Merge remote-tracking branch 'origin/master' into topic/johanna/netcontrol-improvements

scripts/base/frameworks/broker/main.bro

@@ -270,6 +270,8 @@ export {
 
 module Broker;
 
+@ifdef ( Broker::__enable )
+
 function enable(flags: EndpointFlags &default = EndpointFlags()) : bool
     {
     return __enable(flags);
@@ -370,3 +372,4 @@ function unsubscribe_to_logs(topic_prefix: string): bool
     return __unsubscribe_to_logs(topic_prefix);
     }
 
+@endif

scripts/base/frameworks/broker/store.bro

@@ -57,6 +57,8 @@ export {
 		rocksdb: RocksDBOptions &default = RocksDBOptions();
 	};
 
+@ifdef ( Broker::__enable )
+
 	## Create a master data store which contains key-value pairs.
 	##
 	## id: a unique name for the data store.
@@ -720,12 +722,16 @@ export {
 	##
 	## Returns: element in the collection that the iterator currently references.
 	global record_iterator_value: function(it: opaque of Broker::RecordIterator): Broker::Data;
+
+@endif
 }
 
 @load base/bif/store.bif
 
 module Broker;
 
+@ifdef ( Broker::__enable )
+
 function create_master(id: string, b: BackendType &default = MEMORY,
                        options: BackendOptions &default = BackendOptions()): opaque of Broker::Handle
 	{
@@ -1095,3 +1101,5 @@ function record_iterator_value(it: opaque of Broker::RecordIterator): Broker::Da
 	{
 	return __record_iterator_value(it);
 	}
+
+@endif

scripts/base/frameworks/cluster/main.bro

@@ -68,7 +68,7 @@ export {
 	## Events raised by TimeMachine instances and handled by workers.
 	const tm2worker_events = /EMPTY/ &redef;
 
-	## Events sent by the control host (i.e. BroControl) when dynamically
+	## Events sent by the control host (i.e., BroControl) when dynamically
 	## connecting to a running instance to update settings or request data.
 	const control_events = Control::controller_events &redef;
 

scripts/base/frameworks/netcontrol/main.bro

@@ -23,20 +23,20 @@ export {
 	# ###  Generic functions and events.
 	# ###
 
-	# Activates a plugin.
-	#
-	# p: The plugin to acticate.
-	#
-	# priority: The higher the priority, the earlier this plugin will be checked
-	# whether it supports an operation, relative to other plugins.
+	## Activates a plugin.
+	##
+	## p: The plugin to acticate.
+	##
+	## priority: The higher the priority, the earlier this plugin will be checked
+	##           whether it supports an operation, relative to other plugins.
 	global activate: function(p: PluginState, priority: int);
 
-	# Event that is used to initialize plugins. Place all plugin initialization
-	# related functionality in this event.
+	## Event that is used to initialize plugins. Place all plugin initialization
+	## related functionality in this event.
 	global NetControl::init: event();
 
-	# Event that is raised once all plugins activated in ``NetControl::init`` have finished
-	# their initialization.
+	## Event that is raised once all plugins activated in ``NetControl::init``
+	## have finished their initialization.
 	global NetControl::init_done: event();
 
 	# ###
@@ -109,21 +109,24 @@ export {
 	##
 	## r: The rule to install.
 	##
-	## Returns: If succesful, returns an ID string unique to the rule that can later
-	## be used to refer to it. If unsuccessful, returns an empty string. The ID is also
-	## assigned to ``r$id``. Note that "successful" means "a plugin knew how to handle
-	## the rule", it doesn't necessarily mean that it was indeed successfully put in
-	## place, because that might happen asynchronously and thus fail only later.
+	## Returns: If succesful, returns an ID string unique to the rule that can
+	##          later be used to refer to it. If unsuccessful, returns an empty
+	##          string. The ID is also assigned to ``r$id``. Note that
+	##          "successful" means "a plugin knew how to handle the rule", it
+	##          doesn't necessarily mean that it was indeed successfully put in
+	##          place, because that might happen asynchronously and thus fail
+	##          only later.
 	global add_rule: function(r: Rule) : string;
 
