Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

NetControl: allow reasons in remove_rule calls.

Browse source 
This adds the capability for the user to attach a reason when removing
or destroying a rule. The message will both be logged in netcontrol.log
and forwarded to the responsible plugins.

Addresses BIT-1655
This commit is contained in:
Johanna Amann 2016-08-05 10:47:58 -07:00
parent 9d9c7bafd3
commit 4f1a2c7b62
21 changed files with 129 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

18
scripts/base/frameworks/netcontrol/catch-and-release.bro
View file

@ -101,8 +101,10 @@ export {
## ##
## a: The address to be unblocked. ## a: The address to be unblocked.
## ##
## reason: A reason for the unblock
##
## Returns: True if the address was unblocked. ## Returns: True if the address was unblocked.
global unblock_address_catch_release: function(a: addr) : bool; global unblock_address_catch_release: function(a: addr, reason: string &default="") : bool;
## This function can be called to notify the cach and release script that activity by ## This function can be called to notify the cach and release script that activity by
## an IP address was seen. If the respective IP address is currently monitored by catch and ## an IP address was seen. If the respective IP address is currently monitored by catch and
@ -154,7 +156,7 @@ export {
global catch_release_block_new: event(a: addr, b: BlockInfo); global catch_release_block_new: event(a: addr, b: BlockInfo);
global catch_release_block_delete: event(a: addr); global catch_release_block_delete: event(a: addr);
global catch_release_add: event(a: addr, location: string); global catch_release_add: event(a: addr, location: string);
global catch_release_delete: event(a: addr); global catch_release_delete: event(a: addr, reason: string);
global catch_release_encountered: event(a: addr); global catch_release_encountered: event(a: addr);
} }
@ -287,9 +289,9 @@ event catch_release_add(a: addr, location: string)
drop_address_catch_release(a, location); drop_address_catch_release(a, location);
} }
event catch_release_delete(a: addr) event catch_release_delete(a: addr, reason: string)
{ {
unblock_address_catch_release(a); unblock_address_catch_release(a, reason);
} }
event catch_release_encountered(a: addr) event catch_release_encountered(a: addr)
@ -386,7 +388,7 @@ function drop_address_catch_release(a: addr, location: string &default=""): Bloc
} }
function unblock_address_catch_release(a: addr): bool function unblock_address_catch_release(a: addr, reason: string &default=""): bool
{ {
if ( a !in blocks ) if ( a !in blocks )
return F; return F;
@ -394,16 +396,18 @@ function unblock_address_catch_release(a: addr): bool
@if ( ! Cluster::is_enabled() || ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) ) @if ( ! Cluster::is_enabled() || ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) )
local bi = blocks[a]; local bi = blocks[a];
local log = populate_log_record(a, bi, UNBLOCK); local log = populate_log_record(a, bi, UNBLOCK);
if ( reason != "" )
log$message = reason;
Log::write(CATCH_RELEASE, log); Log::write(CATCH_RELEASE, log);
delete blocks[a]; delete blocks[a];
if ( bi?$block_until && bi$block_until > network_time() && bi$current_block_id != "" ) if ( bi?$block_until && bi$block_until > network_time() && bi$current_block_id != "" )
remove_rule(bi$current_block_id); remove_rule(bi$current_block_id, reason);
@endif @endif
@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER ) @if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
event NetControl::catch_release_block_delete(a); event NetControl::catch_release_block_delete(a);
@endif @endif
@if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER ) @if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
event NetControl::catch_release_delete(a); event NetControl::catch_release_delete(a, reason);
@endif @endif
return T; return T;

