Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'"

This reverts commit 4e797ddbbc, reversing changes made to 3ac28ba5a2.
2025-10-09 10:08:20 +00:00 · 2023-05-31 09:20:33 +02:00 · 2023-05-31 09:20:33 +02:00 · 5a3abbe364
commit 5a3abbe364
parent cfbb7eb8ee
78 changed files with 340 additions and 1286 deletions
--- a/scripts/base/protocols/dhcp/main.zeek
+++ b/scripts/base/protocols/dhcp/main.zeek
@ -134,7 +134,7 @@ event zeek_init() &priority=5
 	Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, ports);
 	}

-@if ( Cluster::is_enabled() ) &analyze
+@if ( Cluster::is_enabled() )
 event zeek_init()
 	{
 	Broker::auto_publish(Cluster::manager_topic, DHCP::aggregate_msgs);
@ -180,7 +180,7 @@ global join_data: table[count] of Info = table()



-@if ( ! Cluster::is_enabled() || Cluster::local_node_type() == Cluster::MANAGER ) &analyze
+@if ( ! Cluster::is_enabled() || Cluster::local_node_type() == Cluster::MANAGER )
 # We are handling this event at priority 1000 because we really want
 # the DHCP::log_info global to be set correctly before a user might try
 # to access it.
--- a/scripts/base/protocols/ftp/main.zeek
+++ b/scripts/base/protocols/ftp/main.zeek
@ -216,30 +216,27 @@ function ftp_message(c: connection)
 	delete s$data_channel;
 	}

-const cluster_is_enabled = Cluster::is_enabled();
-const should_publish =
-	Cluster::local_node_type() == Cluster::PROXY ||
-	Cluster::local_node_type() == Cluster::MANAGER;
-
 event sync_add_expected_data(s: Info, chan: ExpectedDataChannel) &is_used
 	{
-	if ( should_publish )
-		Broker::publish(Cluster::worker_topic, sync_add_expected_data, minimize_info(s), chan);
-	else
-		{
-		ftp_data_expected[chan$resp_h, chan$resp_p] = s;
-		Analyzer::schedule_analyzer(chan$orig_h, chan$resp_h, chan$resp_p,
-					    Analyzer::ANALYZER_FTP_DATA,
-					    5mins);
-		}
+@if ( Cluster::local_node_type() == Cluster::PROXY ||
+      Cluster::local_node_type() == Cluster::MANAGER )
+	Broker::publish(Cluster::worker_topic, sync_add_expected_data, minimize_info(s), chan);
+@else
+	ftp_data_expected[chan$resp_h, chan$resp_p] = s;
+	Analyzer::schedule_analyzer(chan$orig_h, chan$resp_h, chan$resp_p,
+	                            Analyzer::ANALYZER_FTP_DATA,
+	                            5mins);
+@endif
 	}

 event sync_remove_expected_data(resp_h: addr, resp_p: port) &is_used
 	{
-	if ( should_publish )
-		Broker::publish(Cluster::worker_topic, sync_remove_expected_data, resp_h, resp_p);
-	else
-		delete ftp_data_expected[resp_h, resp_p];
+@if ( Cluster::local_node_type() == Cluster::PROXY ||
+      Cluster::local_node_type() == Cluster::MANAGER )
+	Broker::publish(Cluster::worker_topic, sync_remove_expected_data, resp_h, resp_p);
+@else
+	delete ftp_data_expected[resp_h, resp_p];
+@endif
 	}

 function add_expected_data_channel(s: Info, chan: ExpectedDataChannel)
@ -250,8 +247,9 @@ function add_expected_data_channel(s: Info, chan: ExpectedDataChannel)
 	Analyzer::schedule_analyzer(chan$orig_h, chan$resp_h, chan$resp_p,
 	                            Analyzer::ANALYZER_FTP_DATA,
 	                            5mins);
-	if ( cluster_is_enabled )
-		Broker::publish(ftp_relay_topic(), sync_add_expected_data, minimize_info(s), chan);
+@if ( Cluster::is_enabled() )
+	Broker::publish(ftp_relay_topic(), sync_add_expected_data, minimize_info(s), chan);
+@endif
 	}

 event ftp_request(c: connection, command: string, arg: string) &priority=5
@ -466,8 +464,9 @@ hook finalize_ftp_data(c: connection)
 	if ( [c$id$resp_h, c$id$resp_p] in ftp_data_expected )
 		{
 		delete ftp_data_expected[c$id$resp_h, c$id$resp_p];
-		if ( cluster_is_enabled )
-			Broker::publish(ftp_relay_topic(), sync_remove_expected_data, c$id$resp_h, c$id$resp_p);
+@if ( Cluster::is_enabled() )
+		Broker::publish(ftp_relay_topic(), sync_remove_expected_data, c$id$resp_h, c$id$resp_p);
+@endif
 		}
 	}

