NetControl: add rule exists as state besides added and failure.

Rules that are already existing will, by default, not automatically be
timed out by NetControl.

scripts/base/frameworks/netcontrol/cluster.bro

@@ -11,13 +11,15 @@ export {
 
 	## This is the event used to transport remove_rule calls to the manager.
 	global cluster_netcontrol_remove_rule: event(id: string);
+
+	## This is the event used to transport delete_rule calls to the manager.
+	global cluster_netcontrol_delete_rule: event(id: string);
 }
 
 ## Workers need ability to forward commands to manager.
-redef Cluster::worker2manager_events += /NetControl::cluster_netcontrol_(add|remove)_rule/;
+redef Cluster::worker2manager_events += /NetControl::cluster_netcontrol_(add|remove|delete)_rule/;
 ## Workers need to see the result events from the manager.
-redef Cluster::manager2worker_events += /NetControl::rule_(added|removed|timeout|error)/;
+redef Cluster::manager2worker_events += /NetControl::rule_(added|removed|timeout|error|exists)/;
-
 
 function activate(p: PluginState, priority: int)
 	{
@@ -44,6 +46,17 @@ function add_rule(r: Rule) : string
 		}
 	}
 
+function delete_rule(id: string) : bool
+	{
+	if ( Cluster::local_node_type() == Cluster::MANAGER )
+		return delete_rule_impl(id);
+	else
+		{
+		event NetControl::cluster_netcontrol_delete_rule(id);
+		return T; # well, we can't know here. So - just hope...
+		}
+	}
+
 function remove_rule(id: string) : bool
 	{
 	if ( Cluster::local_node_type() == Cluster::MANAGER )
@@ -56,6 +69,11 @@ function remove_rule(id: string) : bool
 	}
 
 @if ( Cluster::local_node_type() == Cluster::MANAGER )
+event NetControl::cluster_netcontrol_delete_rule(id: string)
+	{
+	delete_rule_impl(id);
+	}
+
 event NetControl::cluster_netcontrol_add_rule(r: Rule)
 	{
 	add_rule_impl(r);
@@ -73,9 +91,17 @@ event rule_expire(r: Rule, p: PluginState) &priority=-5
 	rule_expire_impl(r, p);
 	}
 
+event rule_exists(r: Rule, p: PluginState, msg: string &default="") &priority=5
+	{
+	rule_added_impl(r, p, T, msg);
+
+	if ( r?$expire && r$expire > 0secs && ! p$plugin$can_expire )
+		schedule r$expire { rule_expire(r, p) };
+	}
+
 event rule_added(r: Rule, p: PluginState, msg: string &default="") &priority=5
 	{
-	rule_added_impl(r, p, msg);
+	rule_added_impl(r, p, F, msg);
 
 	if ( r?$expire && r$expire > 0secs && ! p$plugin$can_expire )
 		schedule r$expire { rule_expire(r, p) };

scripts/base/frameworks/netcontrol/main.bro

@@ -126,6 +126,17 @@ export {
 	## asynchronously and thus go wrong at that point.
 	global remove_rule: function(id: string) : bool;
 
+	## Deletes a rule without removing in from the backends to which it has been
+	## added before. This mean that no messages will be sent to the switches to which
+	## the rule has been added; if it is not removed from them by a separate mechanism,
+	## it will stay installed and not be removed later.
+	##
+	## id: The rule to delete, specified as the ID returned by :bro:id:`add_rule` .
+	##
+	## Returns: True if removal is successful, or sent to manager. 
+	## False if the rule could not be found.
+	global delete_rule: function(id: string) : bool;
+
 	## Searches all rules affecting a certain IP address.
 	##
 	## ip: The ip address to search for
@@ -151,6 +162,19 @@ export {
 	## msg: An optional informational message by the plugin.
 	global rule_added: event(r: Rule, p: PluginState, msg: string &default="");
 
