||||
1470419221.963109 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - reason here 0 600.000000 - Debug-All
|
||||
1470419221.963109 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All
|
||||
1470419221.963109 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All
|
||||
1470419221.963109 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All
|
||||
#close 2016-08-05-17-47-02
|
||||
1471023529.752740 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All
|
||||
1471023529.752740 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All
|
||||
1471023529.752740 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
|
||||
1471023532.819263 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 connection drop worker-1 Debug-All
|
||||
1471023532.819263 worker-1:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 direct drop worker-1 Debug-All
|
||||
1471023532.819263 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 connection drop worker-1 Debug-All
|
||||
1471023532.819263 worker-1:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 direct drop worker-1 Debug-All
|
||||
1471023532.920126 worker-1:2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 direct drop worker-1 Debug-All
|
||||
1471023532.920126 worker-1:2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 direct drop worker-1 Debug-All
|
||||
1471023532.921768 worker-1:2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 direct drop worker-1 Debug-All
|
||||
1471023534.308087 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - worker-2 0 600.000000 connection drop worker-1 Debug-All
|
||||
1471023534.308087 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 connection drop worker-1 Debug-All
|
||||
1471023534.308087 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: direct cr worker-1 Debug-All
|
||||
1471023534.308087 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: direct cr worker-1 Debug-All
|
||||
#close 2016-08-12-17-38-54
|
||||
|
|
|
|||
|
|
@ -3,16 +3,16 @@
|
|||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path netcontrol_catch_release
|
||||
#open 2016-08-05-17-47-19
|
||||
#open 2016-08-12-17-38-52
|
||||
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message
|
||||
#types time string addr enum interval interval time time count string string
|
||||
1470419239.093089 2 192.168.18.50 NetControl::DROP 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - -
|
||||
1470419239.093089 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - -
|
||||
1470419239.093089 worker-1:2 8.8.8.8 NetControl::ADDED 600.000000 3600.000000 - 1470422839.093089 1 - Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.
|
||||
1470419239.193930 worker-1:2 8.8.8.8 NetControl::UNBLOCK 600.000000 3600.000000 - 1470422839.093089 1 - -
|
||||
1470419240.599721 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - Block seen while in rule_entities. No action taken.
|
||||
1470419240.599721 2 192.168.18.50 NetControl::UNBLOCK 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - reason here
|
||||
1470419240.599721 4 8.8.8.8 NetControl::SEEN_AGAIN 3600.000000 86400.000000 1470422840.599721 1470505640.599721 2 - -
|
||||
1470419240.599721 4 8.8.8.8 NetControl::DROPPED 3600.000000 86400.000000 1470422840.599721 1470505640.599721 2 - -
|
||||
1470419238.504810 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - Already blocked using catch-and-release - ignoring duplicate
|
||||
#close 2016-08-05-17-47-20
|
||||
1471023532.819263 2 192.168.18.50 NetControl::DROP 600.000000 3600.000000 1471024132.819263 1471027132.819263 1 connection drop worker-1 -
|
||||
1471023532.819263 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 1471024132.819263 1471027132.819263 1 connection drop worker-1 -
|
||||
1471023532.819263 worker-1:2 8.8.8.8 NetControl::ADDED 600.000000 3600.000000 - 1471027132.819263 1 direct cr worker-1 Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.
|
||||
1471023532.920126 worker-1:2 8.8.8.8 NetControl::UNBLOCK 600.000000 3600.000000 - 1471027132.819263 1 direct cr worker-1 -
|
||||
1471023534.308087 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1471024132.819263 1471027132.819263 1 connection drop worker-1 Block seen while in rule_entities. No action taken.