24
scripts/base/frameworks/netcontrol/cluster.bro
View file

@ -10,10 +10,10 @@ export {
global cluster_netcontrol_add_rule: event(r: Rule); global cluster_netcontrol_add_rule: event(r: Rule);
## This is the event used to transport remove_rule calls to the manager. ## This is the event used to transport remove_rule calls to the manager.
global cluster_netcontrol_remove_rule: event(id: string); global cluster_netcontrol_remove_rule: event(id: string, reason: string);
## This is the event used to transport delete_rule calls to the manager. ## This is the event used to transport delete_rule calls to the manager.
global cluster_netcontrol_delete_rule: event(id: string); global cluster_netcontrol_delete_rule: event(id: string, reason: string);
} }
## Workers need ability to forward commands to manager. ## Workers need ability to forward commands to manager.
@ -56,32 +56,32 @@ function add_rule(r: Rule) : string
} }
} }
function delete_rule(id: string) : bool function delete_rule(id: string, reason: string &default="") : bool
{ {
if ( Cluster::local_node_type() == Cluster::MANAGER ) if ( Cluster::local_node_type() == Cluster::MANAGER )
return delete_rule_impl(id); return delete_rule_impl(id, reason);
else else
{ {
event NetControl::cluster_netcontrol_delete_rule(id); event NetControl::cluster_netcontrol_delete_rule(id, reason);
return T; # well, we can't know here. So - just hope... return T; # well, we can't know here. So - just hope...
} }
} }
function remove_rule(id: string) : bool function remove_rule(id: string, reason: string &default="") : bool
{ {
if ( Cluster::local_node_type() == Cluster::MANAGER ) if ( Cluster::local_node_type() == Cluster::MANAGER )
return remove_rule_impl(id); return remove_rule_impl(id, reason);
else else
{ {
event NetControl::cluster_netcontrol_remove_rule(id); event NetControl::cluster_netcontrol_remove_rule(id, reason);
return T; # well, we can't know here. So - just hope... return T; # well, we can't know here. So - just hope...
} }
} }
@if ( Cluster::local_node_type() == Cluster::MANAGER ) @if ( Cluster::local_node_type() == Cluster::MANAGER )
event NetControl::cluster_netcontrol_delete_rule(id: string) event NetControl::cluster_netcontrol_delete_rule(id: string, reason: string)
{ {
delete_rule_impl(id); delete_rule_impl(id, reason);
} }
event NetControl::cluster_netcontrol_add_rule(r: Rule) event NetControl::cluster_netcontrol_add_rule(r: Rule)
@ -89,9 +89,9 @@ event NetControl::cluster_netcontrol_add_rule(r: Rule)
add_rule_impl(r); add_rule_impl(r);
} }
event NetControl::cluster_netcontrol_remove_rule(id: string) event NetControl::cluster_netcontrol_remove_rule(id: string, reason: string)
{ {
remove_rule_impl(id); remove_rule_impl(id, reason);
} }
event rule_expire(r: Rule, p: PluginState) &priority=-5 event rule_expire(r: Rule, p: PluginState) &priority=-5

