diff --git a/policy/frameworks/cluster/base/__load__.bro b/policy/frameworks/cluster/base/__load__.bro index 1298861957..28c40c5afc 100644 --- a/policy/frameworks/cluster/base/__load__.bro +++ b/policy/frameworks/cluster/base/__load__.bro @@ -1,12 +1,16 @@ -@if ( Cluster::node != "" ) - # Load the core cluster support. @load frameworks/cluster/base/main +@if ( Cluster::node != "" ) + # Only load the communication framework if it really looks like someone is # trying to start up a cluster node. @load frameworks/communication +# Make this a controllable node since all cluster nodes are inherently +# controllable. +@load frameworks/control/controllee + ## If this script isn't found anywhere, the cluster bombs out. ## Loading the cluster framework requires that a script by this name exists ## somewhere in the BROPATH. The only thing in the file should be the @@ -21,6 +25,9 @@ # cluster framework is actually being enabled. @load frameworks/communication/listen-clear +## Set the port that this node is supposed to listen on. +redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p; + @if ( Cluster::nodes[Cluster::node]$node_type == Cluster::MANAGER ) @load frameworks/cluster/base/node/manager @endif diff --git a/policy/frameworks/cluster/base/main.bro b/policy/frameworks/cluster/base/main.bro index 00a133010a..32cd32cce7 100644 --- a/policy/frameworks/cluster/base/main.bro +++ b/policy/frameworks/cluster/base/main.bro @@ -1,5 +1,8 @@ @load utils/numbers +@load frameworks/notice +@load frameworks/control + module Cluster; export { @@ -26,14 +29,14 @@ export { ## Events raised by workers and handled by the manager. const worker_events = /(Notice::notice|TimeMachine::command|Drop::.*)/ &redef; - ## Events sent by the manager host (i.e. BroControl) when dynamically + ## Events sent by the control host (i.e. BroControl) when dynamically ## connecting to a running instance to update settings or request data. - const control_events = /Remote::(configuration_update|id_request|net_stats_request|peer_status_request)/ &redef; + const control_events = Control::controller_events &redef; ## Directory where the cluster is archiving logs. ## TODO: we need a sane default here. const log_dir = "/not/set" &redef; - + ## Record type to indicate a node in a cluster. type Node: record { node_type: NodeType; @@ -62,9 +65,6 @@ export { # Give the node being started up it's peer name. redef peer_description = Cluster::node; -## Set the port that this node is supposed to listen on. -redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p; - event bro_init() { if ( node != "" && node !in nodes ) diff --git a/policy/frameworks/cluster/base/node/manager.bro b/policy/frameworks/cluster/base/node/manager.bro index 2618a8d4f0..a9f462401c 100644 --- a/policy/frameworks/cluster/base/node/manager.bro +++ b/policy/frameworks/cluster/base/node/manager.bro @@ -4,8 +4,6 @@ ##! the manager registers for the events on the workers that are needed ##! to get the desired data from the workers. -@load frameworks/notice - ##! This is where the cluster manager sets it's specific settings for other ##! frameworks and in the core. diff --git a/policy/frameworks/communication/base/main.bro b/policy/frameworks/communication/base/main.bro index ac8e820796..d83d7c9cca 100644 --- a/policy/frameworks/communication/base/main.bro +++ b/policy/frameworks/communication/base/main.bro @@ -16,11 +16,14 @@ export { global default_compression = 0 &redef; type Info: record { - ts: time &log; - peer: string &log &optional; - level: string &log &optional; - src_name: string &log &optional; - msg: string &log; + ts: time &log; + peer: string &log &optional; + src_name: string &log &optional; + connected_peer_desc: string &log &optional; + connected_peer_addr: addr &log &optional; + connected_peer_port: port &log &optional; + level: string &log &optional; + message: string &log; }; ## A remote peer to which we would like to talk. @@ -115,7 +118,7 @@ function do_script_log_common(level: count, src: count, msg: string) $level = (level == REMOTE_LOG_INFO ? "info" : "error"), $src_name = src_names[src], $peer = get_event_peer()$descr, - $msg = msg]); + $message = msg]); } # This is a core generated event. @@ -126,8 +129,7 @@ event remote_log(level: count, src: count, msg: string) function do_script_log(p: event_peer, msg: string) { - do_script_log_common(REMOTE_LOG_INFO, REMOTE_SRC_SCRIPT, - fmt("[#%d/%s:%d] %s", p$id, p$host, p$p, msg)); + do_script_log_common(REMOTE_LOG_INFO, REMOTE_SRC_SCRIPT, msg); } function