NetControl: allow reasons in remove_rule calls.

This adds the capability for the user to attach a reason when removing
or destroying a rule. The message will both be logged in netcontrol.log
and forwarded to the responsible plugins.

Addresses BIT-1655

scripts/base/frameworks/netcontrol/plugins/acld.bro

@@ -247,7 +247,7 @@ function acld_add_rule_fun(p: PluginState, r: Rule) : bool
 	return T;
 	}
 
-function acld_remove_rule_fun(p: PluginState, r: Rule) : bool
+function acld_remove_rule_fun(p: PluginState, r: Rule, reason: string) : bool
 	{
 	if ( ! acld_check_rule(p, r) )
 		return F;
@@ -258,6 +258,14 @@ function acld_remove_rule_fun(p: PluginState, r: Rule) : bool
 	else
 		return F;
 
+	if ( reason != "" )
+		{
+		if ( ar?$comment )
+			ar$comment = fmt("%s (%s)", reason, ar$comment);
+		else
+			ar$comment = reason;
+		}
+
 	Broker::send_event(p$acld_config$acld_topic, Broker::event_args(acld_remove_rule, p$acld_id, r, ar));
 	return T;
 	}

scripts/base/frameworks/netcontrol/plugins/broker.bro

@@ -46,7 +46,7 @@ export {
 	};
 
 	global broker_add_rule: event(id: count, r: Rule);
-	global broker_remove_rule: event(id: count, r: Rule);
+	global broker_remove_rule: event(id: count, r: Rule, reason: string);
 
 	global broker_rule_added: event(id: count, r: Rule, msg: string);
 	global broker_rule_removed: event(id: count, r: Rule, msg: string);
@@ -155,12 +155,12 @@ function broker_add_rule_fun(p: PluginState, r: Rule) : bool
 	return T;
 	}
 
-function broker_remove_rule_fun(p: PluginState, r: Rule) : bool
+function broker_remove_rule_fun(p: PluginState, r: Rule, reason: string) : bool
 	{
 	if ( ! broker_check_rule(p, r) )
 		return F;
 
-	Broker::send_event(p$broker_config$topic, Broker::event_args(broker_remove_rule, p$broker_id, r));
+	Broker::send_event(p$broker_config$topic, Broker::event_args(broker_remove_rule, p$broker_id, r, reason));
 	return T;
 	}
 

scripts/base/frameworks/netcontrol/plugins/debug.bro

@@ -55,34 +55,22 @@ function debug_add_rule(p: PluginState, r: Rule) : bool
 	return F;
 	}
 
-function debug_remove_rule(p: PluginState, r: Rule) : bool
+function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool
 	{
-	local s = fmt("remove_rule: %s", r);
+	local s = fmt("remove_rule (%s): %s", reason, r);
 	debug_log(p, s);
 
 	event NetControl::rule_removed(r, p);
 	return T;
 	}
 
-function debug_transaction_begin(p: PluginState)
-	{
-	debug_log(p, "transaction_begin");
-	}
-
-function debug_transaction_end(p: PluginState)
-	{
-	debug_log(p, "transaction_end");
-	}
-
 global debug_plugin = Plugin(
 	$name=debug_name,
 	$can_expire = F,
 	$init = debug_init,
 	$done = debug_done,
 	$add_rule = debug_add_rule,
-	$remove_rule = debug_remove_rule,
-	$transaction_begin = debug_transaction_begin,
-	$transaction_end = debug_transaction_end
+	$remove_rule = debug_remove_rule
 	);
 
 function create_debug(do_something: bool) : PluginState

scripts/base/frameworks/netcontrol/plugins/openflow.bro

@@ -324,7 +324,7 @@ function openflow_add_rule(p: PluginState, r: Rule) : bool
 	return T;
 	}
 
-function openflow_remove_rule(p: PluginState, r: Rule) : bool
+function openflow_remove_rule(p: PluginState, r: Rule, reason: string) : bool
 	{
 	if ( ! openflow_check_rule(p, r) )
 		return F;
@@ -444,8 +444,6 @@ global openflow_plugin = Plugin(
 #	$done = openflow_done,
 	$add_rule = openflow_add_rule,
 	$remove_rule = openflow_remove_rule
-#	$transaction_begin = openflow_transaction_begin,
-#	$transaction_end = openflow_transaction_end
 	);
 
 function create_openflow(controller: OpenFlow::Controller, config: OfConfig &default=[]) : PluginState

scripts/base/frameworks/netcontrol/plugins/packetfilter.bro

@@ -63,7 +63,7 @@ function packetfilter_add_rule(p: PluginState, r: Rule) : bool
 	return F;
 	}
 
-function packetfilter_remove_rule(p: PluginState, r: Rule) : bool
+function packetfilter_remove_rule(p: PluginState, r: Rule, reason: string) : bool
 	{
 	if ( ! packetfilter_check_rule(r) )
 		return F;