33
scripts/base/frameworks/netcontrol/main.bro
View file

@ -124,12 +124,14 @@ export {
## ##
## id: The rule to remove, specified as the ID returned by :bro:see:`NetControl::add_rule`. ## id: The rule to remove, specified as the ID returned by :bro:see:`NetControl::add_rule`.
## ##
## reason: Optional string argument giving information on why the rule was removed.
##
## Returns: True if succesful, the relevant plugin indicated that it knew ## Returns: True if succesful, the relevant plugin indicated that it knew
## how to handle the removal. Note that again "success" means the ## how to handle the removal. Note that again "success" means the
## plugin accepted the removal. They might still fail to put it ## plugin accepted the removal. They might still fail to put it
## into effect, as that might happen asynchronously and thus go ## into effect, as that might happen asynchronously and thus go
## wrong at that point. ## wrong at that point.
global remove_rule: function(id: string) : bool; global remove_rule: function(id: string, reason: string &default="") : bool;
## Deletes a rule without removing in from the backends to which it has been ## Deletes a rule without removing in from the backends to which it has been
## added before. This mean that no messages will be sent to the switches to which ## added before. This mean that no messages will be sent to the switches to which
@ -138,9 +140,11 @@ export {
## ##
## id: The rule to delete, specified as the ID returned by :bro:see:`add_rule` . ## id: The rule to delete, specified as the ID returned by :bro:see:`add_rule` .
## ##
## reason: Optional string argument giving information on why the rule was deleted.
##
## Returns: True if removal is successful, or sent to manager. ## Returns: True if removal is successful, or sent to manager.
## False if the rule could not be found. ## False if the rule could not be found.
global delete_rule: function(id: string) : bool; global delete_rule: function(id: string, reason: string &default="") : bool;
## Searches all rules affecting a certain IP address. ## Searches all rules affecting a certain IP address.
## ##
@ -820,38 +824,49 @@ function rule_cleanup(r: Rule)
event NetControl::rule_destroyed(r); event NetControl::rule_destroyed(r);
} }
function delete_rule_impl(id: string): bool function delete_rule_impl(id: string, reason: string): bool
{ {
if ( id !in rules ) if ( id !in rules )
{
Reporter::error(fmt("Rule %s does not exist in NetControl::delete_rule", id));
return F; return F;
}
local rule = rules[id]; local rule = rules[id];
rule$_active_plugin_ids = set(); rule$_active_plugin_ids = set();
rule_cleanup(rule); rule_cleanup(rule);
if ( reason != "" )
log_rule_no_plugin(rule, REMOVED, fmt("delete_rule: %s", reason));
else
log_rule_no_plugin(rule, REMOVED, "delete_rule");
return T; return T;
} }
function remove_rule_plugin(r: Rule, p: PluginState): bool function remove_rule_plugin(r: Rule, p: PluginState, reason: string &default=""): bool
{ {
local success = T; local success = T;
if ( ! p$plugin$remove_rule(p, r) ) if ( ! p$plugin$remove_rule(p, r, reason) )
{ {
# still continue and send to other plugins # still continue and send to other plugins
log_rule_error(r, "remove failed", p); if ( reason != "" )
log_rule_error(r, fmt("remove failed (original reason: %s)", reason), p);
else
log_rule_error(r, "remove failed", p);
success = F; success = F;
} }
else else
{ {
log_rule(r, "REMOVE", REQUESTED, p); log_rule(r, "REMOVE", REQUESTED, p, reason);
} }
return success; return success;
} }
function remove_rule_impl(id: string) : bool function remove_rule_impl(id: string, reason: string) : bool
{ {
if ( id !in rules ) if ( id !in rules )
{ {
@ -865,7 +880,7 @@ function remove_rule_impl(id: string) : bool
for ( plugin_id in r$_active_plugin_ids ) for ( plugin_id in r$_active_plugin_ids )
{ {
local p = plugin_ids[plugin_id]; local p = plugin_ids[plugin_id];
success = remove_rule_plugin(r, p); success = remove_rule_plugin(r, p, reason);
} }
return success; return success;

8
scripts/base/frameworks/netcontrol/non-cluster.bro
View file

@ -12,14 +12,14 @@ function add_rule(r: Rule) : string
return add_rule_impl(r); return add_rule_impl(r);
} }
function delete_rule(id: string) : bool function delete_rule(id: string, reason: string &default="") : bool
{ {
return delete_rule_impl(id); return delete_rule_impl(id, reason);
} }
function remove_rule(id: string) : bool function remove_rule(id: string, reason: string &default="") : bool
{ {
return remove_rule_impl(id); return remove_rule_impl(id, reason);
} }
event rule_expire(r: Rule, p: PluginState) &priority=-5 event rule_expire(r: Rule, p: PluginState) &priority=-5

8
scripts/base/frameworks/netcontrol/plugin.bro
View file

@ -68,13 +68,7 @@ export {
## ``id`` field will match that of the add_rule() call. Generally, ## ``id`` field will match that of the add_rule() call. Generally,
## a plugin that accepts an add_rule() should also accept the ## a plugin that accepts an add_rule() should also accept the
## remove_rule(). ## remove_rule().
remove_rule: function(state: PluginState, r: Rule) : bool &optional; remove_rule: function(state: PluginState, r: Rule, reason: string) : bool &optional;
## A transaction groups a number of operations. The plugin can add them internally
## and postpone putting them into effect until committed. This allows to build a
## configuration of multiple rules at once, including replaying a previous state.
transaction_begin: function(state: PluginState) &optional;
transaction_end: function(state: PluginState) &optional;
}; };
## Table for a plugin to store instance-specific configuration information. ## Table for a plugin to store instance-specific configuration information.