|
||||
1471023534.308087 2 192.168.18.50 NetControl::UNBLOCK 600.000000 3600.000000 1471024132.819263 1471027132.819263 1 connection drop worker-1 worker-2
|
||||
1471023534.308087 4 8.8.8.8 NetControl::SEEN_AGAIN 3600.000000 86400.000000 1471027134.308087 1471109934.308087 2 direct cr worker-1 -
|
||||
1471023534.308087 4 8.8.8.8 NetControl::DROPPED 3600.000000 86400.000000 1471027134.308087 1471109934.308087 2 direct cr worker-1 -
|
||||
1471023532.239980 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1471024132.819263 1471027132.819263 1 connection drop worker-1 Already blocked using catch-and-release - ignoring duplicate
|
||||
#close 2016-08-12-17-38-54
|
||||
|
|
|
|||
|
|
@ -1,8 +1,9 @@
|
|||
Suspend, worker-2
|
||||
New block, 192.168.18.50, [block_until=1468427134.768038, watch_until=1468430134.768038, num_reblocked=0, current_interval=0, current_block_id=2, location=<uninitialized>]
|
||||
New block, 8.8.8.8, [block_until=<uninitialized>, watch_until=1468430134.768038, num_reblocked=0, current_interval=0, current_block_id=worker-1:2, location=<uninitialized>]
|
||||
New block, 192.168.18.50, [block_until=1471027194.791177, watch_until=1471030194.791177, num_reblocked=0, current_interval=0, current_block_id=2, location=connection drop worker-1]
|
||||
New block, 8.8.8.8, [block_until=<uninitialized>, watch_until=1471030194.791177, num_reblocked=0, current_interval=0, current_block_id=worker-1:2, location=direct cr worker-1]
|
||||
Resume, worker-2
|
||||
Connection established
|
||||
Info, [block_until=1468427134.768038, watch_until=1468430134.768038, num_reblocked=0, current_interval=0, current_block_id=2, location=<uninitialized>]
|
||||
Info, [block_until=1471027194.791177, watch_until=1471030194.791177, num_reblocked=0, current_interval=0, current_block_id=2, location=connection drop worker-1]
|
||||
Delete block, 192.168.18.50
|
||||
New block, 8.8.8.8, [block_until=1468430136.256898, watch_until=1468512936.256898, num_reblocked=1, current_interval=1, current_block_id=4, location=<uninitialized>]
|
||||
New block, 8.8.8.8, [block_until=1471030196.295249, watch_until=1471112996.295249, num_reblocked=1, current_interval=1, current_block_id=4, location=direct cr worker-1]
|
||||
remote connection closed
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
# @TEST-EXEC: sleep 1
|
||||
# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
|
||||
# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
|
||||
# @TEST-EXEC: btest-bg-wait 15
|
||||
# @TEST-EXEC: btest-bg-wait 20
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff manager-1/netcontrol.log
|
||||
# @TEST-EXEC: btest-diff manager-1/netcontrol_catch_release.log
|
||||
# @TEST-EXEC: btest-diff worker-2/.stdout
|
||||
|
|
@ -17,6 +17,8 @@ redef Cluster::nodes = {
|
|||
};
|
||||
@TEST-END-FILE
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
|
||||
redef Log::default_rotation_interval = 0secs;
|
||||
|
||||
@load base/frameworks/netcontrol
|
||||
|
|
@ -32,6 +34,7 @@ global peer_count = 0;
|
|||
event remote_connection_handshake_done(p: event_peer) &priority=-5
|
||||
{
|
||||
++peer_count;
|
||||
print "remote_connection_handshake_done", peer_count;
|
||||
if ( peer_count == 2 )
|
||||
{
|
||||
event ready_for_data_1();
|
||||
|
|
@ -48,6 +51,10 @@ event bro_init()
|
|||
suspend_processing();
|
||||
}
|
||||
|
||||
event remote_connection_closed(p: event_peer) {
|
||||
print "remote connection closed";
|
||||
terminate();
|
||||
}
|
||||
@endif
|
||||
|
||||
@if ( Cluster::node == "worker-1" )
|
||||
|
|
@ -80,18 +87,18 @@ event connection_established(c: connection)
|
|||
local id = c$id;
|
||||
local info = NetControl::get_catch_release_info(id$orig_h);
|
||||
print "Info", info;
|
||||
NetControl::drop_address_catch_release(id$orig_h);
|
||||
NetControl::drop_address_catch_release(id$orig_h, cat("connection drop ", Cluster::node));
|
||||
if ( info$current_block_id != "" )
|
||||
{
|
||||
NetControl::unblock_address_catch_release(id$orig_h, "reason here");
|
||||
NetControl::unblock_address_catch_release(id$orig_h, Cluster::node);
|
||||
}
|
||||
}
|
||||
|
||||
@if ( Cluster::node == "worker-1" )
|
||||
event connection_established(c: connection)
|
||||
{
|
||||
NetControl::drop_address(8.8.8.8, 0.1secs);
|
||||
NetControl::drop_address_catch_release(8.8.8.8);
|
||||
NetControl::drop_address(8.8.8.8, 0.1secs, cat("direct drop ", Cluster::node));
|
||||
NetControl::drop_address_catch_release(8.8.8.8, cat("direct cr ", Cluster::node));
|
||||
}
|
||||
@endif
|
||||
|
||||
|
|
@ -113,14 +120,9 @@ event NetControl::catch_release_block_delete(a: addr)
|
|||
}
|
||||
|
||||
event terminate_me() {
|
||||
print "Terminate";
|
||||
terminate();
|
||||
}
|
||||
|
||||
event remote_connection_closed(p: event_peer) {
|
||||
schedule 1sec { terminate_me() };
|
||||
}
|
||||
|
||||
@if ( Cluster::local_node_type() == Cluster::MANAGER )
|
||||
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue