diff --git a/scripts/base/frameworks/netcontrol/catch-and-release.bro b/scripts/base/frameworks/netcontrol/catch-and-release.bro index 4b99b70606..f5fd38b2e3 100644 --- a/scripts/base/frameworks/netcontrol/catch-and-release.bro +++ b/scripts/base/frameworks/netcontrol/catch-and-release.bro @@ -101,8 +101,10 @@ export { ## ## a: The address to be unblocked. ## + ## reason: A reason for the unblock + ## ## Returns: True if the address was unblocked. - global unblock_address_catch_release: function(a: addr) : bool; + global unblock_address_catch_release: function(a: addr, reason: string &default="") : bool; ## This function can be called to notify the cach and release script that activity by ## an IP address was seen. If the respective IP address is currently monitored by catch and @@ -154,7 +156,7 @@ export { global catch_release_block_new: event(a: addr, b: BlockInfo); global catch_release_block_delete: event(a: addr); global catch_release_add: event(a: addr, location: string); - global catch_release_delete: event(a: addr); + global catch_release_delete: event(a: addr, reason: string); global catch_release_encountered: event(a: addr); } @@ -287,9 +289,9 @@ event catch_release_add(a: addr, location: string) drop_address_catch_release(a, location); } -event catch_release_delete(a: addr) +event catch_release_delete(a: addr, reason: string) { - unblock_address_catch_release(a); + unblock_address_catch_release(a, reason); } event catch_release_encountered(a: addr) @@ -386,7 +388,7 @@ function drop_address_catch_release(a: addr, location: string &default=""): Bloc } -function unblock_address_catch_release(a: addr): bool +function unblock_address_catch_release(a: addr, reason: string &default=""): bool { if ( a !in blocks ) return F; @@ -394,16 +396,18 @@ function unblock_address_catch_release(a: addr): bool @if ( ! Cluster::is_enabled() || ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) ) local bi = blocks[a]; local log = populate_log_record(a, bi, UNBLOCK); + if ( reason != "" ) + log$message = reason; Log::write(CATCH_RELEASE, log); delete blocks[a]; if ( bi?$block_until && bi$block_until > network_time() && bi$current_block_id != "" ) - remove_rule(bi$current_block_id); + remove_rule(bi$current_block_id, reason); @endif @if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) event NetControl::catch_release_block_delete(a); @endif @if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER ) - event NetControl::catch_release_delete(a); + event NetControl::catch_release_delete(a, reason); @endif return T; diff --git a/scripts/base/frameworks/netcontrol/cluster.bro b/scripts/base/frameworks/netcontrol/cluster.bro index 31c3d91e7e..5b71e40659 100644 --- a/scripts/base/frameworks/netcontrol/cluster.bro +++ b/scripts/base/frameworks/netcontrol/cluster.bro @@ -10,10 +10,10 @@ export { global cluster_netcontrol_add_rule: event(r: Rule); ## This is the event used to transport remove_rule calls to the manager. - global cluster_netcontrol_remove_rule: event(id: string); + global cluster_netcontrol_remove_rule: event(id: string, reason: string); ## This is the event used to transport delete_rule calls to the manager. - global cluster_netcontrol_delete_rule: event(id: string); + global cluster_netcontrol_delete_rule: event(id: string, reason: string); } ## Workers need ability to forward commands to manager. @@ -56,32 +56,32 @@ function add_rule(r: Rule) : string } } -function delete_rule(id: string) : bool +function delete_rule(id: string, reason: string &default="") : bool { if ( Cluster::local_node_type() == Cluster::MANAGER ) - return delete_rule_impl(id); + return delete_rule_impl(id, reason); else { - event NetControl::cluster_netcontrol_delete_rule(id); + event NetControl::cluster_netcontrol_delete_rule(id, reason); return T; # well, we can't know here. So - just hope... } } -function remove_rule(id: string) : bool +function remove_rule(id: string, reason: string &default="") : bool { if ( Cluster::local_node_type() == Cluster::MANAGER ) - return remove_rule_impl(id); + return remove_rule_impl(id, reason); else { - event NetControl::cluster_netcontrol_remove_rule(id); + event NetControl::cluster_netcontrol_remove_rule(id, reason); return T; # well, we can't know here. So - just hope... } } @if ( Cluster::local_node_type() == Cluster::MANAGER ) -event NetControl::cluster_netcontrol_delete_rule(id: string) +event NetControl::cluster_netcontrol_delete_rule(id: string, reason: string) { - delete_rule_impl(id); + delete_rule_impl(id, reason); } event NetControl::cluster_netcontrol_add_rule(r: Rule) @@ -89,9 +89,9 @@ event NetControl::cluster_netcontrol_add_rule(r: Rule) add_rule_impl(r); } -event NetControl::cluster_netcontrol_remove_rule(id: string) +event NetControl::cluster_netcontrol_remove_rule(id: string, reason: string) { - remove_rule_impl(id); + remove_rule_impl(id, reason); } event rule_expire(r: Rule, p: PluginState) &priority=-5 diff --git a/scripts/base/frameworks/netcontrol/main.bro b/scripts/base/frameworks/netcontrol/main.bro index 0c7212a78e..0e5d0cf7be 100644 --- a/scripts/base/frameworks/netcontrol/main.bro +++ b/scripts/base/frameworks/netcontrol/main.bro @@ -124,12 +124,14 @@ export { ## ## id: The rule to remove, specified as the ID returned by :bro:see:`NetControl::add_rule`. ## + ## reason: Optional string argument giving information on why the rule was removed. + ## ## Returns: True if succesful, the relevant plugin indicated that it knew ## how to handle the removal. Note that again "success" means the ## plugin accepted the removal. They might still fail to put it ## into effect, as that might happen asynchronously and thus go ## wrong at that point. - global remove_rule: function(id: string) : bool; + global remove_rule: function(id: string, reason: string &default="") : bool; ## Deletes a rule without removing in from the backends to which it has been ## added before. This mean that no messages will be sent to the switches to which @@ -138,9 +140,11 @@ export { ## ## id: The rule to delete, specified as the ID returned by :bro:see:`add_rule` . ## + ## reason: Optional string argument giving information on why the rule was deleted. + ## ## Returns: True if removal is successful, or sent to manager. ## False if the rule could not be found. - global delete_rule: function(id: string) : bool; + global delete_rule: function(id: string, reason: string &default="") : bool; ## Searches all rules affecting a certain IP address. ## @@ -820,38 +824,49 @@ function rule_cleanup(r: Rule) event NetControl::rule_destroyed(r); } -function delete_rule_impl(id: string): bool +function delete_rule_impl(id: string, reason: string): bool { if ( id !in rules ) + { + Reporter::error(fmt("Rule %s does not exist in NetControl::delete_rule", id)); return F; + } local rule = rules[id]; rule$_active_plugin_ids = set(); rule_cleanup(rule); + if ( reason != "" ) + log_rule_no_plugin(rule, REMOVED, fmt("delete_rule: %s", reason)); + else + log_rule_no_plugin(rule, REMOVED, "delete_rule"); + return T; } -function remove_rule_plugin(r: Rule, p: PluginState): bool +function remove_rule_plugin(r: Rule, p: PluginState, reason: string &default=""): bool { local success = T; - if ( ! p$plugin$remove_rule(p, r) ) + if ( ! p$plugin$remove_rule(p, r, reason) ) { # still continue and send to other plugins - log_rule_error(r, "remove failed", p); + if ( reason != "" ) + log_rule_error(r, fmt("remove failed (original reason: %s)", reason), p); + else + log_rule_error(r, "remove failed", p); success = F; } else { - log_rule(r, "REMOVE", REQUESTED, p); + log_rule(r, "REMOVE", REQUESTED, p, reason); } return success; } -function remove_rule_impl(id: string) : bool +function remove_rule_impl(id: string, reason: string) : bool { if ( id !in rules ) { @@ -865,7 +880,7 @@ function remove_rule_impl(id: string) : bool for ( plugin_id in r$_active_plugin_ids ) { local p = plugin_ids[plugin_id]; - success = remove_rule_plugin(r, p); + success = remove_rule_plugin(r, p, reason); } return success; diff --git a/scripts/base/frameworks/netcontrol/non-cluster.bro b/scripts/base/frameworks/netcontrol/non-cluster.bro index c7d579b0d5..ff300f2492 100644 --- a/scripts/base/frameworks/netcontrol/non-cluster.bro +++ b/scripts/base/frameworks/netcontrol/non-cluster.bro @@ -12,14 +12,14 @@ function add_rule(r: Rule) : string return add_rule_impl(r); } -function delete_rule(id: string) : bool +function delete_rule(id: string, reason: string &default="") : bool { - return delete_rule_impl(id); + return delete_rule_impl(id, reason); } -function remove_rule(id: string) : bool +function remove_rule(id: string, reason: string &default="") : bool { - return remove_rule_impl(id); + return remove_rule_impl(id, reason); } event rule_expire(r: Rule, p: PluginState) &priority=-5 diff --git a/scripts/base/frameworks/netcontrol/plugin.bro b/scripts/base/frameworks/netcontrol/plugin.bro index 9acb611893..36fa25a8f0 100644 --- a/scripts/base/frameworks/netcontrol/plugin.bro +++ b/scripts/base/frameworks/netcontrol/plugin.bro @@ -68,13 +68,7 @@ export { ## ``id`` field will match that of the add_rule() call. Generally, ## a plugin that accepts an add_rule() should also accept the ## remove_rule(). - remove_rule: function(state: PluginState, r: Rule) : bool &optional; - - ## A transaction groups a number of operations. The plugin can add them internally - ## and postpone putting them into effect until committed. This allows to build a - ## configuration of multiple rules at once, including replaying a previous state. - transaction_begin: function(state: PluginState) &optional; - transaction_end: function(state: PluginState) &optional; + remove_rule: function(state: PluginState, r: Rule, reason: string) : bool &optional; }; ## Table for a plugin to store instance-specific configuration information. diff --git a/scripts/base/frameworks/netcontrol/plugins/acld.bro b/scripts/base/frameworks/netcontrol/plugins/acld.bro index 1ac83c4678..5f729c284f 100644 --- a/scripts/base/frameworks/netcontrol/plugins/acld.bro +++ b/scripts/base/frameworks/netcontrol/plugins/acld.bro @@ -247,7 +247,7 @@ function acld_add_rule_fun(p: PluginState, r: Rule) : bool return T; } -function acld_remove_rule_fun(p: PluginState, r: Rule) : bool +function acld_remove_rule_fun(p: PluginState, r: Rule, reason: string) : bool { if ( ! acld_check_rule(p, r) ) return F; @@ -258,6 +258,14 @@ function acld_remove_rule_fun(p: PluginState, r: Rule) : bool else return F; + if ( reason != "" ) + { + if ( ar?