 	## Removes a rule.
 	##
-	## id: The rule to remove, specified as the ID returned by :bro:id:`add_rule` .
+	## id: The rule to remove, specified as the ID returned by :bro:id:`NetControl::add_rule`.
 	##
-	## Returns: True if succesful, the relevant plugin indicated that it knew how
-	## to handle the removal. Note that again "success" means the plugin accepted the
-	## removal. They might still fail to put it into effect, as that  might happen
-	## asynchronously and thus go wrong at that point.
+	## Returns: True if succesful, the relevant plugin indicated that it knew
+	##          how to handle the removal. Note that again "success" means the
+	##          plugin accepted the removal. They might still fail to put it
+	##          into effect, as that might happen asynchronously and thus go
+	##          wrong at that point.
 	global remove_rule: function(id: string) : bool;
 
 	## Deletes a rule without removing in from the backends to which it has been
@@ -180,7 +183,7 @@ export {
 	## r: The rule now removed.
 	##
 	## p: The state for the plugin that had the rule in place and now
-	## removed it.
+	##    removed it.
 	##
 	## msg: An optional informational message by the plugin.
 	global rule_removed: event(r: Rule, p: PluginState, msg: string &default="");
@@ -192,7 +195,7 @@ export {
 	## i: Additional flow information, if supported by the protocol.
 	##
 	## p: The state for the plugin that had the rule in place and now
-	## removed it.
+	##    removed it.
 	##
 	## msg: An optional informational message by the plugin.
 	global rule_timeout: event(r: Rule, i: FlowInfo, p: PluginState);

scripts/base/frameworks/netcontrol/plugins/acld.bro

@@ -6,6 +6,8 @@ module NetControl;
 @load ../plugin
 @load base/frameworks/broker
 
+@ifdef ( Broker::__enable )
+
 export {
 	type AclRule : record {
 		command: string;
@@ -306,3 +308,4 @@ function create_acld(config: AcldConfig) : PluginState
 	return p;
 	}
 
+@endif

scripts/base/frameworks/netcontrol/plugins/broker.bro

@@ -8,6 +8,8 @@ module NetControl;
 @load ../plugin
 @load base/frameworks/broker
 
+@ifdef ( Broker::__enable )
+
 export {
 	type BrokerConfig: record {
 		## The broker topic used to send events to
@@ -215,3 +217,5 @@ function create_broker(config: BrokerConfig, can_expire: bool) : PluginState
 
 	return p;
 	}
+
+@endif

scripts/base/frameworks/netcontrol/plugins/debug.bro

@@ -11,7 +11,7 @@ export {
 	## plugin simply logs the operations it receives.
 	##
 	## do_something: If true, the plugin will claim it supports all operations; if
-	## false, it will indicate it doesn't support any.
+	##               false, it will indicate it doesn't support any.
 	global create_debug: function(do_something: bool) : PluginState;
 }
 

scripts/base/frameworks/netcontrol/types.bro

@@ -14,7 +14,7 @@ export {
 		MAC,		##< Activity involving a MAC address.
 	};
 
-	## Type of a :bro:id:`Flow` for defining a flow.
+	## Type for defining a flow.
 	type Flow: record {
 		src_h: subnet &optional;	##< The source IP address/subnet.
 		src_p: port &optional;	##< The source port number.
@@ -27,10 +27,10 @@ export {
 	## Type defining the enity an :bro:id:`Rule` is operating on.
 	type Entity: record {
 		ty: EntityType;			##< Type of entity.
-		conn: conn_id &optional;	##< Used with :bro:id:`CONNECTION` .
-		flow: Flow &optional;	##< Used with :bro:id:`FLOW` .
-		ip: subnet &optional;		##< Used with bro:id:`ADDRESS`; can specifiy a CIDR subnet.
-		mac: string &optional;		##< Used with :bro:id:`MAC`.
+		conn: conn_id &optional;	##< Used with :bro:enum:`NetControl::CONNECTION`.
+		flow: Flow &optional;	##< Used with :bro:enum:`NetControl::FLOW`.
+		ip: subnet &optional;		##< Used with :bro:enum:`NetControl::ADDRESS` to specifiy a CIDR subnet.
+		mac: string &optional;		##< Used with :bro:enum:`NetControl::MAC`.
 	};
 