+	## Signals that a rule that was supposed to be put in place was already
+	## existing at the specified plugin. Rules that already have been existing
+	## continue to be tracked like normal, but no timeout calls will be sent
+	## to the specified plugins. Removal of the rule from the hardware can
+	## still be forced by manually issuing a remove_rule call.
+	##
+	## r: The rule that was already in place.
+	##
+	## p: The plugin that reported that the rule already was in place.
+	##
+	## msg: An optional informational message by the plugin.
+	global rule_exists: event(r: Rule, p: PluginState, msg: string &default="");
+
 	## Reports that a rule was removed due to a remove: function() call.
 	##
 	## r: The rule now removed.
@@ -211,6 +235,7 @@ export {
 	type InfoState: enum {
 		REQUESTED,
 		SUCCEEDED,
+		EXISTS,
 		FAILED,
 		REMOVED,
 		TIMEOUT,
@@ -260,6 +285,8 @@ redef record Rule += {
 	_plugin_ids: set[count] &default=count_set();
 	##< Internally set to the plugins on which the rule is currently active.
 	_active_plugin_ids: set[count] &default=count_set();
+	##< Internally set to plugins where the rule should not be removed upon timeout.
+	_no_expire_plugins: set[count] &default=count_set();
 	##< Track if the rule was added succesfully by all responsible plugins.
 	_added: bool &default=F;
 };
@@ -736,6 +763,29 @@ function add_rule_impl(rule: Rule) : string
 	return "";
 	}
 
+function rule_cleanup(r: Rule)
+	{
+	if ( |r$_active_plugin_ids| > 0 )
+		return;
+
+	remove_subnet_entry(r);
+
+	delete rule_entities[r$entity, r$ty];
+	delete rules[r$id];
+	}
+
+function delete_rule_impl(id: string): bool
+	{
+	if ( id !in rules )
+		return F;
+
+	local rule = rules[id];
+
+	rule$_active_plugin_ids = set();
+
+	rule_cleanup(rule);
+	}
+
 function remove_rule_plugin(r: Rule, p: PluginState): bool
 	{
 	local success = T;
@@ -784,10 +834,21 @@ function rule_expire_impl(r: Rule, p: PluginState) &priority=-5
 		# Removed already.
 		return;
 
-	event NetControl::rule_timeout(r, FlowInfo(), p); # timeout implementation will handle the removal
+	local rule = rules[r$id];
+
+	if ( p$_id in rule$_no_expire_plugins )
+		{
+		# in this case - don't log anything, just remove the plugin from the rule
+		# and cleaup
+		delete rule$_active_plugin_ids[p$_id];
+		delete rule$_no_expire_plugins[p$_id];
+		rule_cleanup(rule);
+		}
+	else
+		event NetControl::rule_timeout(r, FlowInfo(), p); # timeout implementation will handle the removal
 	}
 
-function rule_added_impl(r: Rule, p: PluginState, msg: string &default="")
+function rule_added_impl(r: Rule, p: PluginState, exists: bool, msg: string &default="")
 	{
 	if ( r$id !in rules )
 		{
@@ -803,7 +864,15 @@ function rule_added_impl(r: Rule, p: PluginState, msg: string &default="")
 		return;
 		}
 
-	log_rule(r, "ADD", SUCCEEDED, p, msg);
+	# The rule was already existing on the backend. Mark this so we don't timeout
+	# it on this backend.
+	if ( exists )
+		{
+		add rule$_no_expire_plugins[p$_id];
+		log_rule(r, "ADD", EXISTS, p, msg);
+		}
+	else
+		log_rule(r, "ADD", SUCCEEDED, p, msg);
 
 	add rule$_active_plugin_ids[p$_id];
 	if ( |rule$_plugin_ids| == |rule$_active_plugin_ids| )
@@ -813,17 +882,6 @@ function rule_added_impl(r: Rule, p: PluginState, msg: string &default="")
 		}
 	}
 