10
scripts/base/frameworks/netcontrol/plugins/acld.bro
View file

@ -247,7 +247,7 @@ function acld_add_rule_fun(p: PluginState, r: Rule) : bool
return T; return T;
} }
function acld_remove_rule_fun(p: PluginState, r: Rule) : bool function acld_remove_rule_fun(p: PluginState, r: Rule, reason: string) : bool
{ {
if ( ! acld_check_rule(p, r) ) if ( ! acld_check_rule(p, r) )
return F; return F;
@ -258,6 +258,14 @@ function acld_remove_rule_fun(p: PluginState, r: Rule) : bool
else else
return F; return F;
if ( reason != "" )
{
if ( ar?$comment )
ar$comment = fmt("%s (%s)", reason, ar$comment);
else
ar$comment = reason;
}
Broker::send_event(p$acld_config$acld_topic, Broker::event_args(acld_remove_rule, p$acld_id, r, ar)); Broker::send_event(p$acld_config$acld_topic, Broker::event_args(acld_remove_rule, p$acld_id, r, ar));
return T; return T;
} }

6
scripts/base/frameworks/netcontrol/plugins/broker.bro
View file

@ -46,7 +46,7 @@ export {
}; };
global broker_add_rule: event(id: count, r: Rule); global broker_add_rule: event(id: count, r: Rule);
global broker_remove_rule: event(id: count, r: Rule); global broker_remove_rule: event(id: count, r: Rule, reason: string);
global broker_rule_added: event(id: count, r: Rule, msg: string); global broker_rule_added: event(id: count, r: Rule, msg: string);
global broker_rule_removed: event(id: count, r: Rule, msg: string); global broker_rule_removed: event(id: count, r: Rule, msg: string);
@ -155,12 +155,12 @@ function broker_add_rule_fun(p: PluginState, r: Rule) : bool
return T; return T;
} }
function broker_remove_rule_fun(p: PluginState, r: Rule) : bool function broker_remove_rule_fun(p: PluginState, r: Rule, reason: string) : bool
{ {
if ( ! broker_check_rule(p, r) ) if ( ! broker_check_rule(p, r) )
return F; return F;
Broker::send_event(p$broker_config$topic, Broker::event_args(broker_remove_rule, p$broker_id, r)); Broker::send_event(p$broker_config$topic, Broker::event_args(broker_remove_rule, p$broker_id, r, reason));
return T; return T;
} }

18
scripts/base/frameworks/netcontrol/plugins/debug.bro
View file

@ -55,34 +55,22 @@ function debug_add_rule(p: PluginState, r: Rule) : bool
return F; return F;
} }
function debug_remove_rule(p: PluginState, r: Rule) : bool function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool
{ {
local s = fmt("remove_rule: %s", r); local s = fmt("remove_rule (%s): %s", reason, r);
debug_log(p, s); debug_log(p, s);
event NetControl::rule_removed(r, p); event NetControl::rule_removed(r, p);
return T; return T;
} }
function debug_transaction_begin(p: PluginState)
{
debug_log(p, "transaction_begin");
}
function debug_transaction_end(p: PluginState)
{
debug_log(p, "transaction_end");
}
global debug_plugin = Plugin( global debug_plugin = Plugin(
$name=debug_name, $name=debug_name,
$can_expire = F, $can_expire = F,
$init = debug_init, $init = debug_init,
$done = debug_done, $done = debug_done,
$add_rule = debug_add_rule, $add_rule = debug_add_rule,
$remove_rule = debug_remove_rule, $remove_rule = debug_remove_rule
$transaction_begin = debug_transaction_begin,
$transaction_end = debug_transaction_end
); );
function create_debug(do_something: bool) : PluginState function create_debug(do_something: bool) : PluginState

