Checkpoint for Bro side of broctl support.

policy/all.bro

@@ -19,3 +19,5 @@
 @load frameworks/cluster
 
 @load tuning/defaults
+
+@load support/loaded-scripts

policy/frameworks/cluster/base/__load__.bro

@@ -14,7 +14,6 @@
 
 @if ( Cluster::node in Cluster::nodes )
 
-@load frameworks/cluster/base/external-events
 @load frameworks/cluster/base/setup-connections
 
 # Don't start the listening process until we're a bit more sure that the

policy/frameworks/cluster/base/main.bro

@@ -28,7 +28,7 @@ export {
 	
 	## Events sent by the manager host (i.e. BroControl) when dynamically 
 	## connecting to a running instance to update settings or request data.
-	const control_events = /Cluster::(configuration_update|request_id|get_peer_status)/ &redef;
+	const control_events = /Remote::(configuration_update|id_request|net_stats_request|peer_status_request)/ &redef;
 	
 	## Directory where the cluster is archiving logs.
 	## TODO: we need a sane default here.

policy/frameworks/cluster/base/setup-connections.bro

@@ -1,7 +1,7 @@
 
 module Cluster;
 
-event bro_init() 
+event bro_init() &priority=9
 	{
 	local me = nodes[node];
 	
@@ -12,9 +12,14 @@ event bro_init()
 		# Connections from the control node for runtime control and update events.
 		# Every node in a cluster is eligible for control from this host.
 		if ( n$node_type == CONTROL )
-			Communication::nodes["control"] = [$host = n$ip, $connect=F,
+			Communication::nodes["control"] = [$host=n$ip, $connect=F,
 			                                   $class="control", $events=control_events];
 		
+		# The node being started up is this node so we create a dummy 
+		# communication entry to point at this host for control.
+		if ( i == node )
+			Communication::nodes[i] = [$host=n$ip, $p=n$p, $connect=F, $class="control", $sync=F];
+		
 		if ( me$node_type == MANAGER )
 			{
 			if ( n$node_type == WORKER && n$manager == node )

policy/frameworks/communication/base/main.bro

@@ -17,9 +17,9 @@ export {
 
 	type Info: record {
 		ts:           time   &log;
+		peer:         string &log &optional;
 		level:        string &log &optional;
 		src_name:     string &log &optional;
-		peer:         string &log &optional;
 		msg:          string &log;
 	};
 

policy/frameworks/communication/listen-clear.bro

@@ -13,7 +13,7 @@ export {
 	
 }
 
-event bro_init()
+event bro_init() &priority=-10
 	{
 	listen(listen_if_clear, listen_port_clear, F);
 	}

policy/frameworks/communication/listen-ssl.bro

@@ -14,7 +14,7 @@ export {
 	
 }
 
-event bro_init()
+event bro_init() &priority=-10
 	{
 	listen(listen_if_ssl, listen_port_ssl, T);
 	}

policy/support/loaded-scripts.bro

@@ -0,0 +1,20 @@
+module LoadedScripts;
+
+export {
+	redef enum Log::ID += { LOADED_SCRIPTS };
+	
+	type Info: record {
+		depth:  count  &log;
+		name:   string &log;
+	};
+}
+
+event bro_init()
+	{
+	Log::create_stream(LOADED_SCRIPTS, [$columns=Info]);
+	}
+
+event bro_script_loaded(path: string, level: count)
+	{
+	Log::write(LOADED_SCRIPTS, [$depth=level, $name=path]);
+	}

policy/support/remote/__load__.bro

@@ -0,0 +1 @@
+@load support/remote/events

policy/support/remote/analysis-groups.bro

@@ -0,0 +1,30 @@
+##! This script gives the capability to selectively enable and disable event 
+##! groups at runtime. No events will be raised for all memmbers of a disabled
+##! event group.
+
+@load support/remote
+
+module Remote;
+
+export {
+	# By default, all event groups are enabled. We disable all groups in this table.
+	const disabled_analysis_groups: set[string] &redef; # = { "ftp" }
+}
+
+# Set to remember all groups which were disabled by the last update().
+global currently_disabled: set[string];
+
+event configuration_update()
+	{
+	# Reenable those which are not to be disabled anymore.
+	for ( g in currently_disabled )
+		if ( g !in disabled_analysis_groups ) 
+			enable_event_group(g);
+	
+	# Disable those which are not already.
+	for ( g in disabled_analysis_groups )
+		if ( g !in currently_disabled )
+			disable_event_group(g);
+	
+	currently_disabled = copy(disabled_analysis_groups);
+	}

policy/support/remote/config.bro

@@ -2,27 +2,29 @@
 ##! consts to a remote Bro then sends the :bro:id:`configuration_update` event
 ##! and terminates processing.
 ##!
-##! Intended to be used from the command line as in:
-##!     bro Cluster::config_node=<node> <scripts> frameworks/cluster/send-config
+##! Intended to be used from the command line like this:
+##!     bro Remote::config_node=<node> <scripts> support/remote/send-config
 ##! 
-##! The :bro:id:`config_node` value should contain the node name of one of the
-##! nodes of the configured cluster.
+##! The :bro:id:`Remote::config_node` value should contain the node name of one of the
+##! nodes of the configured communications.
 
