NetControl: allow reasons in remove_rule calls.

This adds the capability for the user to attach a reason when removing
or destroying a rule. The message will both be logged in netcontrol.log
and forwarded to the responsible plugins.

Addresses BIT-1655

scripts/base/frameworks/netcontrol/catch-and-release.bro

@@ -101,8 +101,10 @@ export {
 	##
 	## a: The address to be unblocked.
 	##
+	## reason: A reason for the unblock
+	##
 	## Returns: True if the address was unblocked.
-	global unblock_address_catch_release: function(a: addr) : bool;
+	global unblock_address_catch_release: function(a: addr, reason: string &default="") : bool;
 
 	## This function can be called to notify the cach and release script that activity by
 	## an IP address was seen. If the respective IP address is currently monitored by catch and
@@ -154,7 +156,7 @@ export {
 	global catch_release_block_new: event(a: addr, b: BlockInfo);
 	global catch_release_block_delete: event(a: addr);
 	global catch_release_add: event(a: addr, location: string);
-	global catch_release_delete: event(a: addr);
+	global catch_release_delete: event(a: addr, reason: string);
 	global catch_release_encountered: event(a: addr);
 }
 
@@ -287,9 +289,9 @@ event catch_release_add(a: addr, location: string)
 	drop_address_catch_release(a, location);
 	}
 
-event catch_release_delete(a: addr)
+event catch_release_delete(a: addr, reason: string)
 	{
-	unblock_address_catch_release(a);
+	unblock_address_catch_release(a, reason);
 	}
 
 event catch_release_encountered(a: addr)
@@ -386,7 +388,7 @@ function drop_address_catch_release(a: addr, location: string &default=""): Bloc
 
 	}
 
-function unblock_address_catch_release(a: addr): bool
+function unblock_address_catch_release(a: addr, reason: string &default=""): bool
 	{
 	if ( a !in blocks )
 		return F;
@@ -394,16 +396,18 @@ function unblock_address_catch_release(a: addr): bool
 @if ( ! Cluster::is_enabled() || ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) )
 	local bi = blocks[a];
 	local log = populate_log_record(a, bi, UNBLOCK);
+	if ( reason != "" )
+		log$message = reason;
 	Log::write(CATCH_RELEASE, log);
 	delete blocks[a];
 	if ( bi?$block_until && bi$block_until > network_time() && bi$current_block_id != "" )
-		remove_rule(bi$current_block_id);
+		remove_rule(bi$current_block_id, reason);
 @endif
 @if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
 	event NetControl::catch_release_block_delete(a);
 @endif
 @if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
-	event NetControl::catch_release_delete(a);
+	event NetControl::catch_release_delete(a, reason);
 @endif
 
 	return T;

scripts/base/frameworks/netcontrol/cluster.bro

@@ -10,10 +10,10 @@ export {
 	global cluster_netcontrol_add_rule: event(r: Rule);
 
 	## This is the event used to transport remove_rule calls to the manager.
-	global cluster_netcontrol_remove_rule: event(id: string);
+	global cluster_netcontrol_remove_rule: event(id: string, reason: string);
 
 	## This is the event used to transport delete_rule calls to the manager.
-	global cluster_netcontrol_delete_rule: event(id: string);
+	global cluster_netcontrol_delete_rule: event(id: string, reason: string);
 }
 
 ## Workers need ability to forward commands to manager.
@@ -56,32 +56,32 @@ function add_rule(r: Rule) : string
 		}
 	}
 
-function delete_rule(id: string) : bool
+function delete_rule(id: string, reason: string &default="") : bool
 	{
 	if ( Cluster::local_node_type() == Cluster::MANAGER )
-		return delete_rule_impl(id);
+		return delete_rule_impl(id, reason);
 	else
 		{
-		event NetControl::cluster_netcontrol_delete_rule(id);
+		event NetControl::cluster_netcontrol_delete_rule(id, reason);
 		return T; # well, we can't know here. So - just hope...
 		}
 	}
 