$comment ) + ar$comment = fmt("%s (%s)", reason, ar$comment); + else + ar$comment = reason; + } + Broker::send_event(p$acld_config$acld_topic, Broker::event_args(acld_remove_rule, p$acld_id, r, ar)); return T; } diff --git a/scripts/base/frameworks/netcontrol/plugins/broker.bro b/scripts/base/frameworks/netcontrol/plugins/broker.bro index da8e942ae7..465ca5b9fc 100644 --- a/scripts/base/frameworks/netcontrol/plugins/broker.bro +++ b/scripts/base/frameworks/netcontrol/plugins/broker.bro @@ -46,7 +46,7 @@ export { }; global broker_add_rule: event(id: count, r: Rule); - global broker_remove_rule: event(id: count, r: Rule); + global broker_remove_rule: event(id: count, r: Rule, reason: string); global broker_rule_added: event(id: count, r: Rule, msg: string); global broker_rule_removed: event(id: count, r: Rule, msg: string); @@ -155,12 +155,12 @@ function broker_add_rule_fun(p: PluginState, r: Rule) : bool return T; } -function broker_remove_rule_fun(p: PluginState, r: Rule) : bool +function broker_remove_rule_fun(p: PluginState, r: Rule, reason: string) : bool { if ( ! broker_check_rule(p, r) ) return F; - Broker::send_event(p$broker_config$topic, Broker::event_args(broker_remove_rule, p$broker_id, r)); + Broker::send_event(p$broker_config$topic, Broker::event_args(broker_remove_rule, p$broker_id, r, reason)); return T; } diff --git a/scripts/base/frameworks/netcontrol/plugins/debug.bro b/scripts/base/frameworks/netcontrol/plugins/debug.bro index a26a151400..479d934b6c 100644 --- a/scripts/base/frameworks/netcontrol/plugins/debug.bro +++ b/scripts/base/frameworks/netcontrol/plugins/debug.bro @@ -55,34 +55,22 @@ function debug_add_rule(p: PluginState, r: Rule) : bool return F; } -function debug_remove_rule(p: PluginState, r: Rule) : bool +function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool { - local s = fmt("remove_rule: %s", r); + local s = fmt("remove_rule (%s): %s", reason, r); debug_log(p, s); event NetControl::rule_removed(r, p); return T; } -function debug_transaction_begin(p: PluginState) - { - debug_log(p, "transaction_begin"); - } - -function debug_transaction_end(p: PluginState) - { - debug_log(p, "transaction_end"); - } - global debug_plugin = Plugin( $name=debug_name, $can_expire = F, $init = debug_init, $done = debug_done, $add_rule = debug_add_rule, - $remove_rule = debug_remove_rule, - $transaction_begin = debug_transaction_begin, - $transaction_end = debug_transaction_end + $remove_rule = debug_remove_rule ); function create_debug(do_something: bool) : PluginState diff --git a/scripts/base/frameworks/netcontrol/plugins/openflow.bro b/scripts/base/frameworks/netcontrol/plugins/openflow.bro index e47c8ba713..234e0b47c7 100644 --- a/scripts/base/frameworks/netcontrol/plugins/openflow.bro +++ b/scripts/base/frameworks/netcontrol/plugins/openflow.bro @@ -324,7 +324,7 @@ function openflow_add_rule(p: PluginState, r: Rule) : bool return T; } -function openflow_remove_rule(p: PluginState, r: Rule) : bool +function openflow_remove_rule(p: PluginState, r: Rule, reason: string) : bool { if ( ! openflow_check_rule(p, r) ) return F; @@ -444,8 +444,6 @@ global openflow_plugin = Plugin( # $done = openflow_done, $add_rule = openflow_add_rule, $remove_rule = openflow_remove_rule -# $transaction_begin = openflow_transaction_begin, -# $transaction_end = openflow_transaction_end ); function create_openflow(controller: OpenFlow::Controller, config: OfConfig &default=[]) : PluginState diff --git a/scripts/base/frameworks/netcontrol/plugins/packetfilter.bro b/scripts/base/frameworks/netcontrol/plugins/packetfilter.bro index 437c08eb73..ac9bebdc90 100644 --- a/scripts/base/frameworks/netcontrol/plugins/packetfilter.bro +++ b/scripts/base/frameworks/netcontrol/plugins/packetfilter.bro @@ -63,7 +63,7 @@ function packetfilter_add_rule(p: PluginState, r: Rule) : bool return F; } -function packetfilter_remove_rule(p: PluginState, r: Rule) : bool +function packetfilter_remove_rule(p: PluginState, r: Rule, reason: string) : bool { if ( ! packetfilter_check_rule(r) ) return F; diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out index 668d51e344..5a3741d841 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out @@ -1,4 +1,4 @@ Broker::incoming_connection_established add_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP add_rule, 0, [ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], NetControl::DROP -remove_rule, 0, [ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], NetControl::DROP +remove_rule, 0, [ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], NetControl::DROP, removing diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.netcontrol.log index 3a4b962b08..fccd9f61f7 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.netcontrol.