-function rule_cleanup(r: Rule)
-	{
-	if ( |r$_active_plugin_ids| > 0 )
-		return;
-
-	remove_subnet_entry(r);
-
-	delete rule_entities[r$entity, r$ty];
-	delete rules[r$id];
-	}
-
 function rule_removed_impl(r: Rule, p: PluginState, msg: string &default="")
 	{
 	if ( r$id !in rules )

scripts/base/frameworks/netcontrol/non-cluster.bro

@@ -12,6 +12,11 @@ function add_rule(r: Rule) : string
 	return add_rule_impl(r);
 	}
 
+function delete_rule(id: string) : bool
+	{
+	return delete_rule_impl(id);
+	}
+
 function remove_rule(id: string) : bool
 	{
 	return remove_rule_impl(id);
@@ -22,9 +27,17 @@ event rule_expire(r: Rule, p: PluginState) &priority=-5
 	rule_expire_impl(r, p);
 	}
 
+event rule_exists(r: Rule, p: PluginState, msg: string &default="") &priority=5
+	{
+	rule_added_impl(r, p, T, msg);
+
+	if ( r?$expire && r$expire > 0secs && ! p$plugin$can_expire )
+		schedule r$expire { rule_expire(r, p) };
+	}
+
 event rule_added(r: Rule, p: PluginState, msg: string &default="") &priority=5
 	{
-	rule_added_impl(r, p, msg);
+	rule_added_impl(r, p, F, msg);
 
 	if ( r?$expire && r$expire > 0secs && ! p$plugin$can_expire )
 		schedule r$expire { rule_expire(r, p) };

scripts/base/frameworks/netcontrol/plugins/acld.bro

@@ -64,6 +64,7 @@ export {
 	## Events that are sent from Broker to us
 	global acld_rule_added: event(id: count, r: Rule, msg: string);
 	global acld_rule_removed: event(id: count, r: Rule, msg: string);
+	global acld_rule_exists: event(id: count, r: Rule, msg: string);
 	global acld_rule_error: event(id: count, r: Rule, msg: string);
 }
 
@@ -98,6 +99,19 @@ event NetControl::acld_rule_added(id: count, r: Rule, msg: string)
 	event NetControl::rule_added(r, p, msg);
 	}
 
+event NetControl::acld_rule_exists(id: count, r: Rule, msg: string)
+	{
+	if ( id !in netcontrol_acld_id )
+		{
+		Reporter::error(fmt("NetControl acld plugin with id %d not found, aborting", id));
+		return;
+		}
+
+	local p = netcontrol_acld_id[id];
+
+	event NetControl::rule_exists(r, p, msg);
+	}
+
 event NetControl::acld_rule_removed(id: count, r: Rule, msg: string)
 	{
 	if ( id !in netcontrol_acld_id )

scripts/base/frameworks/netcontrol/plugins/broker.bro

@@ -46,6 +46,7 @@ export {
 
 	global broker_rule_added: event(id: count, r: Rule, msg: string);
 	global broker_rule_removed: event(id: count, r: Rule, msg: string);
+	global broker_rule_exists: event(id: count, r: Rule, msg: string);
 	global broker_rule_error: event(id: count, r: Rule, msg: string);
 	global broker_rule_timeout: event(id: count, r: Rule, i: FlowInfo);
 }
@@ -68,6 +69,19 @@ event NetControl::broker_rule_added(id: count, r: Rule, msg: string)
 	event NetControl::rule_added(r, p, msg);
 	}
 