-function remove_rule(id: string) : bool
+function remove_rule(id: string, reason: string &default="") : bool
 	{
 	if ( Cluster::local_node_type() == Cluster::MANAGER )
-		return remove_rule_impl(id);
+		return remove_rule_impl(id, reason);
 	else
 		{
-		event NetControl::cluster_netcontrol_remove_rule(id);
+		event NetControl::cluster_netcontrol_remove_rule(id, reason);
 		return T; # well, we can't know here. So - just hope...
 		}
 	}
 
 @if ( Cluster::local_node_type() == Cluster::MANAGER )
-event NetControl::cluster_netcontrol_delete_rule(id: string)
+event NetControl::cluster_netcontrol_delete_rule(id: string, reason: string)
 	{
-	delete_rule_impl(id);
+	delete_rule_impl(id, reason);
 	}
 
 event NetControl::cluster_netcontrol_add_rule(r: Rule)
@@ -89,9 +89,9 @@ event NetControl::cluster_netcontrol_add_rule(r: Rule)
 	add_rule_impl(r);
 	}
 
-event NetControl::cluster_netcontrol_remove_rule(id: string)
+event NetControl::cluster_netcontrol_remove_rule(id: string, reason: string)
 	{
-	remove_rule_impl(id);
+	remove_rule_impl(id, reason);
 	}
 
 event rule_expire(r: Rule, p: PluginState) &priority=-5

scripts/base/frameworks/netcontrol/main.bro

@@ -124,12 +124,14 @@ export {
 	##
 	## id: The rule to remove, specified as the ID returned by :bro:see:`NetControl::add_rule`.
 	##
+	## reason: Optional string argument giving information on why the rule was removed.
+	##
 	## Returns: True if succesful, the relevant plugin indicated that it knew
 	##          how to handle the removal. Note that again "success" means the
 	##          plugin accepted the removal. They might still fail to put it
 	##          into effect, as that might happen asynchronously and thus go
 	##          wrong at that point.
-	global remove_rule: function(id: string) : bool;
+	global remove_rule: function(id: string, reason: string &default="") : bool;
 
 	## Deletes a rule without removing in from the backends to which it has been
 	## added before. This mean that no messages will be sent to the switches to which
@@ -138,9 +140,11 @@ export {
 	##
 	## id: The rule to delete, specified as the ID returned by :bro:see:`add_rule` .
 	##
+	## reason: Optional string argument giving information on why the rule was deleted.
+	##
 	## Returns: True if removal is successful, or sent to manager.
 	##          False if the rule could not be found.
-	global delete_rule: function(id: string) : bool;
+	global delete_rule: function(id: string, reason: string &default="") : bool;
 
 	## Searches all rules affecting a certain IP address.
 	##
@@ -820,38 +824,49 @@ function rule_cleanup(r: Rule)
 	event NetControl::rule_destroyed(r);
 	}
 
-function delete_rule_impl(id: string): bool
+function delete_rule_impl(id: string, reason: string): bool
 	{
 	if ( id !in rules )
+		{
+		Reporter::error(fmt("Rule %s does not exist in NetControl::delete_rule", id));
 		return F;
+		}
 
 	local rule = rules[id];
 
 	rule$_active_plugin_ids = set();
 
 	rule_cleanup(rule);
+	if ( reason != "" )
+		log_rule_no_plugin(rule, REMOVED, fmt("delete_rule: %s", reason));
+	else
+		log_rule_no_plugin(rule, REMOVED, "delete_rule");
+
 	return T;
 	}
 
-function remove_rule_plugin(r: Rule, p: PluginState): bool
+function remove_rule_plugin(r: Rule, p: PluginState, reason: string &default=""): bool
 	{
 	local success = T;
 
-	if ( ! p$plugin$remove_rule(p, r) )
+	if ( ! p$plugin$remove_rule(p, r, reason) )
 		{
 		# still continue and send to other plugins
-		log_rule_error(r, "remove failed", p);
+		if ( reason != "" )
+			log_rule_error(r, fmt("remove failed (original reason: %s)", reason), p);
+		else
+			log_rule_error(r, "remove failed", p);
 		success = F;
 		}
 		else
 		{
-		log_rule(r, "REMOVE", REQUESTED, p);
+		log_rule(r, "REMOVE", REQUESTED, p, reason);
 		}
 
 	return success;
 	}
 
-function remove_rule_impl(id: string) : bool
+function remove_rule_impl(id: string, reason: string) : bool
 	{
 	if ( id !in rules )
 		{
@@ -865,7 +880,7 @@ function remove_rule_impl(id: string) : bool
 	for ( plugin_id in r$_active_plugin_ids )
 		{
 		local p = plugin_ids[plugin_id];
-		success = remove_rule_plugin(r, p);
+		success = remove_rule_plugin(r, p, reason);
 		}
 
 	return success;

scripts/base/frameworks/netcontrol/non-cluster.bro

@@ -12,14 +12,14 @@ function add_rule(r: Rule) : string
 	return add_rule_impl(r);
 	}
 