 	## Target of :bro:id:`Rule` action.
@@ -68,7 +68,7 @@ export {
 		WHITELIST,
 	};
 
-	## Type of a :bro:id:`FlowMod` for defining a flow modification action.
+	## Type for defining a flow modification action.
 	type FlowMod: record {
 		src_h: addr &optional;	##< The source IP address.
 		src_p: count &optional;	##< The source port number.
@@ -90,8 +90,8 @@ export {
 		priority: int &default=default_priority;	##< Priority if multiple rules match an entity (larger value is higher priority).
 		location: string &optional;	##< Optional string describing where/what installed the rule.
 
-		out_port: count &optional;		##< Argument for bro:id:`REDIRECT` rules.
-		mod: FlowMod &optional; ##< Argument for :bro:id:`MODIFY` rules.
+		out_port: count &optional;		##< Argument for :bro:enum:`NetControl::REDIRECT` rules.
+		mod: FlowMod &optional; ##< Argument for :bro:enum:`NetControl::MODIFY` rules.
 
 		id: string &default="";		##< Internally determined unique ID for this rule. Will be set when added.
 		cid: count &default=0;		##< Internally determined unique numeric ID for this rule. Set when added.

scripts/base/frameworks/notice/main.bro

@@ -44,6 +44,7 @@ export {
 		ACTION_ALARM,
 	};
 
+	## Type that represents a set of actions.
 	type ActionSet: set[Notice::Action];
 
 	## The notice framework is able to do automatic notice suppression by
@@ -52,6 +53,7 @@ export {
 	## suppression.
 	const default_suppression_interval = 1hrs &redef;
 
+	## The record type that is used for representing and logging notices.
 	type Info: record {
 		## An absolute time indicating when the notice occurred,
 		## defaults to the current network time.

scripts/base/frameworks/openflow/plugins/broker.bro

@@ -5,6 +5,8 @@
 
 module OpenFlow;
 
+@ifdef ( Broker::__enable )
+
 export {
 	redef enum Plugin += {
 		BROKER,
@@ -93,3 +95,4 @@ function broker_new(name: string, host: addr, host_port: port, topic: string, dp
 	return c;
 	}
 
+@endif

scripts/base/frameworks/packet-filter/netstats.bro

@@ -18,7 +18,7 @@ export {
 
 event net_stats_update(last_stat: NetStats)
 	{
-	local ns = net_stats();
+	local ns = get_net_stats();
 	local new_dropped = ns$pkts_dropped - last_stat$pkts_dropped;
 	if ( new_dropped > 0 )
 		{
@@ -38,5 +38,5 @@ event bro_init()
 	# Since this currently only calculates packet drops, let's skip the stats
 	# collection if reading traces.
 	if ( ! reading_traces() )
-		schedule stats_collection_interval { net_stats_update(net_stats()) };
+		schedule stats_collection_interval { net_stats_update(get_net_stats()) };
 	}

scripts/base/frameworks/sumstats/main.bro

@@ -5,7 +5,8 @@
 module SumStats;
 
 export {
-	## The various calculations are all defined as plugins.
+	## Type to represent the calculations that are available.  The calculations
+	## are all defined as plugins.
 	type Calculation: enum {
 		PLACEHOLDER
 	};
@@ -39,6 +40,7 @@ export {
 		str:  string &optional;
 	};
 