4
scripts/base/frameworks/netcontrol/plugins/openflow.bro
View file

@ -324,7 +324,7 @@ function openflow_add_rule(p: PluginState, r: Rule) : bool
return T; return T;
} }
function openflow_remove_rule(p: PluginState, r: Rule) : bool function openflow_remove_rule(p: PluginState, r: Rule, reason: string) : bool
{ {
if ( ! openflow_check_rule(p, r) ) if ( ! openflow_check_rule(p, r) )
return F; return F;
@ -444,8 +444,6 @@ global openflow_plugin = Plugin(
# $done = openflow_done, # $done = openflow_done,
$add_rule = openflow_add_rule, $add_rule = openflow_add_rule,
$remove_rule = openflow_remove_rule $remove_rule = openflow_remove_rule
# $transaction_begin = openflow_transaction_begin,
# $transaction_end = openflow_transaction_end
); );
function create_openflow(controller: OpenFlow::Controller, config: OfConfig &default=[]) : PluginState function create_openflow(controller: OpenFlow::Controller, config: OfConfig &default=[]) : PluginState

2
scripts/base/frameworks/netcontrol/plugins/packetfilter.bro
View file

@ -63,7 +63,7 @@ function packetfilter_add_rule(p: PluginState, r: Rule) : bool
return F; return F;
} }
function packetfilter_remove_rule(p: PluginState, r: Rule) : bool function packetfilter_remove_rule(p: PluginState, r: Rule, reason: string) : bool
{ {
if ( ! packetfilter_check_rule(r) ) if ( ! packetfilter_check_rule(r) )
return F; return F;

2
testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out
View file

@ -1,4 +1,4 @@
Broker::incoming_connection_established Broker::incoming_connection_established
add_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP add_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
add_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP add_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP
remove_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP remove_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP, removing

22
testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.netcontrol.log
View file

@ -3,18 +3,18 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path netcontrol #path netcontrol
#open 2016-03-24-22-00-58 #open 2016-08-05-17-34-55
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
#types time string enum string enum string enum string string string string int interval string string #types time string enum string enum string enum string string string string int interval string string
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Broker-bro/event/netcontroltest 0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Broker-bro/event/netcontroltest
0.000000 - NetControl::MESSAGE - - - - - - - waiting for plugins to initialize - - - - 0.000000 - NetControl::MESSAGE - - - - - - - waiting for plugins to initialize - - - -
1458856858.169980 - NetControl::MESSAGE - - - - - - - activation finished - - - Broker-bro/event/netcontroltest 1470418495.661396 - NetControl::MESSAGE - - - - - - - activation finished - - - Broker-bro/event/netcontroltest
1458856858.169980 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - 1470418495.661396 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
1458856858.553916 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest 1470418496.045332 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1458856858.553916 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest 1470418496.045332 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1458856858.553948 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest 1470418496.045364 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1458856858.553948 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest 1470418496.045364 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1458856858.553948 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest 1470418496.045364 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest
1458856858.553948 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest 1470418496.045364 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - removing 0 36000.000000 - Broker-bro/event/netcontroltest
1458856858.553948 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest 1470418496.045364 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 36000.000000 - Broker-bro/event/netcontroltest
#close 2016-03-24-22-00-59 #close 2016-08-05-17-34-56

6
testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-2/netcontrol.log
View file

@ -3,7 +3,7 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path netcontrol #path netcontrol
#open 2016-05-31-18-51-29 #open 2016-08-05-17-37-18
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
#types time string enum string enum string enum string string string string int interval string string #types time string enum string enum string enum string string string string int interval string string
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All 0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All
@ -11,8 +11,10 @@
0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - 0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
1398529018.678276 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 120.000000 - Debug-All 1398529018.678276 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 120.000000 - Debug-All
1398529018.678276 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 120.000000 - Debug-All 1398529018.678276 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 120.000000 - Debug-All
1398529018.678276 2 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule 0 120.000000 - -
1398529018.678276 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: test drop Debug-All 1398529018.678276 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: test drop Debug-All
1398529018.678276 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: test drop Debug-All 1398529018.678276 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: test drop Debug-All
1398529018.678276 3 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule 0 3600.000000 Re-drop by catch-and-release: test drop -
1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: test drop Debug-All 1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: test drop Debug-All
1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: test drop Debug-All 1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: test drop Debug-All
#close 2016-05-31-18-51-29 #close 2016-08-05-17-37-18