-function delete_rule(id: string) : bool
+function delete_rule(id: string, reason: string &default="") : bool
 	{
-	return delete_rule_impl(id);
+	return delete_rule_impl(id, reason);
 	}
 
-function remove_rule(id: string) : bool
+function remove_rule(id: string, reason: string &default="") : bool
 	{
-	return remove_rule_impl(id);
+	return remove_rule_impl(id, reason);
 	}
 
 event rule_expire(r: Rule, p: PluginState) &priority=-5

scripts/base/frameworks/netcontrol/plugin.bro

@@ -68,13 +68,7 @@ export {
 		## ``id`` field will match that of the add_rule() call.  Generally,
 		## a plugin that accepts an add_rule() should also accept the
 		## remove_rule().
-		remove_rule: function(state: PluginState, r: Rule) : bool &optional;
-
-		## A transaction groups a number of operations. The plugin can add them internally
-		## and postpone putting them into effect until committed. This allows to build a
-		## configuration of multiple rules at once, including replaying a previous state.
-		transaction_begin: function(state: PluginState) &optional;
-		transaction_end: function(state: PluginState) &optional;
+		remove_rule: function(state: PluginState, r: Rule, reason: string) : bool &optional;
 	};
 
 	## Table for a plugin to store instance-specific configuration information.

scripts/base/frameworks/netcontrol/plugins/acld.bro

@@ -247,7 +247,7 @@ function acld_add_rule_fun(p: PluginState, r: Rule) : bool
 	return T;
 	}
 
-function acld_remove_rule_fun(p: PluginState, r: Rule) : bool
+function acld_remove_rule_fun(p: PluginState, r: Rule, reason: string) : bool
 	{
 	if ( ! acld_check_rule(p, r) )
 		return F;
@@ -258,6 +258,14 @@ function acld_remove_rule_fun(p: PluginState, r: Rule) : bool
 	else
 		return F;
 
+	if ( reason != "" )
+		{
+		if ( ar?$comment )
+			ar$comment = fmt("%s (%s)", reason, ar$comment);
+		else
+			ar$comment = reason;
+		}
+
 	Broker::send_event(p$acld_config$acld_topic, Broker::event_args(acld_remove_rule, p$acld_id, r, ar));
 	return T;
 	}

scripts/base/frameworks/netcontrol/plugins/broker.bro

@@ -46,7 +46,7 @@ export {
 	};
 
 	global broker_add_rule: event(id: count, r: Rule);
-	global broker_remove_rule: event(id: count, r: Rule);
+	global broker_remove_rule: event(id: count, r: Rule, reason: string);
 
 	global broker_rule_added: event(id: count, r: Rule, msg: string);
 	global broker_rule_removed: event(id: count, r: Rule, msg: string);
@@ -155,12 +155,12 @@ function broker_add_rule_fun(p: PluginState, r: Rule) : bool
 	return T;
 	}
 
-function broker_remove_rule_fun(p: PluginState, r: Rule) : bool
+function broker_remove_rule_fun(p: PluginState, r: Rule, reason: string) : bool
 	{
 	if ( ! broker_check_rule(p, r) )
 		return F;
 
-	Broker::send_event(p$broker_config$topic, Broker::event_args(broker_remove_rule, p$broker_id, r));
+	Broker::send_event(p$broker_config$topic, Broker::event_args(broker_remove_rule, p$broker_id, r, reason));
 	return T;
 	}
 

scripts/base/frameworks/netcontrol/plugins/debug.bro

@@ -55,34 +55,22 @@ function debug_add_rule(p: PluginState, r: Rule) : bool
 	return F;
 	}
 
