diff --git a/scripts/base/frameworks/netcontrol/cluster.bro b/scripts/base/frameworks/netcontrol/cluster.bro index 9cdaa30d2d..913997826e 100644 --- a/scripts/base/frameworks/netcontrol/cluster.bro +++ b/scripts/base/frameworks/netcontrol/cluster.bro @@ -75,7 +75,7 @@ event rule_added(r: Rule, p: PluginState, msg: string &default="") &priority=5 { rule_added_impl(r, p, msg); - if ( r?$expire && ! p$plugin$can_expire ) + if ( r?$expire && r$expire > 0secs && ! p$plugin$can_expire ) schedule r$expire { rule_expire(r, p) }; } diff --git a/scripts/base/frameworks/netcontrol/main.bro b/scripts/base/frameworks/netcontrol/main.bro index c3ad4c0ff3..92e33175e7 100644 --- a/scripts/base/frameworks/netcontrol/main.bro +++ b/scripts/base/frameworks/netcontrol/main.bro @@ -243,8 +243,12 @@ export { } redef record Rule += { - ##< Internally set to the plugin handling the rule. - _plugin_id: count &optional; + ##< Internally set to the plugins handling the rule. + _plugin_ids: set[count] &default=count_set(); + ##< Internally set to the plugins on which the rule is currently active. + _active_plugin_ids: set[count] &default=count_set(); + ##< Track if the rule was added succesfully by all responsible plugins. + _added: bool &default=F; }; # Variable tracking the state of plugin activation. Once all plugins that @@ -263,11 +267,16 @@ global plugin_counter: count = 1; global plugins: vector of PluginState; global plugin_ids: table[count] of PluginState; -# These tables hold information about rules _after_ they have been -# succesfully added. Currently no information about the rules is held -# in these tables while they are in the process of being added. -global rules: table[string,count] of Rule; # Rules indexed by id and cid -global id_to_cids: table[string] of set[count]; # id to cid +# These tables hold information about rules. +global rules: table[string] of Rule; # Rules indexed by id and cid + +# All rules that apply to a certain subnet/IP address. +# Contains only succesfully added rules. +global rules_by_subnets: table[subnet] of set[Rule]; + +# Rules pertaining to a specific entity. +# There always only can be one rule of each type for one entity. +global rule_entities: table[Entity, RuleType] of Rule; event bro_init() &priority=5 { @@ -570,9 +579,14 @@ function add_rule_impl(rule: Rule) : string if ( ! hook NetControl::rule_policy(rule) ) return ""; + if ( [rule$entity, rule$ty] in rule_entities ) + { + log_rule_no_plugin(rule, FAILED, "discarded duplicate insertion"); + return ""; + } + local accepted = F; local priority: int = +0; - local r = rule; for ( i in plugins ) { @@ -581,80 +595,65 @@ function add_rule_impl(rule: Rule) : string if ( p$_activated == F ) next; - # in this case, rule was accepted by earlier plugin and thus plugin has same - # priority. accept, but give out new rule id. - if ( accepted == T && p$_priority == priority ) - { - r = copy(rule); - r$cid = ++rule_counter; - } - else if ( accepted == T ) # in this case, rule was accepted by earlier plugin and this plugin has a lower # priority. Abort and do not send there... + if ( accepted == T && p$_priority != priority ) break; - # set before, in case the plugins sends and regenerates the plugin record later. - r$_plugin_id = p$_id; - - if ( p$plugin$add_rule(p, r) ) + if ( p$plugin$add_rule(p, rule) ) { accepted = T; priority = p$_priority; - log_rule(r, "ADD", REQUESTED, p); + log_rule(rule, "ADD", REQUESTED, p); + + add rule$_plugin_ids[p$_id]; } } if ( accepted ) + { + rules[rule$id] = rule; + rule_entities[rule$entity, rule$ty] = rule; return rule$id; + } - log_rule_no_plugin(r, FAILED, "not supported"); + log_rule_no_plugin(rule, FAILED, "not supported"); return ""; } -function remove_single_rule(id: string, cid: count) : bool +function remove_rule_plugin(r: Rule, p: PluginState): bool { - if ( [id,cid] !in rules ) - { - Reporter::error(fmt("Rule %s -- %d does not exist in NetControl::remove_single_rule", id, cid)); - return F; - } + local success = T; - local r = rules[id,cid]; - local p = plugin_ids[r$_plugin_id]; - - # remove the respective rules from its plugins.. if ( ! p$plugin$remove_rule(p, r) ) { + # still continue and send to other plugins log_rule_error(r, "remove failed", p); - return F; + success = F; + } + else + { + log_rule(r, "REMOVE", REQUESTED, p); } - log_rule(r, "REMOVE", REQUESTED, p); - return T; + return success; } function remove_rule_impl(id: string) : bool { - if ( id !in id_to_cids ) + if ( id !in rules ) { Reporter::error(fmt("Rule %s does not exist in NetControl::remove_rule", id)); return F; } - local cids = id_to_cids[id]; + local r = rules[id]; local success = T; - for ( cid in cids ) + for ( plugin_id in r$_active_plugin_ids ) { - if ( [id,cid] !in rules ) - { - Reporter::error(fmt("Internal error in netcontrol::remove_rule - cid %d does not belong to rule %s", cid, id)); - delete cids[cid]; - next; - } - - if ( ! remove_single_rule(id, cid) ) - success = F; + local p = plugin_ids[plugin_id]; + success = remove_rule_plugin(r, p); } return success; @@ -662,47 +661,87 @@ function remove_rule_impl(id: string) : bool function rule_expire_impl(r: Rule, p: PluginState) &priority=-5 { - if ( [r$id,r$cid] !in rules ) + # do not emit timeout events on shutdown + if ( bro_is_terminating() ) + return; + + if ( r$id !in rules ) # Removed already. return; - event rule_timeout(r, FlowInfo(), p); - remove_single_rule(r$id, r$cid); + event NetControl::rule_timeout(r, FlowInfo(), p); # timeout implementation will handle the removal } function rule_added_impl(r: Rule, p: PluginState, msg: string &default="") { + if ( r$id !in rules ) + { + log_rule_error(r, "Addition of unknown rule", p); + return; + } + + # use our version to prevent operating on copies. + local rule = rules[r$id]; + if ( p$_id !in rule$_plugin_ids ) + { + log_rule_error(rule, "Rule added to non-responsible plugin", p); + return; + } + log_rule(r, "ADD", SUCCEEDED, p, msg); - rules[r$id,r$cid] = r; - if ( r$id !in id_to_cids ) - id_to_cids[r$id] = set(); + add rule$_active_plugin_ids[p$_id]; + if ( |rule$_plugin_ids| == |rule$_active_plugin_ids| ) + { + # rule was completely added. + rule$_added = T; + } + } - add id_to_cids[r$id][r$cid]; +function rule_cleanup(r: Rule) + { + if ( |r$_active_plugin_ids| > 0 ) + return; + + delete rule_entities[r$entity, r$ty]; + delete rules[r$id]; } function rule_removed_impl(r: Rule, p: PluginState, msg: string &default="") { - if ( [r$id,r$cid] !in rules ) + if ( r$id !in rules ) { log_rule_error(r, "Removal of non-existing rule", p); return; } - delete rules[r$id,r$cid]; - delete id_to_cids[r$id][r$cid]; - if ( |id_to_cids[r$id]| == 0 ) - delete id_to_cids[r$id]; + # use our version to prevent operating on copies. + local rule = rules[r$id]; - log_rule(r, "REMOVE", SUCCEEDED, p, msg); + if ( p$_id !in rule$_plugin_ids ) + { + log_rule_error(r, "Removed from non-assigned plugin", p); + return; + } + + if ( p$_id in rule$_active_plugin_ids ) + { + delete rule$_active_plugin_ids[p$_id]; + } + + log_rule(rule, "REMOVE", SUCCEEDED, p, msg); + rule_cleanup(rule); } function rule_timeout_impl(r: Rule, i: FlowInfo, p: PluginState) { - delete rules[r$id,r$cid]; - delete id_to_cids[r$id][r$cid]; - if ( |id_to_cids[r$id]| == 0 ) - delete id_to_cids[r$id]; + if ( r$id !in rules ) + { + log_rule_error(r, "Timeout of non-existing rule", p); + return; + } + + local rule = rules[r$id]; local msg = ""; if ( i?$packet_count ) @@ -714,22 +753,71 @@ function rule_timeout_impl(r: Rule, i: FlowInfo, p: PluginState) msg = fmt("%sBytes: %s", msg, i$byte_count); } - log_rule(r, "EXPIRE", TIMEOUT, p, msg); + log_rule(rule, "EXPIRE", TIMEOUT, p, msg); + + if ( ! p$plugin$can_expire ) + { + # in this case, we actually have to delete the rule and the timeout + # call just originated locally + remove_rule_plugin(rule, p); + return; + } + + if ( p$_id !in rule$_plugin_ids ) + { + log_rule_error(r, "Timeout from non-assigned plugin", p); + return; + } + + if ( p$_id in rule$_active_plugin_ids ) + { + delete rule$_active_plugin_ids[p$_id]; + } + + rule_cleanup(rule); } function rule_error_impl(r: Rule, p: PluginState, msg: string &default="") { - log_rule_error(r, msg, p); - # errors can occur during deletion. Since this probably means we wo't hear - # from it again, let's just remove it if it exists... - delete rules[r$id,r$cid]; - delete id_to_cids[r$id][r$cid]; - if ( |id_to_cids[r$id]| == 0 ) - delete id_to_cids[r$id]; + if ( r$id !in rules ) + { + log_rule_error(r, "Error of non-existing rule", p); + return; + } + + local rule = rules[r$id]; + + log_rule_error(rule, msg, p); + + # Remove