Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

NetControl: allow reasons in remove_rule calls.

Browse source 
This adds the capability for the user to attach a reason when removing
or destroying a rule. The message will both be logged in netcontrol.log
and forwarded to the responsible plugins.

Addresses BIT-1655
This commit is contained in:
Johanna Amann 2016-08-05 10:47:58 -07:00
parent 9d9c7bafd3
commit 4f1a2c7b62
21 changed files with 129 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

10
scripts/base/frameworks/netcontrol/plugins/acld.bro
View file

@ -247,7 +247,7 @@ function acld_add_rule_fun(p: PluginState, r: Rule) : bool
return T;
}
function acld_remove_rule_fun(p: PluginState, r: Rule) : bool
function acld_remove_rule_fun(p: PluginState, r: Rule, reason: string) : bool
{
if ( ! acld_check_rule(p, r) )
return F;
@ -258,6 +258,14 @@ function acld_remove_rule_fun(p: PluginState, r: Rule) : bool
else
return F;
if ( reason != "" )
{
if ( ar?$comment )
ar$comment = fmt("%s (%s)", reason, ar$comment);
else
ar$comment = reason;
}
Broker::send_event(p$acld_config$acld_topic, Broker::event_args(acld_remove_rule, p$acld_id, r, ar));
return T;
}