Broker: Remove network time initialization

Remove the special case of initializing network time if it hasn't happened yet. The argument about broker.log containing 0.0 timestamps is more a problem of the log, not something that would justify modifying network time globally. For broker.log and possibly cluster.log, it might be more reasonable to use current time, anyway. I was a bit wary about tables backed by broker stores being populated with network_time set to 0.0, but there seems to exist logic and assumptions that this is okay: It should be the same as if one populates a table with expirations set within zeek_init(). In fact, staring a bit more, *not setting* network time might be more correct as workers that don't see packets would never set zeek_start_network_time which is used within the expiration computation.
2025-10-02 14:48:21 +00:00 · 2023-03-24 13:20:44 +01:00 · 2023-03-24 13:20:44 +01:00 · 59b1e29e81
commit 59b1e29e81
parent 96bbb96b35
3 changed files with 10 additions and 22 deletions
--- a/src/broker/Manager.cc
+++ b/src/broker/Manager.cc
@ -1218,21 +1218,6 @@ void Manager::Process()
 				ProcessStoreResponse(s.second, move(r));
 			}
 		}
 	if ( had_input )
 		{
 		if ( run_state::network_time == 0 )
 			{
 			// If we're getting Broker messages, but still haven't initialized
 			// run_state::network_time, may as well do so now because otherwise the
 			// broker/cluster logs will end up using timestamp 0.
 			//
 			// Do not do this when allow_network_time_forard is set to F
 			// with the assumption that this is unwanted behavior.
 			if ( get_option("allow_network_time_forward")->AsBool() )
 				run_state::detail::update_network_time(util::current_time());
 			}
 		}
 	}
 void Manager::ProcessStoreEventInsertUpdate(const TableValPtr& table, const std::string& store_id,
--- a/testing/btest/Baseline/core.suspend_processing.broker/worker..stdout
+++ b/testing/btest/Baseline/core.suspend_processing.broker/worker..stdout
@ -3,6 +3,7 @@
 0.0, zeek_init: broker peering
 0.0, Broker::peer_added
 0.0, do_continue_processing
-1300475167.096535, network_time_init
+1362692526.869344, network_time_init
-1300475173.475401, Pcap::file_done, <...>/wikipedia.trace
+1362692526.869344, new_connection, CHhAvVGS1DHFjwGM9, [orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp]
-1300475173.475401, zeek_done
+1362692527.080972, Pcap::file_done, <...>/get.trace
 1362692527.080972, zeek_done
--- a/testing/btest/core/suspend_processing/broker.zeek
+++ b/testing/btest/core/suspend_processing/broker.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Suspend pcap processing on a worker and wait for the manager to trigger continue processing via a broker message. Ensure network_time() is not initialized until continue_processing() is called.
 # @TEST-PORT: BROKER_PORT
 # @TEST-EXEC: btest-bg-run manager "zeek -b ../manager.zeek"
-# @TEST-EXEC: btest-bg-run worker "zeek -r $TRACES/wikipedia.trace -b ../worker.zeek"
+# @TEST-EXEC: btest-bg-run worker "zeek -r $TRACES/http/get.trace -b ../worker.zeek"
 # @TEST-EXEC: btest-bg-wait 5
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff worker/.stdout
@ -9,9 +9,6 @@
@TEST-START-FILE worker.zeek
 # If we're not setting this, broker will initialize network_time.
 redef allow_network_time_forward = F;
 event zeek_init()
 	{
 	print network_time(), "zeek_init: suspend_processing()";
@ -46,6 +43,11 @@ event network_time_init()
 	print network_time(), "network_time_init";
 	}
 event new_connection(c: connection)
 	{
 	print network_time(), "new_connection", c$uid, c$id;
 	}
 event Pcap::file_done(path: string)
 	{
 	print network_time(), "Pcap::file_done", path;