--- a/scripts/base/protocols/irc/dcc-send.zeek
+++ b/scripts/base/protocols/irc/dcc-send.zeek
@ -44,29 +44,26 @@ function dcc_relay_topic(): string &is_used
 	return rval;
 	}

-const cluster_is_enabled = Cluster::is_enabled();
-const should_publish =
-	Cluster::local_node_type() == Cluster::PROXY ||
-	Cluster::local_node_type() == Cluster::MANAGER;
-
 event dcc_transfer_add(host: addr, p: port, info: Info) &is_used
 	{
-	if ( should_publish )
-		Broker::publish(Cluster::worker_topic, dcc_transfer_add, host, p, info);
-	else
-		{
-		dcc_expected_transfers[host, p] = info;
-		Analyzer::schedule_analyzer(0.0.0.0, host, p,
-					    Analyzer::ANALYZER_IRC_DATA, 5 min);
-		}
+@if ( Cluster::local_node_type() == Cluster::PROXY ||
+      Cluster::local_node_type() == Cluster::MANAGER )
+    Broker::publish(Cluster::worker_topic, dcc_transfer_add, host, p, info);
+@else
+	dcc_expected_transfers[host, p] = info;
+	Analyzer::schedule_analyzer(0.0.0.0, host, p,
+	                            Analyzer::ANALYZER_IRC_DATA, 5 min);
+@endif
 	}

 event dcc_transfer_remove(host: addr, p: port) &is_used
 	{
-	if ( should_publish )
-		Broker::publish(Cluster::worker_topic, dcc_transfer_remove, host, p);
-	else
-		delete dcc_expected_transfers[host, p];
+@if ( Cluster::local_node_type() == Cluster::PROXY ||
+      Cluster::local_node_type() == Cluster::MANAGER )
+    Broker::publish(Cluster::worker_topic, dcc_transfer_remove, host, p);
+@else
+	delete dcc_expected_transfers[host, p];
+@endif
 	}

 function log_dcc(f: fa_file)
@ -92,9 +89,10 @@ function log_dcc(f: fa_file)

 		delete dcc_expected_transfers[cid$resp_h, cid$resp_p];

-		if ( cluster_is_enabled )
-			Broker::publish(dcc_relay_topic(), dcc_transfer_remove,
-					cid$resp_h, cid$resp_p);
+@if ( Cluster::is_enabled() )
+		Broker::publish(dcc_relay_topic(), dcc_transfer_remove,
+		                cid$resp_h, cid$resp_p);
+@endif
 		return;
 		}
 	}
@ -119,8 +117,9 @@ event irc_dcc_message(c: connection, is_orig: bool,
 	Analyzer::schedule_analyzer(0.0.0.0, address, p, Analyzer::ANALYZER_IRC_DATA, 5 min);
 	dcc_expected_transfers[address, p] = c$irc;

-	if ( cluster_is_enabled )
-		Broker::publish(dcc_relay_topic(), dcc_transfer_add, address, p, c$irc);
+@if ( Cluster::is_enabled() )
+	Broker::publish(dcc_relay_topic(), dcc_transfer_add, address, p, c$irc);
+@endif
 	}

 event scheduled_analyzer_applied(c: connection, a: Analyzer::Tag) &priority=10
@ -139,8 +138,9 @@ hook finalize_irc_data(c: connection)
 		{
 		delete dcc_expected_transfers[c$id$resp_h, c$id$resp_p];

-		if ( cluster_is_enabled )
-			Broker::publish(dcc_relay_topic(), dcc_transfer_remove,
-					c$id$resp_h, c$id$resp_p);
+@if ( Cluster::is_enabled() )
+		Broker::publish(dcc_relay_topic(), dcc_transfer_remove,
+		                c$id$resp_h, c$id$resp_p);
+@endif
 		}
 	}