+event NetControl::broker_rule_exists(id: count, r: Rule, msg: string)
+	{
+	if ( id !in netcontrol_broker_id )
+		{
+		Reporter::error(fmt("NetControl broker plugin with id %d not found, aborting", id));
+		return;
+		}
+
+	local p = netcontrol_broker_id[id];
+
+	event NetControl::rule_exists(r, p, msg);
+	}
+
 event NetControl::broker_rule_removed(id: count, r: Rule, msg: string)
 	{
 	if ( id !in netcontrol_broker_id )

testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/send.netcontrol.log

@@ -0,0 +1,25 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-24-22-04-41
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Acld-bro/event/netcontroltest
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	waiting for plugins to initialize	-	-	-	-
+1458857080.863419	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Acld-bro/event/netcontroltest
+1458857080.863419	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1458857080.887618	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->74.125.239.97/32/*	-	-	0	36000.000000	here	Acld-bro/event/netcontroltest
+1458857080.887618	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	*/*->*/443	-	-	0	36000.000000	there	Acld-bro/event/netcontroltest
+1458857080.887618	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	36000.000000	-	Acld-bro/event/netcontroltest
+1458857080.888169	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->74.125.239.97/32/*	-	blockhosthost	0	36000.000000	here	Acld-bro/event/netcontroltest
+1458857080.888169	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->74.125.239.97/32/*	-	-	0	36000.000000	here	Acld-bro/event/netcontroltest
+1458857080.888169	3	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	*/*->*/443	-	droptcpport	0	36000.000000	there	Acld-bro/event/netcontroltest
+1458857080.888169	3	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	*/*->*/443	-	-	0	36000.000000	there	Acld-bro/event/netcontroltest
+1458857080.888169	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	drop	0	36000.000000	-	Acld-bro/event/netcontroltest
+1458857080.888169	4	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	36000.000000	-	Acld-bro/event/netcontroltest
+1458857080.888169	2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->74.125.239.97/32/*	-	restorehosthost	0	36000.000000	here	Acld-bro/event/netcontroltest
+1458857080.888169	3	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	*/*->*/443	-	restoretcpport	0	36000.000000	there	Acld-bro/event/netcontroltest
+1458857080.888169	4	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	restore	0	36000.000000	-	Acld-bro/event/netcontroltest
+#close	2016-03-24-22-04-41

testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/send.send.out

@@ -1,6 +1,6 @@
 BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
 rule added, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
-rule added, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule exists, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
 rule added, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], NetControl::DROP
 rule removed, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
 rule removed, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP

testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/.stdout

@@ -1,11 +1,11 @@
 netcontrol debug (Debug-All): init
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=30.0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=30.0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=1.1.2.2/32, mac=<uninitialized>], expire=15.0 secs, priority=0, location=Hi there, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=1.1.2.2/32, mac=<uninitialized>], expire=15.0 secs, priority=0, location=Hi there, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=1.2.3.4/32, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=1.2.3.4/32, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=30.0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=30.0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=6, cid=6, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=6, cid=6, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=8.8.8.8/32, dst_p=53/udp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=127.0.0.3, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>, redirect_port=<uninitialized>], id=7, cid=7, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=8.8.8.8/32, dst_p=53/udp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=127.0.0.3, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>, redirect_port=<uninitialized>], id=7, cid=7, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=8.8.8.8/32, src_p=53/udp, dst_h=127.0.0.2/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=[src_h=8.8.8.8, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>, redirect_port=<uninitialized>], id=8, cid=8, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=8.8.8.8/32, src_p=53/udp, dst_h=127.0.0.2/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=[src_h=8.8.8.8, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>, redirect_port=<uninitialized>], id=8, cid=8, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=127.0.0.3/32, dst_p=80/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=9, cid=9, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=127.0.0.3/32, dst_p=80/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=9, cid=9, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::MAC, conn=<uninitialized>, flow=<uninitialized>, ip=<uninitialized>, mac=FF:FF:FF:FF:FF:FF], expire=15.0 secs, priority=0, location=<uninitialized>, out_port=<uninitialized>, mod=<uninitialized>, id=10, cid=10, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::MAC, conn=<uninitialized>, flow=<uninitialized>, ip=<uninitialized>, mac=FF:FF:FF:FF:FF:FF], expire=15.0 secs, priority=0, location=<uninitialized>, out_port=<uninitialized>, mod=<uninitialized>, id=10, cid=10, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=FF:FF:FF:FF:FF:FF, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=0, location=<uninitialized>, out_port=<uninitialized>, mod=<uninitialized>, id=11, cid=11, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=FF:FF:FF:FF:FF:FF, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=0, location=<uninitialized>, out_port=<uninitialized>, mod=<uninitialized>, id=11, cid=11, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]

testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out

@@ -1,5 +1,4 @@
 BrokerComm::incoming_connection_established
 add_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
 add_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP
-remove_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
 remove_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP

testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.netcontrol.log

@@ -3,21 +3,18 @@
 #empty_field	(empty)
 #unset_field	-
 #path	netcontrol
-#open	2016-03-08-22-15-15
+#open	2016-03-24-22-00-58
 #fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
 #types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Broker-bro/event/netcontroltest
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	waiting for plugins to initialize	-	-	-	-
-1457475314.791475	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Broker-bro/event/netcontroltest
+1458856858.169980	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Broker-bro/event/netcontroltest
-1457475314.791475	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1458856858.169980	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
-1457475315.175411	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1458856858.553916	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1457475315.175411	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1458856858.553916	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1457475315.175443	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1458856858.553948	2	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1457475315.175443	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1458856858.553948	2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1457475315.175443	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1458856858.553948	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1457475315.175443	3	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1458856858.553948	3	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1457475315.175443	2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1458856858.553948	3	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1457475315.175443	2	NetControl::ERROR	-	-	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	Removal of non-existing rule	0	36000.000000	-	Broker-bro/event/netcontroltest
+#close	2016-03-24-22-00-59
-1457475315.175443	3	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1457475315.175443	3	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	Removal of non-existing rule	0	36000.000000	-	Broker-bro/event/netcontroltest
-#close	2016-03-08-22-15-15

testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.send.out

@@ -1,7 +1,5 @@
 BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
-rule added, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule exists, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
-rule added, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP
 rule timeout, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP, [duration=<uninitialized>, packet_count=<uninitialized>, byte_count=<uninitialized>]
-rule removed, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule added, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP
-rule timeout, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP, [duration=<uninitialized>, packet_count=<uninitialized>, byte_count=<uninitialized>]
 rule removed, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP

testing/btest/Baseline/scripts.base.frameworks.netcontrol.delete-internal-state/.stdout

@@ -1,12 +1,12 @@
 netcontrol debug (Debug-All): init
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
-netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
-netcontrol debug (Debug-All): remove_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
-netcontrol debug (Debug-All): remove_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
 Dumping state
 {
 

testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/netcontrol.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	netcontrol
-#open	2016-03-09-23-40-32
+#open	2016-03-18-21-54-39
 #fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
 #types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 10	-	-	-	Debug-All
@@ -13,7 +13,6 @@
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
-0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
 1398529018.678276	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	0.000000	-	Debug-All
 1398529018.678276	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	0.000000	-	Openflow-Log-42
 1398529018.678276	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	0.000000	-	Debug-All
@@ -46,4 +45,4 @@
 1398529020.091883	3	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	0.000000	-	Openflow-Log-42
 1398529020.091883	4	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	5	0.000000	-	Openflow-Log-42
 1398529020.091883	5	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-> 5	-	0	0.000000	-	Openflow-Log-42
-#close	2016-03-09-23-40-32
+#close	2016-03-18-21-54-40

testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/netcontrol.log

@@ -3,13 +3,12 @@
 #empty_field	(empty)
 #unset_field	-
 #path	netcontrol
-#open	2016-03-09-23-28-53
+#open	2016-03-18-21-54-48
 #fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
 #types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Openflow-Log-42
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
-0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
 1254722767.875996	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	30.000000	-	Openflow-Log-42
 1254722767.875996	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	74.53.140.153/32	-	-	0	15.000000	-	Openflow-Log-42
 1254722767.875996	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	30.000000	-	Openflow-Log-42
@@ -22,4 +21,4 @@
 1437831799.610433	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	17.167.150.73/32	-	-	0	15.000000	-	Openflow-Log-42
 1437831799.610433	6	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.133.100/32/49655->17.167.150.73/32/443	-	-	0	30.000000	-	Openflow-Log-42
 1437831799.610433	7	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	17.167.150.73/32	-	-	0	15.000000	-	Openflow-Log-42
-#close	2016-03-09-23-28-53
+#close	2016-03-18-21-54-48

testing/btest/Baseline/scripts.base.frameworks.netcontrol.quarantine-openflow/netcontrol.log