-function debug_remove_rule(p: PluginState, r: Rule) : bool
+function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool
 	{
-	local s = fmt("remove_rule: %s", r);
+	local s = fmt("remove_rule (%s): %s", reason, r);
 	debug_log(p, s);
 
 	event NetControl::rule_removed(r, p);
 	return T;
 	}
 
-function debug_transaction_begin(p: PluginState)
-	{
-	debug_log(p, "transaction_begin");
-	}
-
-function debug_transaction_end(p: PluginState)
-	{
-	debug_log(p, "transaction_end");
-	}
-
 global debug_plugin = Plugin(
 	$name=debug_name,
 	$can_expire = F,
 	$init = debug_init,
 	$done = debug_done,
 	$add_rule = debug_add_rule,
-	$remove_rule = debug_remove_rule,
-	$transaction_begin = debug_transaction_begin,
-	$transaction_end = debug_transaction_end
+	$remove_rule = debug_remove_rule
 	);
 
 function create_debug(do_something: bool) : PluginState

scripts/base/frameworks/netcontrol/plugins/openflow.bro

@@ -324,7 +324,7 @@ function openflow_add_rule(p: PluginState, r: Rule) : bool
 	return T;
 	}
 
-function openflow_remove_rule(p: PluginState, r: Rule) : bool
+function openflow_remove_rule(p: PluginState, r: Rule, reason: string) : bool
 	{
 	if ( ! openflow_check_rule(p, r) )
 		return F;
@@ -444,8 +444,6 @@ global openflow_plugin = Plugin(
 #	$done = openflow_done,
 	$add_rule = openflow_add_rule,
 	$remove_rule = openflow_remove_rule
-#	$transaction_begin = openflow_transaction_begin,
-#	$transaction_end = openflow_transaction_end
 	);
 
 function create_openflow(controller: OpenFlow::Controller, config: OfConfig &default=[]) : PluginState

scripts/base/frameworks/netcontrol/plugins/packetfilter.bro

@@ -63,7 +63,7 @@ function packetfilter_add_rule(p: PluginState, r: Rule) : bool
 	return F;
 	}
 
-function packetfilter_remove_rule(p: PluginState, r: Rule) : bool
+function packetfilter_remove_rule(p: PluginState, r: Rule, reason: string) : bool
 	{
 	if ( ! packetfilter_check_rule(r) )
 		return F;

testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out

@@ -1,4 +1,4 @@
 Broker::incoming_connection_established
 add_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
 add_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP
-remove_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP
+remove_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP, removing

testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.netcontrol.log

@@ -3,18 +3,18 @@
 #empty_field	(empty)
 #unset_field	-
 #path	netcontrol
-#open	2016-03-24-22-00-58
+#open	2016-08-05-17-34-55
 #fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
 #types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Broker-bro/event/netcontroltest
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	waiting for plugins to initialize	-	-	-	-
-1458856858.169980	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Broker-bro/event/netcontroltest
-1458856858.169980	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
-1458856858.553916	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1458856858.553916	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1458856858.553948	2	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1458856858.553948	2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1458856858.553948	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1458856858.553948	3	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-1458856858.553948	3	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
-#close	2016-03-24-22-00-59
+1470418495.661396	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Broker-bro/event/netcontroltest
+1470418495.661396	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1470418496.045332	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1470418496.045332	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1470418496.045364	2	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1470418496.045364	2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1470418496.045364	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1470418496.045364	3	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	removing	0	36000.000000	-	Broker-bro/event/netcontroltest
+1470418496.045364	3	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+#close	2016-08-05-17-34-56

testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-2/netcontrol.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	netcontrol
-#open	2016-05-31-18-51-29
+#open	2016-08-05-17-37-18
 #fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
 #types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
@@ -11,8 +11,10 @@
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
 1398529018.678276	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	120.000000	-	Debug-All
 1398529018.678276	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	120.000000	-	Debug-All
+1398529018.678276	2	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule	0	120.000000	-	-
 1398529018.678276	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: test drop	Debug-All
 1398529018.678276	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: test drop	Debug-All
+1398529018.678276	3	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule	0	3600.000000	Re-drop by catch-and-release: test drop	-
 1398529018.678276	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: test drop	Debug-All
 1398529018.678276	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: test drop	Debug-All
-#close	2016-05-31-18-51-29
+#close	2016-08-05-17-37-18

testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol.log

@@ -3,21 +3,21 @@
 #empty_field	(empty)
 #unset_field	-
 #path	netcontrol
-#open	2016-07-13-16-15-31
+#open	2016-08-05-17-46-57
 #fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
 #types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
-1468426531.690018	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
-1468426531.690018	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
-1468426531.690018	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
-1468426534.768038	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
-1468426534.768038	worker-1:2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	0.100000	-	Debug-All
-1468426534.768038	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
-1468426534.768038	worker-1:2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	0.100000	-	Debug-All
-1468426534.868423	worker-1:2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	0.100000	-	Debug-All
-1468426534.868423	worker-1:2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	0.100000	-	Debug-All
-1468426534.870147	worker-1:2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	0.100000	-	Debug-All
-1468426536.256898	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
-1468426536.256898	2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
-1468426536.256898	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	Debug-All
-1468426536.256898	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	Debug-All
-#close	2016-07-13-16-15-36
+1470419217.355712	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
+1470419217.355712	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
+1470419217.355712	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1470419220.470685	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
+1470419220.470685	worker-1:2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	0.100000	-	Debug-All
+1470419220.470685	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
+1470419220.470685	worker-1:2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	0.100000	-	Debug-All
+1470419220.570873	worker-1:2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	0.100000	-	Debug-All
+1470419220.570873	worker-1:2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	0.100000	-	Debug-All
+1470419220.572465	worker-1:2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	0.100000	-	Debug-All
+1470419221.963109	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	reason here	0	600.000000	-	Debug-All
+1470419221.963109	2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
+1470419221.963109	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	Debug-All
+1470419221.963109	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	8.8.8.8/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	Debug-All
+#close	2016-08-05-17-47-02

testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol_catch_release.log

@@ -3,16 +3,16 @@
 #empty_field	(empty)
 #unset_field	-
 #path	netcontrol_catch_release
-#open	2016-07-13-16-15-34
+#open	2016-08-05-17-47-19
 #fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message
 #types	time	string	addr	enum	interval	interval	time	time	count	string	string
-1468426534.768038	2	192.168.18.50	NetControl::DROP	600.000000	3600.000000	1468427134.768038	1468430134.768038	1	-	-
-1468426534.768038	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	1468427134.768038	1468430134.768038	1	-	-
-1468426534.768038	worker-1:2	8.8.8.8	NetControl::ADDED	600.000000	3600.000000	-	1468430134.768038	1	-	Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.
-1468426534.868423	worker-1:2	8.8.8.8	NetControl::UNBLOCK	600.000000	3600.000000	-	1468430134.768038	1	-	-
-1468426536.256898	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	1468427134.768038	1468430134.768038	1	-	Block seen while in rule_entities. No action taken.
-1468426536.256898	2	192.168.18.50	NetControl::UNBLOCK	600.000000	3600.000000	1468427134.768038	1468430134.768038	1	-	-
-1468426536.256898	4	8.8.8.8	NetControl::SEEN_AGAIN	3600.000000	86400.000000	1468430136.256898	1468512936.256898	2	-	-
-1468426536.256898	4	8.8.8.8	NetControl::DROPPED	3600.000000	86400.000000	1468430136.256898	1468512936.256898	2	-	-
-1468426534.288954	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	1468427134.768038	1468430134.768038	1	-	Already blocked using catch-and-release - ignoring duplicate
-#close	2016-07-13-16-15-36
+1470419239.093089	2	192.168.18.50	NetControl::DROP	600.000000	3600.000000	1470419839.093089	1470422839.093089	1	-	-
+1470419239.093089	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	1470419839.093089	1470422839.093089	1	-	-
+1470419239.093089	worker-1:2	8.8.8.8	NetControl::ADDED	600.000000	3600.000000	-	1470422839.093089	1	-	Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.
+1470419239.193930	worker-1:2	8.8.8.8	NetControl::UNBLOCK	600.000000	3600.000000	-	1470422839.093089	1	-	-
+1470419240.599721	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	1470419839.093089	1470422839.093089	1	-	Block seen while in rule_entities. No action taken.
+1470419240.599721	2	192.168.18.50	NetControl::UNBLOCK	600.000000	3600.000000	1470419839.093089	1470422839.093089	1	-	reason here
+1470419240.599721	4	8.8.8.8	NetControl::SEEN_AGAIN	3600.000000	86400.000000	1470422840.599721	1470505640.599721	2	-	-
+1470419240.599721	4	8.8.8.8	NetControl::DROPPED	3600.000000	86400.000000	1470422840.599721	1470505640.599721	2	-	-
+1470419238.504810	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	1470419839.093089	1470422839.093089	1	-	Already blocked using catch-and-release - ignoring duplicate
+#close	2016-08-05-17-47-20

testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-forgotten/.stdout

@@ -1,4 +1,4 @@
 netcontrol debug (Debug-All): init
 netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.0.0.1/32, mac=<uninitialized>], expire=1.0 sec, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.0.0.1/32, mac=<uninitialized>], expire=1.0 sec, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.0.0.1/32, mac=<uninitialized>], expire=1.0 sec, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
 Forgotten: , 10.0.0.1, [block_until=1254722768.49206, watch_until=1254722769.49206, num_reblocked=0, current_interval=0, current_block_id=2, location=<uninitialized>]

testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	netcontrol
-#open	2016-05-31-18-51-24
+#open	2016-08-05-17-37-11
 #fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
 #types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
@@ -11,14 +11,19 @@
 0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
 1398529018.678276	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
 1398529018.678276	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
+1398529018.678276	2	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	600.000000	-	-
 1398529018.678276	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	Debug-All
 1398529018.678276	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	Debug-All
+1398529018.678276	3	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	3600.000000	Re-drop by catch-and-release: 	-
 1398529018.678276	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	Debug-All
 1398529018.678276	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	Debug-All
+1398529018.678276	4	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	86400.000000	Re-drop by catch-and-release: 	-
 1398529018.678276	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	Debug-All
 1398529018.678276	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	Debug-All
+1398529018.678276	5	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	604800.000000	Re-drop by catch-and-release: 	-
 1398529018.678276	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	Debug-All
 1398529018.678276	6	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	Debug-All
+1398529018.678276	6	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	604800.000000	Re-drop by catch-and-release: 	-
 1398529018.678276	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	Debug-All
 1398529018.678276	7	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	Debug-All
-#close	2016-05-31-18-51-24
+#close	2016-08-05-17-37-11

testing/btest/Baseline/scripts.base.frameworks.netcontrol.delete-internal-state/.stdout

@@ -3,10 +3,10 @@ netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl:
 netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
 netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
 netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
-netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
-netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
-netcontrol debug (Debug-All): remove_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
-netcontrol debug (Debug-All): remove_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
 Dumping state
 {
 

testing/btest/scripts/base/frameworks/netcontrol/broker.bro

@@ -50,7 +50,7 @@ event connection_established(c: connection)
 event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
 	{
 	print "rule added", r$entity, r$ty;
-	NetControl::remove_rule(r$id);
+	NetControl::remove_rule(r$id, "removing");
 	}
 
 event NetControl::rule_exists(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
@@ -103,9 +103,9 @@ event NetControl::broker_add_rule(id: count, r: NetControl::Rule)
 		Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo()));
 	}
 
-event NetControl::broker_remove_rule(id: count, r: NetControl::Rule)
+event NetControl::broker_remove_rule(id: count, r: NetControl::Rule, reason: string)
 	{
-	print "remove_rule", id, r$entity, r$ty;
+	print "remove_rule", id, r$entity, r$ty, reason;
 
 	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_removed, id, r, ""));
 

testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-cluster.bro

@@ -83,7 +83,7 @@ event connection_established(c: connection)
 	NetControl::drop_address_catch_release(id$orig_h);
 	if ( info$current_block_id != "" )
 		{
-		NetControl::unblock_address_catch_release(id$orig_h);
+		NetControl::unblock_address_catch_release(id$orig_h, "reason here");
 		}
 	}
 

testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro

@@ -26,7 +26,7 @@ event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, ms
 		return;
 
 	# delete directly, without notifying anything.
-	NetControl::delete_rule(r$id);
+	NetControl::delete_rule(r$id, "testing");
 	NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
 	}