32
testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol.log
View file

@ -3,21 +3,21 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path netcontrol #path netcontrol
#open 2016-07-13-16-15-31 #open 2016-08-05-17-46-57
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
#types time string enum string enum string enum string string string string int interval string string #types time string enum string enum string enum string string string string int interval string string
1468426531.690018 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All 1470419217.355712 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All
1468426531.690018 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All 1470419217.355712 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All
1468426531.690018 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - 1470419217.355712 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
1468426534.768038 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All 1470419220.470685 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All
1468426534.768038 worker-1:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All 1470419220.470685 worker-1:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All
1468426534.768038 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All 1470419220.470685 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All
1468426534.768038 worker-1:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All 1470419220.470685 worker-1:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All
1468426534.868423 worker-1:2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All 1470419220.570873 worker-1:2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All
1468426534.868423 worker-1:2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All 1470419220.570873 worker-1:2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All
1468426534.870147 worker-1:2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All 1470419220.572465 worker-1:2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 0.100000 - Debug-All
1468426536.256898 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All 1470419221.963109 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - reason here 0 600.000000 - Debug-All
1468426536.256898 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All 1470419221.963109 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All
1468426536.256898 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All 1470419221.963109 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All
1468426536.256898 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All 1470419221.963109 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 8.8.8.8/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All
#close 2016-07-13-16-15-36 #close 2016-08-05-17-47-02

22
testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-cluster/manager-1.netcontrol_catch_release.log
View file

@ -3,16 +3,16 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path netcontrol_catch_release #path netcontrol_catch_release
#open 2016-07-13-16-15-34 #open 2016-08-05-17-47-19
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message #fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message
#types time string addr enum interval interval time time count string string #types time string addr enum interval interval time time count string string
1468426534.768038 2 192.168.18.50 NetControl::DROP 600.000000 3600.000000 1468427134.768038 1468430134.768038 1 - - 1470419239.093089 2 192.168.18.50 NetControl::DROP 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - -
1468426534.768038 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 1468427134.768038 1468430134.768038 1 - - 1470419239.093089 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - -
1468426534.768038 worker-1:2 8.8.8.8 NetControl::ADDED 600.000000 3600.000000 - 1468430134.768038 1 - Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic. 1470419239.093089 worker-1:2 8.8.8.8 NetControl::ADDED 600.000000 3600.000000 - 1470422839.093089 1 - Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.
1468426534.868423 worker-1:2 8.8.8.8 NetControl::UNBLOCK 600.000000 3600.000000 - 1468430134.768038 1 - - 1470419239.193930 worker-1:2 8.8.8.8 NetControl::UNBLOCK 600.000000 3600.000000 - 1470422839.093089 1 - -
1468426536.256898 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1468427134.768038 1468430134.768038 1 - Block seen while in rule_entities. No action taken. 1470419240.599721 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - Block seen while in rule_entities. No action taken.
1468426536.256898 2 192.168.18.50 NetControl::UNBLOCK 600.000000 3600.000000 1468427134.768038 1468430134.768038 1 - - 1470419240.599721 2 192.168.18.50 NetControl::UNBLOCK 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - reason here
1468426536.256898 4 8.8.8.8 NetControl::SEEN_AGAIN 3600.000000 86400.000000 1468430136.256898 1468512936.256898 2 - - 1470419240.599721 4 8.8.8.8 NetControl::SEEN_AGAIN 3600.000000 86400.000000 1470422840.599721 1470505640.599721 2 - -
1468426536.256898 4 8.8.8.8 NetControl::DROPPED 3600.000000 86400.000000 1468430136.256898 1468512936.256898 2 - - 1470419240.599721 4 8.8.8.8 NetControl::DROPPED 3600.000000 86400.000000 1470422840.599721 1470505640.599721 2 - -
1468426534.288954 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1468427134.768038 1468430134.768038 1 - Already blocked using catch-and-release - ignoring duplicate 1470419238.504810 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 1470419839.093089 1470422839.093089 1 - Already blocked using catch-and-release - ignoring duplicate
#close 2016-07-13-16-15-36 #close 2016-08-05-17-47-20

2
testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release-forgotten/.stdout
View file