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.netcontrol.log @@ -3,18 +3,18 @@ #empty_field (empty) #unset_field - #path netcontrol -#open 2016-03-24-22-00-58 +#open 2016-08-05-17-34-55 #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #types time string enum string enum string enum string string string string int interval string string 0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Broker-bro/event/netcontroltest 0.000000 - NetControl::MESSAGE - - - - - - - waiting for plugins to initialize - - - - -1458856858.169980 - NetControl::MESSAGE - - - - - - - activation finished - - - Broker-bro/event/netcontroltest -1458856858.169980 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - -1458856858.553916 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest -1458856858.553916 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest -1458856858.553948 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest -1458856858.553948 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest -1458856858.553948 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest -1458856858.553948 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest -1458856858.553948 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest -#close 2016-03-24-22-00-59 +1470418495.661396 - NetControl::MESSAGE - - - - - - - activation finished - - - Broker-bro/event/netcontroltest +1470418495.661396 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - +1470418496.045332 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest +1470418496.045332 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest +1470418496.045364 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest +1470418496.045364 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest +1470418496.045364 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest +1470418496.045364 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - removing 0 36000.000000 - Broker-bro/event/netcontroltest +1470418496.045364 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest +#close 2016-08-05-17-34-56 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-2/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-2/netcontrol.log index 5d45e5aea9..84a6d70c21 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-2/netcontrol.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-2/netcontrol.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path netcontrol -#open 2016-05-31-18-51-29 +#open 2016-08-05-17-37-18 #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #types time string enum string enum string enum string string string string int interval string string 0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All @@ -11,8 +11,10 @@ 0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - 1398529018.678276 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 120.000000 - Debug-All 1398529018.678276 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 120.000000 - Debug-All +1398529018.678276 2 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule 0 120.000000 - - 1398529018.678276 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: test drop Debug-All 1398529018.678276 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: test drop Debug-All +1398529018.678276 3 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule 0 3600.000000 Re-drop by catch-and-release: test drop - 1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: test drop Debug-All 1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: test drop Debug-All -#close 2016-05-31-18-51-29 +#close 2016-08-05-17-37-18 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol.log index 3fdbc4d9f1..f89ae7d4d9 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol.log @@ -3,21 +3,21 @@ #empty_field (empty) #unset_field - #path netcontrol -#open 2016-07-13-16-15-31 +#open 2016-08-05-17-46-57 #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #types time string enum string enum string enum string string string string int interval string string -1468426531.690018 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All -1468426531.690018 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All -1468426531.690018 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - -1468426534.768038 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All -1468426534.768038 worker-1:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All -1468426534.768038 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All -1468426534.768038 worker-1:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All -1468426534.868423 worker-1:2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All -1468426534.868423 worker-1:2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All -1468426534.870147 worker-1:2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All -1468426536.256898 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All -1468426536.256898 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All -1468426536.256898 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All -1468426536.256898 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All -#close 2016-07-13-16-15-36 +1470419217.355712 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All +1470419217.355712 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All +1470419217.355712 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - +1470419220.470685 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All +1470419220.470685 worker-1:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All +1470419220.470685 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All +1470419220.470685 worker-1:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All +1470419220.570873 worker-1:2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All +1470419220.570873 worker-1:2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All +1470419220.572465 worker-1:2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All +1470419221.963109 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - reason here 0 600.000000 - Debug-All +1470419221.963109 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All +1470419221.963109 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All +1470419221.963109 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All +#close 2016-08-05-17-47-02 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol_catch_release.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol_catch_release.log index 8137a7a064..a3e4751027 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol_catch_release.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol_catch_release.log @@ -3,16 +3,16 @@ #empty_field (empty) #unset_field - #path netcontrol_catch_release -#open 2016-07-13-16-15-34 +#open 2016-08-05-17-47-19 #fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message #types time string addr enum interval interval time time count string string -1468426534.768038 2 192.168.18.50 NetControl::DROP 600.000000 3600.000000 1468427134.768038 1468430134.768038 1 - - -1468426534.768038 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 1468427134.768038 1468430134.768038 1 - - -1468426534.768038 worker-1:2 8.8.8.8 NetControl::ADDED 600.000000 3600.000000 - 1468430134.768038 1 - Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic. -1468426534.868423 worker-1:2 8.8.8.8 NetControl::UNBLOCK 600.000000 3600.000000 - 1468430134.768038 1 - - -1468426536.256898 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1468427134.768038 1468430134.768038 1 - Block seen while in rule_entities. No action taken. -1468426536.256898 2 192.168.18.50 NetControl::UNBLOCK 600.000000 3600.000000 1468427134.768038 1468430134.768038 1 - - -1468426536.256898 4 8.8.8.8 NetControl::SEEN_AGAIN 3600.000000 86400.000000 1468430136.256898 1468512936.256898 2 - - -1468426536.256898 4 8.8.8.8 NetControl::DROPPED 3600.000000 86400.000000 1468430136.256898 1468512936.256898 2 - - -1468426534.288954 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1468427134.768038 1468430134.768038 1 - Already blocked using catch-and-release - ignoring duplicate -#close 2016-07-13-16-15-36 +1470419239.093089 2 192.168.18.50 NetControl::DROP 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - - +1470419239.093089 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - - +1470419239.093089 worker-1:2 8.8.8.8 NetControl::ADDED 600.000000 3600.000000 - 1470422839.093089 1 - Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic. +1470419239.193930 worker-1:2 8.8.8.8 NetControl::UNBLOCK 600.000000 3600.000000 - 1470422839.093089 1 - - +1470419240.599721 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - Block seen while in rule_entities. No action taken. +1470419240.599721 2 192.168.18.50 NetControl::UNBLOCK 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - reason here +1470419240.599721 4 8.8.8.8 NetControl::SEEN_AGAIN 3600.000000 86400.000000 1470422840.599721 1470505640.599721 2 - - +1470419240.599721 4 8.8.8.8 NetControl::DROPPED 3600.000000 86400.000000 1470422840.599721 1470505640.599721 2 - - +1470419238.504810 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - Already blocked using catch-and-release - ignoring duplicate +#close 2016-08-05-17-47-20 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-forgotten/.stdout b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-forgotten/.stdout index b89aac45d2..0e8c13ec52 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-forgotten/.stdout +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-forgotten/.stdout @@ -1,4 +1,4 @@ netcontrol debug (Debug-All): init netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=10.0.0.1/32, mac=], expire=1.0 sec, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=10.0.0.1/32, mac=], expire=1.0 sec, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] +netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=10.0.0.1/32, mac=], expire=1.0 sec, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] Forgotten: , 10.0.0.1, [block_until=1254722768.49206, watch_until=1254722769.49206, num_reblocked=0, current_interval=0, current_block_id=2, location=] diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log index d06be0682c..a062dc7469 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path netcontrol -#open 2016-05-31-18-51-24 +#open 2016-08-05-17-37-11 #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #types time string enum string enum string enum string string string string int interval string string 0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All @@ -11,14 +11,19 @@ 