@@ -3,13 +3,12 @@
 #empty_field	(empty)
 #unset_field	-
 #path	netcontrol
-#open	2016-03-08-22-48-10
+#open	2016-03-18-21-54-53
 #fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
 #types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Openflow-Log-42
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
-0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
 1398529018.678276	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->*/*	-	-	0	36000.000000	-	Openflow-Log-42
 1398529018.678276	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->8.8.8.8/32/53	Src: _/_ (_) Dst: 192.169.18.1/_ (_)	-	5	36000.000000	-	Openflow-Log-42
 1398529018.678276	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	8.8.8.8/32/53->192.168.18.50/32/*	Src: 8.8.8.8/_ (_) Dst: _/_ (_)	-	5	36000.000000	-	Openflow-Log-42
@@ -18,4 +17,4 @@
 1398529018.678276	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->8.8.8.8/32/53	Src: _/_ (_) Dst: 192.169.18.1/_ (_)	-	5	36000.000000	-	Openflow-Log-42
 1398529018.678276	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	8.8.8.8/32/53->192.168.18.50/32/*	Src: 8.8.8.8/_ (_) Dst: _/_ (_)	-	5	36000.000000	-	Openflow-Log-42
 1398529018.678276	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->192.169.18.1/32/80	-	-	5	36000.000000	-	Openflow-Log-42
-#close	2016-03-08-22-48-10
+#close	2016-03-18-21-54-53

testing/btest/scripts/base/frameworks/netcontrol/acld.bro

@@ -4,6 +4,7 @@
 # @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.bro broker_port=$BROKER_PORT >send.out"
 
 # @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff send/netcontrol.log
 # @TEST-EXEC: btest-diff recv/recv.out
 # @TEST-EXEC: btest-diff send/send.out
 
@@ -67,6 +68,12 @@ event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, ms
 	NetControl::remove_rule(r$id);
 	}
 
+event NetControl::rule_exists(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	print "rule exists", r$entity, r$ty;
+	NetControl::remove_rule(r$id);
+	}
+
 event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
 	{
 	print "rule removed", r$entity, r$ty;
@@ -98,7 +105,10 @@ event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::
 	{
 	print "add_rule", id, r$entity, r$ty, ar;
 
-	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_added, id, r, ar$command));
+	if ( r$cid != 3 )
+		BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_added, id, r, ar$command));
+	else
+		BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_exists, id, r, ar$command));
 	}
 
 event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)

testing/btest/scripts/base/frameworks/netcontrol/broker.bro

@@ -53,6 +53,11 @@ event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, ms
 	NetControl::remove_rule(r$id);
 	}
 
+event NetControl::rule_exists(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	print "rule exists", r$entity, r$ty;
+	}
+
 event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
 	{
 	print "rule removed", r$entity, r$ty;
@@ -89,14 +94,19 @@ event NetControl::broker_add_rule(id: count, r: NetControl::Rule)
 	{
 	print "add_rule", id, r$entity, r$ty;
 
-	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_added, id, r, ""));
+	if ( r$cid == 3 )
+		BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_added, id, r, ""));
+	if ( r$cid == 2 )
+		BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_exists, id, r, ""));
+
+	if ( r$cid == 2 )
+		BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo()));
 	}
 
 event NetControl::broker_remove_rule(id: count, r: NetControl::Rule)
 	{
 	print "remove_rule", id, r$entity, r$ty;
 
-	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo()));
 	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_removed, id, r, ""));
 
 	if ( r$cid == 3 )