@ -1,4 +1,4 @@
netcontrol debug (Debug-All): init netcontrol debug (Debug-All): init
netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.0.0.1/32, mac=<uninitialized>], expire=1.0 sec, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F] netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.0.0.1/32, mac=<uninitialized>], expire=1.0 sec, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.0.0.1/32, mac=<uninitialized>], expire=1.0 sec, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.0.0.1/32, mac=<uninitialized>], expire=1.0 sec, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
Forgotten: , 10.0.0.1, [block_until=1254722768.49206, watch_until=1254722769.49206, num_reblocked=0, current_interval=0, current_block_id=2, location=<uninitialized>] Forgotten: , 10.0.0.1, [block_until=1254722768.49206, watch_until=1254722769.49206, num_reblocked=0, current_interval=0, current_block_id=2, location=<uninitialized>]

9
testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log
View file

@ -3,7 +3,7 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path netcontrol #path netcontrol
#open 2016-05-31-18-51-24 #open 2016-08-05-17-37-11
#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin
#types time string enum string enum string enum string string string string int interval string string #types time string enum string enum string enum string string string string int interval string string
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All 0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All
@ -11,14 +11,19 @@
0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - 0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
1398529018.678276 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All 1398529018.678276 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All
1398529018.678276 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All 1398529018.678276 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All
1398529018.678276 2 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 600.000000 - -
1398529018.678276 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All
1398529018.678276 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: Debug-All
1398529018.678276 3 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 3600.000000 Re-drop by catch-and-release: -
1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: Debug-All
1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: Debug-All
1398529018.678276 4 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 86400.000000 Re-drop by catch-and-release: -
1398529018.678276 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All
1398529018.678276 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All
1398529018.678276 5 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: -
1398529018.678276 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All
1398529018.678276 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All
1398529018.678276 6 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: -
1398529018.678276 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All
1398529018.678276 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All 1398529018.678276 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: Debug-All
#close 2016-05-31-18-51-24 #close 2016-08-05-17-37-11

8
testing/btest/Baseline/scripts.base.frameworks.netcontrol.delete-internal-state/.stdout
View file

@ -3,10 +3,10 @@ netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl:
netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F] netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F] netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F] netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _no_expire_plugins={\x0a\x0a}, _added=F]
netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
netcontrol debug (Debug-All): remove_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
netcontrol debug (Debug-All): remove_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T] netcontrol debug (Debug-All): remove_rule (): [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _no_expire_plugins={\x0a\x0a}, _added=T]
Dumping state Dumping state
{ {

6
testing/btest/scripts/base/frameworks/netcontrol/broker.bro
View file

@ -50,7 +50,7 @@ event connection_established(c: connection)
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string) event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{ {
print "rule added", r$entity, r$ty; print "rule added", r$entity, r$ty;
NetControl::remove_rule(r$id); NetControl::remove_rule(r$id, "removing");
} }
event NetControl::rule_exists(r: NetControl::Rule, p: NetControl::PluginState, msg: string) event NetControl::rule_exists(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
@ -103,9 +103,9 @@ event NetControl::broker_add_rule(id: count, r: NetControl::Rule)
Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo())); Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo()));
} }
event NetControl::broker_remove_rule(id: count, r: NetControl::Rule) event NetControl::broker_remove_rule(id: count, r: NetControl::Rule, reason: string)
{ {
print "remove_rule", id, r$entity, r$ty; print "remove_rule", id, r$entity, r$ty, reason;
Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_removed, id, r, "")); Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_removed, id, r, ""));

2
testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-cluster.bro
View file

@ -83,7 +83,7 @@ event connection_established(c: connection)
NetControl::drop_address_catch_release(id$orig_h); NetControl::drop_address_catch_release(id$orig_h);
if ( info$current_block_id != "" ) if ( info$current_block_id != "" )
{ {
NetControl::unblock_address_catch_release(id$orig_h); NetControl::unblock_address_catch_release(id$orig_h, "reason here");
} }
} }

2
testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro
View file

@ -26,7 +26,7 @@ event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, ms
return; return;
# delete directly, without notifying anything. # delete directly, without notifying anything.
NetControl::delete_rule(r$id); NetControl::delete_rule(r$id, "testing");
NetControl::catch_release_seen(subnet_to_addr(r$entity$ip)); NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
} }