connect_peer(peer: string) @@ -144,7 +146,7 @@ function connect_peer(peer: string) if ( id == PEER_ID_NONE ) Log::write(COMMUNICATION, [$ts = network_time(), $peer = get_event_peer()$descr, - $msg = "can't trigger connect"]); + $message = "can't trigger connect"]); pending_peers[id] = node; } @@ -272,7 +274,7 @@ event remote_state_inconsistency(operation: string, id: string, id, expected_old, real_old, operation); Log::write(COMMUNICATION, [$ts = network_time(), $peer = get_event_peer()$descr, - $msg = msg]); + $message = msg]); } diff --git a/policy/frameworks/control/__load__.bro b/policy/frameworks/control/__load__.bro new file mode 100644 index 0000000000..f69c5ac2db --- /dev/null +++ b/policy/frameworks/control/__load__.bro @@ -0,0 +1 @@ +@load frameworks/control/base \ No newline at end of file diff --git a/policy/frameworks/control/base/__load__.bro b/policy/frameworks/control/base/__load__.bro new file mode 100644 index 0000000000..3ff87580e1 --- /dev/null +++ b/policy/frameworks/control/base/__load__.bro @@ -0,0 +1,2 @@ + +@load frameworks/control/base/main diff --git a/policy/frameworks/control/base/main.bro b/policy/frameworks/control/base/main.bro new file mode 100644 index 0000000000..001126d19f --- /dev/null +++ b/policy/frameworks/control/base/main.bro @@ -0,0 +1,83 @@ +##! This is a utility script that sends the current values of all &redef'able +##! consts to a remote Bro then sends the :bro:id:`configuration_update` event +##! and terminates processing. +##! +##! Intended to be used from the command line like this when starting a controller: +##! bro frameworks/control/controller Control::host= Control::port= Control::cmd= [Control::arg=] +##! +##! To use the framework as a controllee, it only needs to be loaded and +##! the controlled node need to accept all events in the "Control::" namespace +##! from the host where the control actions will be performed from along with +##! using the "control" class. + +module Control; + +export { + ## This is the address of the host that will be controlled. + const host = 0.0.0.0 &redef; + + ## This is the port of the host that will be controlled. + const host_port = 0/tcp &redef; + + ## This is the command that is being done. It's typically set on the + ## command line and influences whether this instance starts up as a + ## controller or controllee. If left blank this node will start as a + ## controllee and a controller if there is a given command. + const cmd = "" &redef; + + ## This can be used by commands that take an argument. + const arg = "" &redef; + + const controller_events = /Control::.*_request/ &redef; + const controllee_events = /Control::.*_response/ &redef; + + ## These are the commands that can be given on the command line for + ## remote control. + const commands: set[string] = { + "id_value", + "peer_status", + "net_stats", + "configuration_update", + "shutdown", + }; + + ## Variable IDs that are to be ignored by the update process. + const ignore_ids: set[string] = { + # FIXME: Bro crashes if it tries to send this ID. + "Log::rotation_control", + }; + + ## Event for requesting the value of an ID (a variable). + global id_value_request: event(id: string); + ## Event for returning the value of an ID after an :bro:id:`id_request` event. + global id_value_response: event(id: string, val: string); + + ## Requests the current communication status. + global peer_status_request: event(); + ## Returns the current communication status. + global peer_status_response: event(s: string); + + ## Requests the current net_stats. + global net_stats_request: event(); + ## Returns the current net_stats. + global net_stats_response: event(s: string); + + ## Inform the remote Bro instance that it's configuration may have been updated. + global configuration_update_request: event(); + ## This event is a wrapper and alias for the :bro:id:`configuration_update_request` event. + ## This event is also a primary hooking point for the control framework. + global configuration_update: event(); + ## Message in response to a configuration update request. + global configuration_update_response: event(); + + ## Requests that the Bro instance begins shutting down. + global shutdown_request: event(); + ## Message in response to a shutdown request. + global shutdown_response: event(); +} + + +event terminate_event() + { + terminate_communication(); + } diff --git a/policy/frameworks/control/controllee.bro b/policy/frameworks/control/controllee.bro new file mode 100644 index 0000000000..c62fe409f8 --- /dev/null +++ b/policy/frameworks/control/controllee.bro @@ -0,0 +1,58 @@ + +@load frameworks/control + +# If an instance is a controllee, it implicitly needs to listen for remote +# connections. +@load frameworks/communication/listen-clear + +module Control; + +event Control::id_value_request(id: string) + { + local val = lookup_ID(id); + event Control::id_value_response(id, fmt("%s", val)); + } + +event Control::peer_status_request() + { + local status = ""; + for ( p in Communication::nodes ) + { + local peer = Communication::nodes[p]; + if ( ! peer$connected ) + next; + + status += fmt("peer=%s host=%s events_in=? events_out=? ops_in=? ops_out=? bytes_in=? bytes_out=?\n", + peer$peer$descr, peer$host); + } + + event Control::peer_status_response(status); + } + +event Control::net_stats_request() + { + local ns = net_stats(); + local reply = fmt("%.6f recvd=%d dropped=%d link=%d\n", network_time(), + ns$pkts_recvd, ns$pkts_dropped, ns$pkts_link); + event Control::net_stats_response(reply); + } + +event Control::configuration_update_request() + { + # Generate the alias event. + event Control::configuration_update(); + + # Don't need to do anything in particular here, it's just indicating that + # the configuration is going to be updated. This event could be handled + # by other scripts if they need to do some ancilliary processing if + # redef-able consts are modified at runtime. + event Control::configuration_update_response(); + } + +event Control::shutdown_request() + { + # Send the acknowledgement event. + event Control::shutdown_response(); + # Schedule the shutdown to let the current event queue flush itself first. + event terminate_event(); + } diff --git a/policy/frameworks/control/controller.bro b/policy/frameworks/control/controller.bro new file mode 100644 index 0000000000..0760ef1d45 --- /dev/null +++ b/policy/frameworks/control/controller.bro @@ -0,0 +1,105 @@ + +@load frameworks/control +@load frameworks/communication + +module Control; + +# Do some sanity checking and rework the communication nodes. +event bro_init() &priority=5 + { + # We know that some command was given because this script wouldn't be + # loaded if there wasn't so we can feel free to throw an error here and + # shutdown. + if ( cmd !in commands ) + { + # TODO: do an actual error here. Maybe through the reporter events? + print fmt("The '%s' control command is unknown.", cmd); + terminate(); + } + + # Establish the communication configuration and only request response + # messages. + Communication::nodes["control"] = [$host=host, $p=host_port, + $sync=F, $connect=T, + $class="control", $events=Control::controllee_events]; + } + + +event Control::id_value_response(id: string, val: string) &priority=-10 + { + event terminate_event(); + } + +event Control::peer_status_response(s: string) &priority=-10 + { + event terminate_event(); + } + +event Control::net_stats_response(s: string) &priority=-10 + { + event terminate_event(); + } + +event Control::configuration_update_response() &priority=-10 + { + event terminate_event(); + } + +event Control::shutdown_response() &priority=-10 + { + event terminate_event(); + } + +function configuration_update_func(p: event_peer) + { + # Send all &redef'able consts to the peer. + local globals = global_ids(); + local cnt = 0; + for ( id in globals ) + { + if ( id in ignore_ids ) + next; + + local t = globals[id]; + + # Skip it if the variable isn't redefinable or not const. + # We don't want to update non-const globals because that's usually + # where state is stored and those values will frequently be declared + # with &redef so that attributes can be redefined. + if ( t$constant && t$redefinable ) + { + send_id(p, id); + ++cnt; + } + } + + print fmt("sent %d IDs", cnt); + event terminate_event(); + } + +event remote_connection_handshake_done(p: event_peer) &priority=-10 + { + if ( cmd == "id_value" ) + { + if ( arg != "" ) + event Control::id_value_request(arg); + else + { + # TODO: do an actual error here. Maybe through the reporter events? + print "The id_value command requires that Control::arg have some value."; + terminate(); + } + } + else if ( cmd == "peer_status" ) + event Control::peer_status_request(); + else if ( cmd == "net_stats" ) + event Control::net_stats_request(); + else if ( cmd == "shutdown" ) + event Control::shutdown_request(); + else if ( cmd == "configuration_update" ) + { + configuration_update_func(p); + # Signal configuration update to peer. + event Control::configuration_update_request(); + } + } \ No newline at end of file diff --git a/policy/misc/remote/analysis-groups.bro b/policy/misc/analysis-groups.bro similarity index 69% rename from policy/misc/remote/analysis-groups.bro rename to policy/misc/analysis-groups.bro index e7cc102158..1acea8c44e 100644 --- a/policy/misc/remote/analysis-groups.bro +++ b/policy/misc/analysis-groups.bro @@ -2,29 +2,29 @@ ##! groups at runtime. No events will be raised for all memmbers of a disabled ##! event group. -@load support/remote +@load frameworks/control -module Remote; +module AnalysisGroups; export { # By default, all event groups are enabled. We disable all groups in this table. - const disabled_analysis_groups: set[string] &redef; # = { "ftp" } + const disabled: set[string] &redef; # = { "ftp" } } # Set to remember all groups which were disabled by the last update(). global currently_disabled: set[string]; -event configuration_update() +event Control::configuration_update() { # Reenable those which are not to be disabled anymore. for ( g in currently_disabled ) - if ( g !in disabled_analysis_groups ) + if ( g !in disabled ) enable_event_group(g); # Disable those which are not already. - for ( g in disabled_analysis_groups ) + for ( g in disable_event_group ) if ( g !in currently_disabled ) disable_event_group(g); - currently_disabled = copy(disabled_analysis_groups); + currently_disabled = copy(disabled); } \ No newline at end of file diff --git a/policy/misc/remote/__load__.bro b/policy/misc/remote/__load__.bro deleted file mode 100644 index 052015a7c7..0000000000 --- a/policy/misc/remote/__load__.bro +++ /dev/null @@ -1 +0,0 @@ -@load frameworks/communication/events \ No newline at end of file diff --git a/policy/misc/remote/config.bro b/policy/misc/remote/config.bro deleted file mode 100644 index 18aa073316..0000000000 --- a/policy/misc/remote/config.bro +++ /dev/null @@ -1,92 +0,0 @@ -##! This is a utility script that sends the current values of all &redef'able -##! consts to a remote Bro then sends the :bro:id:`configuration_update` event -##! and terminates processing. -##! -##! Intended to be used from the command line like this: -##! bro Remote::config_node= support/remote/send-config -##! -##! The :bro:id:`Remote::config_node` value should contain the node name of one of the -##! nodes of the configured communications. - -@load frameworks/communication -@load support/remote - -module Remote; - -export { - ## This is the name of the node configured in the communication framework - ## that you want to send new variables to. - const config_node = "" &redef; - - ## Variable IDs that are to be ignored by the update process. - const ignore_ids: set[string] = { - # TODO: Bro crashes if it tries to send this ID. - "Log::rotation_control", - }; - - ## -} - -event terminate_event() - { - terminate_communication(); - } - -event remote_connection_handshake_done(p: event_peer) - { - local peer = Communication::nodes[config_node]; - - if ( peer$host != p$host ) - return; - - # Send all &redef'able consts to the peer. - local globals = global_ids(); - local cnt = 0; - for ( id in globals ) - { - if ( id in ignore_ids ) - next; - - local t = globals[id]; - - # Skip it if the variable isn't redefinable or not const. - # We don't want to update non-const globals because that's usually - # where state is stored and those values will frequently be declared - # with &redef so that attributes can be redefined. - if ( t$constant && t$redefinable ) - { - send_id(p, id); - ++cnt; - } - } - - print fmt("sent %d IDs", cnt); - - # Signal configuration update to peer. - event configuration_update(); - - # We can't terminate the communication right away here since the - # event configuration_update is only queued but not send at this - # point. Therefore we raise another events which will trigger - # termination only after the previous has been raised. - event terminate_event(); - } - -event bro_init() &priority=-3 - { - if ( config_node == "" ) - return; - - if ( config_node !in Communication::nodes ) - { - print fmt("Unknown peer '%s'", config_node); - terminate(); - return; - } - - local n = Communication::nodes[config_node]; - n$connect=T; - n$sync=F; - n$class="control"; - Communication::nodes = table(["control"] = n); - } diff --git a/policy/misc/remote/events.bro b/policy/misc/remote/events.bro deleted file mode 100644 index 49d3ddd4c4..0000000000 --- a/policy/misc/remote/events.bro +++ /dev/null @@ -1,79 +0,0 @@ -##! Events which can be sent dynamically to Bro instances to retrieve -##! information about the running process. - -module Remote; - -export { - # This event is generated when Bro's configuration may have been updated. - global configuration_update: event(); - - ## Event for requesting the value of an ID (a variable). - global id_request: event(id: string); - ## Event for returning the value of an ID after an :bro:id:`id_request` event. - global id_response: event(id: string, val: string); - - ## Requests the current communication status. - global peer_status_request: event(); - ## Returns the current communication status. - global peer_status_response: event(s: string); - - ## Requests the current net_stats. - global net_stats_request: event(); - ## Returns the current net_stats. - global net_stats_response: event(s: string); -} - -event id_request(id: string) - { - #local msg = fmt("%.6f got event id_request(%s)", network_time(), id); - #Log::write(CLUSTER, [$ts=network_time(), $msg=msg]); - - local val = lookup_ID(id); - event id_response(id, fmt("%s", val)); - } - -event id_response(id: string, val: string) - { - #local msg = fmt("%.6f raised event id_response(%s, %s)", network_time(), id, val); - #Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]); - } - -event peer_status_request() - { - #local msg = fmt("%.6f got event peer_status_request()", network_time()); - #Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]); - - local status = ""; - for ( p in Communication::nodes ) - { - local peer = Communication::nodes[p]; - if ( ! peer$connected ) - next; - - status += fmt("peer=%s host=%s events_in=? events_out=? ops_in=? ops_out=? bytes_in=? bytes_out=?\n", - peer$peer$descr, peer$host); - } - - event peer_status_response(status); - } - -event peer_status_response(s: string) - { - #local msg = fmt("%.6f raised event peer_status_response(%s)", network_time(), s); - #Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]); - } - -event net_stats_request() - { - local ns = net_stats(); - local reply = fmt("%.6f recvd=%d dropped=%d link=%d\n", network_time(), - ns$pkts_recvd, ns$pkts_dropped, ns$pkts_link); - event net_stats_response(reply); - } - -event net_stats_response(s: string) - { - #local msg = fmt("%.6f raised event net_stats_response(%s)", network_time(), s); - #Log::write(CLUSTER, [$ts=network_time(), $peer=peer_description, $msg=msg]); - } - diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log index e71eff9d57..c09ea6f1b9 100644 --- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log +++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/conn.log @@ -1,2 +1,2 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history notice_tags -1128727435.4509 UWkUyAuUGXf 141.42.64.125 56730 125.190.109.199 80 tcp - 1.73330307006836 98 9417 SF - 0 ShADdFaf - +# ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history +1128727435.4509 UWkUyAuUGXf 141.42.64.125 56730 125.190.109.199 80 tcp - 1.73330307006836 98 9417 SF - 0 ShADdFaf diff --git a/testing/btest/Baseline/core.print-bpf-filters-ipv4/output b/testing/btest/Baseline/core.print-bpf-filters-ipv4/output index 164b523b90..ace0485b06 100644 --- a/testing/btest/Baseline/core.print-bpf-filters-ipv4/output +++ b/testing/btest/Baseline/core.print-bpf-filters-ipv4/output @@ -1,8 +1,8 @@ # ts node filter init success -1308602779.63662 - not ip6 F T +1310591294.19008 - not ip6 F T # ts node filter init success -1308602779.68967 - (tcp port 22) and (not ip6) F T +1310591294.28313 - (tcp port 22) and (not ip6) F T # ts node filter init success -1308602779.73049 - port 42 F T +1310591294.36249 - port 42 F T # ts node filter init success -1308602779.77495 - port 56730 T T +1310591294.47815 - port 56730 T T diff --git a/testing/btest/Baseline/core.vlan-mpls/conn.log b/testing/btest/Baseline/core.vlan-mpls/conn.log index d49c8f7c1e..6bc3c1735e 100644 --- a/testing/btest/Baseline/core.vlan-mpls/conn.log +++ b/testing/btest/Baseline/core.vlan-mpls/conn.log @@ -1,4 +1,4 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history notice_tags -952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - - -1128727435.4509 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 tcp - 1.73330307006836 98 9417 SF - 0 ShADdFaf - -1278600802.06942 50da4BEzauh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF - +# ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history +952109346.874907 UWkUyAuUGXf 10.1.2.1 11001 10.34.0.1 23 tcp - 2.10255992412567 25 0 SH - 0 - +1128727435.4509 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 tcp - 1.73330307006836 