+	## Represents a reducer.
 	type Reducer: record {
 		## Observation stream identifier for the reducer
 		## to attach to.
@@ -56,7 +58,7 @@ export {
 		normalize_key:  function(key: SumStats::Key): Key &optional;
 	};
 
-	## Value calculated for an observation stream fed into a reducer.
+	## Result calculated for an observation stream fed into a reducer.
 	## Most of the fields are added by plugins.
 	type ResultVal: record {
 		## The time when the first observation was added to
@@ -71,14 +73,15 @@ export {
 		num:    count &default=0;
 	};
 
-	## Type to store results for multiple reducers.
+	## Type to store a table of results for multiple reducers indexed by
+	## observation stream identifier.
 	type Result: table[string] of ResultVal;
 
 	## Type to store a table of sumstats results indexed by keys.
 	type ResultTable: table[Key] of Result;
 
-	## SumStats represent an aggregation of reducers along with
-	## mechanisms to handle various situations like the epoch ending
+	## Represents a SumStat, which consists of an aggregation of reducers along
+	## with mechanisms to handle various situations like the epoch ending
 	## or thresholds being crossed.
 	##
 	## It's best to not access any global state outside
@@ -101,21 +104,28 @@ export {
 		## The reducers for the SumStat.
 		reducers:           set[Reducer];
 
-		## Provide a function to calculate a value from the
-		## :bro:see:`SumStats::Result` structure which will be used
-		## for thresholding.
-		## This is required if a *threshold* value is given.
+		## A function that will be called once for each observation in order
+		## to calculate a value from the :bro:see:`SumStats::Result` structure
+		## which will be used for thresholding.
+		## This function is required if a *threshold* value or
+		## a *threshold_series* is given.
 		threshold_val:      function(key: SumStats::Key, result: SumStats::Result): double &optional;
 
-		## The threshold value for calling the
-		## *threshold_crossed* callback.
+		## The threshold value for calling the *threshold_crossed* callback.
+		## If you need more than one threshold value, then use
+		## *threshold_series* instead.
 		threshold:          double            &optional;
 
-		## A series of thresholds for calling the
-		## *threshold_crossed* callback.
+		## A series of thresholds for calling the *threshold_crossed*
+		## callback.  These thresholds must be listed in ascending order,
+		## because a threshold is not checked until the preceding one has
+		## been crossed.
 		threshold_series:   vector of double  &optional;
 
 		## A callback that is called when a threshold is crossed.
+		## A threshold is crossed when the value returned from *threshold_val*
+		## is greater than or equal to the threshold value, but only the first
+		## time this happens within an epoch.
 		threshold_crossed:  function(key: SumStats::Key, result: SumStats::Result) &optional;
 
 		## A callback that receives each of the results at the
@@ -130,6 +140,8 @@ export {
 	};
 
 	## Create a summary statistic.
+	##
+	## ss: The SumStat to create.
 	global create: function(ss: SumStats::SumStat);
 
 	## Add data into an observation stream. This should be

scripts/base/frameworks/sumstats/plugins/average.bro

@@ -1,3 +1,5 @@
+##! Calculate the average.
+
 @load ../main
 
 module SumStats;
@@ -9,7 +11,7 @@ export {
 	};
 
 	redef record ResultVal += {
-		## For numeric data, this calculates the average of all values.
+		## For numeric data, this is the average of all values.
 		average: double &optional;
 	};
 }

scripts/base/frameworks/sumstats/plugins/hll_unique.bro

@@ -1,3 +1,5 @@
+##! Calculate the number of unique values (using the HyperLogLog algorithm).
+
 @load base/frameworks/sumstats
 
 module SumStats;

scripts/base/frameworks/sumstats/plugins/last.bro

@@ -1,3 +1,5 @@
+##! Keep the last X observations.
+
 @load base/frameworks/sumstats
 @load base/utils/queue
 