0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - 1398529018.678276 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All 1398529018.678276 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All +1398529018.678276 2 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 600.000000 - - 1398529018.678276 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All +1398529018.678276 3 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 3600.000000 Re-drop by catch-and-release: - 1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: Debug-All +1398529018.678276 4 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 86400.000000 Re-drop by catch-and-release: - 1398529018.678276 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All +1398529018.678276 5 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: - 1398529018.678276 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All +1398529018.678276 6 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: - 1398529018.678276 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All -#close 2016-05-31-18-51-24 +#close 2016-08-05-17-37-11 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.delete-internal-state/.stdout b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.delete-internal-state/.stdout index f21a0b559c..cb65cfbe93 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.delete-internal-state/.stdout +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.delete-internal-state/.stdout @@ -3,10 +3,10 @@ netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl: netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=0 secs, priority=0, location=, out_port=, mod=, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F] netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=0 secs, priority=5, location=, out_port=, mod=, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F] netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=0 secs, priority=0, location=, out_port=5, mod=, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=0 secs, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=0 secs, priority=0, location=, out_port=, mod=, id=3, cid=3, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=0 secs, priority=5, location=, out_port=, mod=, id=4, cid=4, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=0 secs, priority=0, location=, out_port=5, mod=, id=5, cid=5, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] +netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=0 secs, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] +netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=0 secs, priority=0, location=, out_port=, mod=, id=3, cid=3, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] +netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=0 secs, priority=5, location=, out_port=, mod=, id=4, cid=4, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] +netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=0 secs, priority=0, location=, out_port=5, mod=, id=5, cid=5, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] Dumping state { diff --git a/testing/btest/scripts/base/frameworks/netcontrol/broker.bro b/testing/btest/scripts/base/frameworks/netcontrol/broker.bro index d2aa630b1d..4fd29c499d 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/broker.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/broker.bro @@ -50,7 +50,7 @@ event connection_established(c: connection) event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string) { print "rule added", r$entity, r$ty; - NetControl::remove_rule(r$id); + NetControl::remove_rule(r$id, "removing"); } event NetControl::rule_exists(r: NetControl::Rule, p: NetControl::PluginState, msg: string) @@ -103,9 +103,9 @@ event NetControl::broker_add_rule(id: count, r: NetControl::Rule) Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo())); } -event NetControl::broker_remove_rule(id: count, r: NetControl::Rule) +event NetControl::broker_remove_rule(id: count, r: NetControl::Rule, reason: string) { - print "remove_rule", id, r$entity, r$ty; + print "remove_rule", id, r$entity, r$ty, reason; Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_removed, id, r, "")); diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-cluster.bro b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-cluster.bro index 83a66b35ca..be1391a248 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-cluster.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-cluster.bro @@ -83,7 +83,7 @@ event connection_established(c: connection) NetControl::drop_address_catch_release(id$orig_h); if ( info$current_block_id != "" ) { - NetControl::unblock_address_catch_release(id$orig_h); + NetControl::unblock_address_catch_release(id$orig_h, "reason here"); } } diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro index 66daa06d69..4aaaaf6900 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro @@ -26,7 +26,7 @@ event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, ms return; # delete directly, without notifying anything. - NetControl::delete_rule(r$id); + NetControl::delete_rule(r$id, "testing"); NetControl::catch_release_seen(subnet_to_addr(r$entity$ip)); }