98 9417 SF - 0 ShADdFaf +1278600802.06942 50da4BEzauh 10.20.80.1 50343 10.0.0.15 80 tcp - 0.00415205955505371 9 3429 SF - 0 ShADadfF diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log index 9725a8fddc..29a1956eed 100644 --- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log +++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log @@ -1,2 +1,2 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied -1309569685.50375 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - +# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +1310590727.30137 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - - - - diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log index 9725a8fddc..c4ba804670 100644 --- a/testing/btest/Baseline/istate.events-ssl/sender.http.log +++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log @@ -1,2 +1,2 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied -1309569685.50375 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - +# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +1310590727.30137 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log index 0db4da16fc..93e0f6264a 100644 --- a/testing/btest/Baseline/istate.events/receiver.http.log +++ b/testing/btest/Baseline/istate.events/receiver.http.log @@ -1,2 +1,2 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied -1309568070.32496 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - +# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +1310590707.11117 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - - - - diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log index 0db4da16fc..4a70b73996 100644 --- a/testing/btest/Baseline/istate.events/sender.http.log +++ b/testing/btest/Baseline/istate.events/sender.http.log @@ -1,2 +1,2 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied -1309568070.32496 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - +# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +1310590707.11117 56gKBmhBBB6 141.42.64.125 56730 125.190.109.199 80 GET www.icir.org / - Wget/1.10 - 9130 200 OK - - - - - text/html - - diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/manager-1..stdout b/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/manager-1..stdout new file mode 100644 index 0000000000..549f43b549 --- /dev/null +++ b/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/manager-1..stdout @@ -0,0 +1,2 @@ +Successfully connected to all of my peers +Successfully connected to all of my peers diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-1..stdout b/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-1..stdout new file mode 100644 index 0000000000..3f547d4ef5 --- /dev/null +++ b/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-1..stdout @@ -0,0 +1 @@ +Successfully connected to all of my peers diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-2..stdout b/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-2..stdout new file mode 100644 index 0000000000..3f547d4ef5 --- /dev/null +++ b/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/proxy-2..stdout @@ -0,0 +1 @@ +Successfully connected to all of my peers diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-1..stdout b/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-1..stdout new file mode 100644 index 0000000000..3f547d4ef5 --- /dev/null +++ b/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-1..stdout @@ -0,0 +1 @@ +Successfully connected to all of my peers diff --git a/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-2..stdout b/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-2..stdout new file mode 100644 index 0000000000..3f547d4ef5 --- /dev/null +++ b/testing/btest/Baseline/policy.frameworks.cluster.start-it-up/worker-2..stdout @@ -0,0 +1 @@ +Successfully connected to all of my peers diff --git a/testing/btest/Baseline/policy.frameworks.control.configuration_update/controllee..stdout b/testing/btest/Baseline/policy.frameworks.control.configuration_update/controllee..stdout new file mode 100644 index 0000000000..494d01b3cd --- /dev/null +++ b/testing/btest/Baseline/policy.frameworks.control.configuration_update/controllee..stdout @@ -0,0 +1,2 @@ +ORIGINAL VALUE (this should be printed out first) +NEW VALUE (this should be printed out second) diff --git a/testing/btest/Baseline/policy.frameworks.control.id_value/controller..stdout b/testing/btest/Baseline/policy.frameworks.control.id_value/controller..stdout new file mode 100644 index 0000000000..ba00dd6c17 --- /dev/null +++ b/testing/btest/Baseline/policy.frameworks.control.id_value/controller..stdout @@ -0,0 +1 @@ +Got an id_value_response(test_var, This is the value from the controllee) event diff --git a/testing/btest/Baseline/policy.protocols.http.http-pipelining-and-md5/http.log b/testing/btest/Baseline/policy.protocols.http.http-pipelining-and-md5/http.log index ee8bbe1da9..190857a72a 100644 --- a/testing/btest/Baseline/policy.protocols.http.http-pipelining-and-md5/http.log +++ b/testing/btest/Baseline/policy.protocols.http.http-pipelining-and-md5/http.log @@ -1,6 +1,6 @@ -# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file headers -1258577884.84496 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - text/x-c - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER -1258577884.96013 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - text/x-c++ - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER -1258577885.31716 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - image/gif - - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,COOKIE -1258577885.34964 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - image/png e0029eea80812e9a8e57b8d05d52938a - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,COOKIE -1258577885.39461 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - image/png 30aa926344f58019d047e85ba049ca1e - HOST,USER-AGENT,ACCEPT,ACCEPT-LANGUAGE,ACCEPT-ENCODING,ACCEPT-CHARSET,KEEP-ALIVE,CONNECTION,REFERER,COOKIE +# ts uid id.orig_h id.orig_p id.resp_h id.resp_p method host uri referrer user_agent request_content_length response_content_length status_code status_msg filename tags username password proxied mime_type md5 extraction_file +1258577884.84496 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /style/enhanced.css http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 946 200 OK - - - - - text/x-c - - +1258577884.96013 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /script/urchin.js http://www.mozilla.org/projects/calendar/ Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 6716 200 OK - - - - - text/x-c++ - - +1258577885.31716 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/bullet_utility.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 94 200 OK - - - - - image/gif - - +1258577885.34964 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /images/template/screen/key-point-top.png http://www.mozilla.org/style/screen.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 2349 200 OK - - - - - image/png e0029eea80812e9a8e57b8d05d52938a - +1258577885.39461 UWkUyAuUGXf 192.168.1.104 1673 63.245.209.11 80 GET www.mozilla.org /projects/calendar/images/header-sunbird.png http://www.mozilla.org/projects/calendar/calendar.css Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 - 27579 200 OK - - - - - image/png 30aa926344f58019d047e85ba049ca1e - diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg index f98d1e7155..1aa7b28f25 100644 --- a/testing/btest/btest.cfg +++ b/testing/btest/btest.cfg @@ -11,8 +11,8 @@ BRO_SEED_FILE=%(testbase)s/random.seed TZ=UTC LC_ALL=C PATH=%(testbase)s/../../build/src:%(testbase)s/../../aux/btest:%(default_path)s -TEST_DIFF_CANONIFIER=%(testbase)s/Scripts/diff-canonifier TRACES=%(testbase)s/Traces SCRIPTS=%(testbase)s/../scripts DIST=%(testbase)s/../.. BUILD=%(testbase)s/../../build +TEST_DIFF_CANONIFIER=$SCRIPTS/diff-canonifier diff --git a/testing/btest/policy/frameworks/cluster/start-it-up.bro b/testing/btest/policy/frameworks/cluster/start-it-up.bro new file mode 100644 index 0000000000..ea6bd6870c --- /dev/null +++ b/testing/btest/policy/frameworks/cluster/start-it-up.bro @@ -0,0 +1,39 @@ +# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT +# @TEST-EXEC: btest-bg-run proxy-1 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT +# @TEST-EXEC: btest-bg-run proxy-2 BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-1 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT +# @TEST-EXEC: btest-bg-run worker-2 BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT +# @TEST-EXEC: btest-bg-wait -k 2 +# @TEST-EXEC: btest-diff manager-1/.stdout +# @TEST-EXEC: btest-diff proxy-1/.stdout +# @TEST-EXEC: btest-diff proxy-2/.stdout +# @TEST-EXEC: btest-diff worker-1/.stdout +# @TEST-EXEC: btest-diff worker-2/.stdout + +@TEST-START-FILE cluster-layout.bro +redef Cluster::nodes = { + ["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1")], + ["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1", $workers=set("worker-1")], + ["proxy-2"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1", $workers=set("worker-2")], + ["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth0"], + ["worker-2"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $proxy="proxy-2", $interface="eth1"], + ["control"] = [$node_type=Cluster::CONTROL, $ip=127.0.0.1, $p=37762/tcp], + ["time-machine"] = [$node_type=Cluster::TIME_MACHINE, $ip=127.0.0.1, $p=37763/tcp], +}; +@TEST-END-FILE + +@load frameworks/cluster + +# Enable local logging on every node so that we can get the loaded_scripts log. +redef Log::enable_local_logging = T; + +event remote_connection_handshake_done(p: event_peer) + { + local me = Cluster::nodes[Cluster::node]; + if ( ( me$node_type == Cluster::MANAGER && + |Communication::connected_peers| == 4 ) || + ( |Communication::connected_peers| == 2 ) ) + { + print "Successfully connected to all of my peers"; + } + } \ No newline at end of file diff --git a/testing/btest/policy/frameworks/control/configuration_update.bro b/testing/btest/policy/frameworks/control/configuration_update.bro new file mode 100644 index 0000000000..337db4b1dc --- /dev/null +++ b/testing/btest/policy/frameworks/control/configuration_update.bro @@ -0,0 +1,29 @@ +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port_clear=65531/tcp +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=configuration_update +# @TEST-EXEC: btest-bg-run controller2 BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=shutdown +# @TEST-EXEC: btest-bg-wait 1 +# @TEST-EXEC: btest-diff controllee/.stdout + +@load frameworks/control +@load frameworks/communication + +redef Communication::nodes = { + # We're waiting for connections from this host for control. + ["control"] = [$host=127.0.0.1, $class="control", $events=Control::controller_events], +}; + +const test_var = "ORIGINAL VALUE (this should be printed out first)" &redef; + +@TEST-START-FILE test-redef.bro +redef test_var = "NEW VALUE (this should be printed out second)"; +@TEST-END-FILE + +event bro_init() + { + print test_var; + } + +event bro_done() + { + print test_var; + } \ No newline at end of file diff --git a/testing/btest/policy/frameworks/control/id_value.bro b/testing/btest/policy/frameworks/control/id_value.bro new file mode 100644 index 0000000000..2fdb86eb5c --- /dev/null +++ b/testing/btest/policy/frameworks/control/id_value.bro @@ -0,0 +1,26 @@ +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port_clear=65532/tcp +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65532/tcp Control::cmd=id_value Control::arg=test_var +# @TEST-EXEC: btest-bg-wait -k 1 +# @TEST-EXEC: btest-diff controller/.stdout + +@load frameworks/control +@load frameworks/communication + +redef Communication::nodes = { + # We're waiting for connections from this host for control. + ["control"] = [$host=127.0.0.1, $class="control", $events=Control::controller_events], +}; + +# This value shouldn't ever be printed to the controllers stdout. +const test_var = "Original value" &redef; + +@TEST-START-FILE only-for-controllee.bro +# This is only loaded on the controllee, but it's sent to the controller +# and should be printed there. +redef test_var = "This is the value from the controllee"; +@TEST-END-FILE + +event Control::id_value_response(id: string, val: string) + { + print fmt("Got an id_value_response(%s, %s) event", id, val); + } diff --git a/testing/btest/policy/frameworks/control/shutdown.bro b/testing/btest/policy/frameworks/control/shutdown.bro new file mode 100644 index 0000000000..acecedc171 --- /dev/null +++ b/testing/btest/policy/frameworks/control/shutdown.bro @@ -0,0 +1,11 @@ +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port_clear=65530/tcp +# @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65530/tcp Control::cmd=shutdown +# @TEST-EXEC: btest-bg-wait 1 + +@load frameworks/control +@load frameworks/communication + +redef Communication::nodes = { + # We're waiting for connections from this host for control. + ["control"] = [$host=127.0.0.1, $class="control", $events=Control::controller_events], +}; diff --git a/testing/btest/policy/frameworks/software/version-parsing.bro b/testing/btest/policy/frameworks/software/version-parsing.bro index 64f6f09842..77d4c61e80 100644 --- a/testing/btest/policy/frameworks/software/version-parsing.bro +++ b/testing/btest/policy/frameworks/software/version-parsing.bro @@ -1,7 +1,7 @@ # @TEST-EXEC: bro %INPUT > output # @TEST-EXEC: btest-diff output -@load software +@load frameworks/software global ts = network_time(); global host = 0.0.0.0;