 @load frameworks/communication
-@load frameworks/cluster
+@load support/remote
 
-module Cluster;
+module Remote;
 
 export {
-	## This is the name of the node configured in the cluster that the
-	## updated configuration should be sent to.
+	## This is the name of the node configured in the communication framework
+	## that you want to send new variables to.
 	const config_node = "" &redef;
 
 	## Variable IDs that are to be ignored by the update process.
 	const ignore_ids: set[string] = {
-		"Communication::nodes",
-		"Cluster::config_node"
+		# TODO: Bro crashes if it tries to send this ID.
+		"Log::rotation_control",
 	};
+	
+	## 
 }
 
 event terminate_event()
@@ -51,12 +53,12 @@ event remote_connection_handshake_done(p: event_peer)
 		# We don't want to update non-const globals because that's usually
 		# where state is stored and those values will frequently be declared
 		# with &redef so that attributes can be redefined.
-		if ( ! t$redefinable || ! t$constant )
-			next;
-
+		if ( t$constant && t$redefinable )
+			{
 			send_id(p, id);
 			++cnt;
 			}
+		}
 
 	print fmt("sent %d IDs", cnt);
 
@@ -70,39 +72,21 @@ event remote_connection_handshake_done(p: event_peer)
 	event terminate_event();
 	}
 
-function make_dest(tag: string, ip: addr, p: port)
-	{
-	Communication::nodes[fmt("%s-update", tag)] 
-		= [$host=ip, $p=p, $sync=F, $class="update"];
-	}
-
-# This handler is executed after the other bro_inits() so that we can
-# actually delete all previous destinations and fill the table ourselves.
-event bro_init() &priority=-1
-	{
-	clear_table(Communication::nodes);
-
-	for ( n in workers ) 
-		make_dest(workers[n]$tag, workers[n]$ip, workers[n]$p);
-
-	for ( n in proxies ) 
-		make_dest(proxies[n]$tag, proxies[n]$ip, proxies[n]$p);
-
-	make_dest(manager$tag, manager$ip, manager$p);
-	}
-
-event bro_init() &priority=-2
-	{
-	if ( config_node !in Communication::nodes )
+event bro_init() &priority=-3
 	{
 	if ( config_node == "" )
-			print "You must supply a value to the Cluster::config_node variable.";
-		else
+		return;
+	
+	if ( config_node !in Communication::nodes )
+		{
 		print fmt("Unknown peer '%s'", config_node);
 		terminate();
 		return;
 		}
 
-	Communication::connect_peer(config_node);
+	local n = Communication::nodes[config_node];
+	n$connect=T;
+	n$sync=F;
+	n$class="control";
+	Communication::nodes = table(["control"] = n);
 	}
-

policy/support/remote/events.bro

@@ -1,9 +1,12 @@
 ##! Events which can be sent dynamically to Bro instances to retrieve 
 ##! information about the running process.
 
-module Cluster;
+module Remote;
 
 export {
+	# This event is generated when Bro's configuration may have been updated.
+	global configuration_update: event();
+
 	## Event for requesting the value of an ID (a variable).
 	global id_request: event(id: string);
 	## Event for returning the value of an ID after an :bro:id:`id_request` event.
@@ -14,14 +17,16 @@ export {
 	## Returns the current communication status.
 	global peer_status_response: event(s: string);
 	
+	## Requests the current net_stats.
 	global net_stats_request: event();
+	## Returns the current net_stats.
 	global net_stats_response: event(s: string);
 }
 
 event id_request(id: string)
 	{
-	local msg = fmt("%.6f got event id_request(%s)", network_time(), id);
-	Log::write(CLUSTER, [$ts=network_time(), $msg=msg]);
+	#local msg = fmt("%.6f got event id_request(%s)", network_time(), id);
+	#Log::write(CLUSTER, [$ts=network_time(), $msg=msg]);
 
 	local val = lookup_ID(id);
 	event id_response(id, fmt("%s", val));
@@ -29,14 +34,14 @@ event id_request(id: string)
 	
 event id_response(id: string, val: string)
 	{
-	local msg = fmt("%.6f raised event id_response(%s, %s)", network_time(), id, val);
-	Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
+	#local msg = fmt("%.6f raised event id_response(%s, %s)", network_time(), id, val);
+	#Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
 	}
 
 event peer_status_request()
 	{
-	local msg = fmt("%.6f got event peer_status_request()", network_time());
-	Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
+	#local msg = fmt("%.6f got event peer_status_request()", network_time());
+	#Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
 
 	local status = "";
 	for ( p in Communication::nodes )
@@ -54,8 +59,8 @@ event peer_status_request()
 
 event peer_status_response(s: string)
 	{
-	local msg = fmt("%.6f raised event peer_status_response(%s)", network_time(), s);
-	Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
+	#local msg = fmt("%.6f raised event peer_status_response(%s)", network_time(), s);
+	#Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
 	}
 
 event net_stats_request()
@@ -68,7 +73,7 @@ event net_stats_request()
 
 event net_stats_response(s: string)
 	{
-	local msg = fmt("%.6f raised event net_stats_response(%s)", network_time(), s);
-	Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
+	#local msg = fmt("%.6f raised event net_stats_response(%s)", network_time(), s);
+	#Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]);
 	}