scripts/base/frameworks/sumstats/plugins/max.bro

@@ -1,3 +1,5 @@
+##! Find the maximum value.
+
 @load ../main
 
 module SumStats;
@@ -9,7 +11,7 @@ export {
 	};
 
 	redef record ResultVal += {
-		## For numeric data, this tracks the maximum value given.
+		## For numeric data, this tracks the maximum value.
 		max: double &optional;
 	};
 }

scripts/base/frameworks/sumstats/plugins/min.bro

@@ -1,3 +1,5 @@
+##! Find the minimum value.
+
 @load ../main
 
 module SumStats;
@@ -9,7 +11,7 @@ export {
 	};
 
 	redef record ResultVal += {
-		## For numeric data, this tracks the minimum value given.
+		## For numeric data, this tracks the minimum value.
 		min: double &optional;
 	};
 }

scripts/base/frameworks/sumstats/plugins/sample.bro

@@ -1,3 +1,5 @@
+##! Keep a random sample of values.
+
 @load base/frameworks/sumstats/main
 
 module SumStats;
@@ -10,7 +12,7 @@ export {
 	};
 
 	redef record Reducer += {
-		## A number of sample Observations to collect.
+		## The number of sample Observations to collect.
 		num_samples: count &default=0;
 	};
 

scripts/base/frameworks/sumstats/plugins/std-dev.bro

@@ -1,3 +1,5 @@
+##! Calculate the standard deviation.
+
 @load ./variance
 @load ../main
 
@@ -5,7 +7,7 @@ module SumStats;
 
 export {
 	redef enum Calculation += {
-		## Find the standard deviation of the values.
+		## Calculate the standard deviation of the values.
 		STD_DEV
 	};
 

scripts/base/frameworks/sumstats/plugins/sum.bro

@@ -1,11 +1,13 @@
+##! Calculate the sum.
+
 @load ../main
 
 module SumStats;
 
 export {
 	redef enum Calculation += {
-		## Sums the values given.  For string values,
-		## this will be the number of strings given.
+		## Calculate the sum of the values.  For string values,
+		## this will be the number of strings.
 		SUM
 	};
 

scripts/base/frameworks/sumstats/plugins/topk.bro

@@ -1,3 +1,5 @@
+##! Keep the top-k (i.e., most frequently occurring) observations.
+
 @load base/frameworks/sumstats
 
 module SumStats;
@@ -9,10 +11,13 @@ export {
 	};
 
 	redef enum Calculation += {
+		## Keep a top-k list of values.
 		TOPK
 	};
 
 	redef record ResultVal += {
+		## A handle which can be passed to some built-in functions to get
+		## the top-k results.
 		topk: opaque of topk &optional;
 	};
 

scripts/base/frameworks/sumstats/plugins/unique.bro

@@ -1,10 +1,12 @@
+##! Calculate the number of unique values.
+
 @load ../main
 
 module SumStats;
 
 export {
 	redef record Reducer += {
-		## Maximum number of unique elements to store.
+		## Maximum number of unique values to store.
 		unique_max: count &optional;
 	};
 
@@ -15,7 +17,7 @@ export {
 
 	redef record ResultVal += {
 		## If cardinality is being tracked, the number of unique
-		## items is tracked here.
+		## values is tracked here.
 		unique: count &default=0;
 	};
 }

scripts/base/frameworks/sumstats/plugins/variance.bro

@@ -1,3 +1,5 @@
+##! Calculate the variance.
+
 @load ./average
 @load ../main
 
@@ -5,12 +7,12 @@ module SumStats;
 
 export {
 	redef enum Calculation += {
-		## Find the variance of the values.
+		## Calculate the variance of the values.
 		VARIANCE
 	};
 
 	redef record ResultVal += {
-		## For numeric data, this calculates the variance.
+		## For numeric data, this is the variance.
 		variance: double &optional;
 	};
 }