Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

NetControl: find_rules_subnet works in cluster mode

Browse source 
This introduces two new events, NetControl::rule_new and
NetControl::rule_destroyed, which are raised when rules are first added
and then deleted from the internal state tracking.
This commit is contained in:
Johanna Amann 2016-05-20 10:42:12 -07:00
parent 52d694f3bd
commit 6779325520
5 changed files with 78 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

11
testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro
View file

@ -6,7 +6,8 @@
# @TEST-EXEC: sleep 1
# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: btest-diff manager-1/netcontrol.log
# @TEST-EXEC: btest-diff worker-1/.stdout
# @TEST-EXEC: btest-diff worker-2/.stdout
@TEST-START-FILE cluster-layout.bro
redef Cluster::nodes = {
@ -59,4 +60,12 @@ event remote_connection_closed(p: event_peer) {
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string &default="")
{
print "Rule added", r$id, r$cid;
if ( r$entity?$ip )
print |NetControl::find_rules_subnet(r$entity$ip)|;
}
event NetControl::rule_destroyed(r: NetControl::Rule)
{
if ( r$entity?$ip )
print "Rule destroyed", r$id, r$cid, |NetControl::find_rules_subnet(r$entity$ip)|;
}