the plugin both from active and all plugins of the rule. If there + # are no plugins left afterwards - delete it + if ( p$_id !in rule$_plugin_ids ) + { + log_rule_error(r, "Error from non-assigned plugin", p); + return; + } + + if ( p$_id in rule$_active_plugin_ids ) + { + # error during removal. Let's pretend it worked. + delete rule$_plugin_ids[p$_id]; + delete rule$_active_plugin_ids[p$_id]; + rule_cleanup(rule); + } + else + { + # error during insertion. Meh. If we are the only plugin, remove the rule again. + # Otherwhise - keep it, minus us. + delete rule$_plugin_ids[p$_id]; + if ( |rule$_plugin_ids| == 0 ) + { + rule_cleanup(rule); + } + } } function clear() { - for ( [id,cid] in rules ) - remove_single_rule(id, cid); + for ( id in rules ) + remove_rule(id); } diff --git a/scripts/base/frameworks/netcontrol/non-cluster.bro b/scripts/base/frameworks/netcontrol/non-cluster.bro index 8e08ebe436..4098586be4 100644 --- a/scripts/base/frameworks/netcontrol/non-cluster.bro +++ b/scripts/base/frameworks/netcontrol/non-cluster.bro @@ -26,7 +26,7 @@ event rule_added(r: Rule, p: PluginState, msg: string &default="") &priority=5 { rule_added_impl(r, p, msg); - if ( r?$expire && ! p$plugin$can_expire ) + if ( r?$expire && r$expire > 0secs && ! p$plugin$can_expire ) schedule r$expire { rule_expire(r, p) }; } diff --git a/scripts/base/frameworks/netcontrol/plugins/openflow.bro b/scripts/base/frameworks/netcontrol/plugins/openflow.bro index 7262931a12..71cbe5c0a6 100644 --- a/scripts/base/frameworks/netcontrol/plugins/openflow.bro +++ b/scripts/base/frameworks/netcontrol/plugins/openflow.bro @@ -304,7 +304,7 @@ function openflow_remove_rule(p: PluginState, r: Rule) : bool return F; local flow_mod: OpenFlow::ofp_flow_mod = [ - $cookie=OpenFlow::generate_cookie(r$cid), + $cookie=OpenFlow::generate_cookie(r$cid*2), $command=OpenFlow::OFPFC_DELETE ]; diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/recv.recv.out b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/recv.recv.out index 72fac44013..d36130b29b 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/recv.recv.out +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/recv.recv.out @@ -1,7 +1,7 @@ BrokerComm::incoming_connection_established -add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=here, out_port=, mod=, id=2, cid=2, _plugin_id=1], [command=blockhosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here] -add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=there, out_port=, mod=, id=3, cid=3, _plugin_id=1], [command=droptcpport, cookie=3, arg=443, comment=there] -add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=4, cid=4, _plugin_id=1], [command=nullzero, cookie=4, arg=192.168.18.50/32, comment=] -remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=here, out_port=, mod=, id=2, cid=2, _plugin_id=1], [command=restorehosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here] -remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=there, out_port=, mod=, id=3, cid=3, _plugin_id=1], [command=restoretcpport, cookie=3, arg=443, comment=there] -remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=4, cid=4, _plugin_id=1], [command=nonullzero, cookie=4, arg=192.168.18.50/32, comment=] +add_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], NetControl::DROP, [command=blockhosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here] +add_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP, [command=droptcpport, cookie=3, arg=443, comment=there] +add_rule, 0, [ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], NetControl::DROP, [command=nullzero, cookie=4, arg=192.168.18.50/32, comment=] +remove_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], NetControl::DROP, [command=restorehosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here] +remove_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP, [command=restoretcpport, cookie=3, arg=443, comment=there] +remove_rule, 0, [ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], NetControl::DROP, [command=nonullzero, cookie=4, arg=192.168.18.50/32, comment=] diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/send.send.out b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/send.send.out index edb28710a4..fd7f00bb7c 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/send.send.out +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/send.send.out @@ -1,7 +1,7 @@ BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp -rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=here, out_port=, mod=, id=2, cid=2, _plugin_id=1] -rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=there, out_port=, mod=, id=3, cid=3, _plugin_id=1] -rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=4, cid=4, _plugin_id=1] -rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=here, out_port=, mod=, id=2, cid=2, _plugin_id=1] -rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=there, out_port=, mod=, id=3, cid=3, _plugin_id=1] -rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=4, cid=4, _plugin_id=1] +rule added, [ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], NetControl::DROP +rule added, [ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP +rule added, [ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], NetControl::DROP +rule removed, [ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], NetControl::DROP +rule removed, [ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP +rule removed, [ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], NetControl::DROP diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/recv.recv.out b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/recv.recv.out index f17d8fad9f..6890484529 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/recv.recv.out +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/recv.recv.out @@ -1,7 +1,7 @@ BrokerComm::incoming_connection_established -add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=here, out_port=, mod=, id=2, cid=2, _plugin_id=1], [command=blockhosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here] -add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=there, out_port=, mod=, id=3, cid=3, _plugin_id=1], [command=droptcpport, cookie=3, arg=443, comment=there] -add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=4, cid=4, _plugin_id=1], [command=drop, cookie=4, arg=192.168.18.50/32, comment=] -remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=here, out_port=, mod=, id=2, cid=2, _plugin_id=1], [command=restorehosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here] -remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=there, out_port=, mod=, id=3, cid=3, _plugin_id=1], [command=restoretcpport, cookie=3, arg=443, comment=there] -remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=4, cid=4, _plugin_id=1], [command=restore, cookie=4, arg=192.168.18.50/32, comment=] +add_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], NetControl::DROP, [command=blockhosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here] +add_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP, [command=droptcpport, cookie=3, arg=443, comment=there] +add_rule, 0, [ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], NetControl::DROP, [command=drop, cookie=4, arg=192.168.18.50/32, comment=] +remove_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], NetControl::DROP, [command=restorehosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here] +remove_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP, [command=restoretcpport, cookie=3, arg=443, comment=there] +remove_rule, 0, [ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], NetControl::DROP, [command=restore, cookie=4, arg=192.168.18.50/32, comment=] diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/send.send.out b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/send.send.out index edb28710a4..fd7f00bb7c 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/send.send.out +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/send.send.out @@ -1,7 +1,7 @@ BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp -rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=here, out_port=, mod=, id=2, cid=2, _plugin_id=1] -rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=there, out_port=, mod=, id=3, cid=3, _plugin_id=1] -rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=4, cid=4, _plugin_id=1] -rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=here, out_port=, mod=, id=2, cid=2, _plugin_id=1] -rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=there, out_port=, mod=, id=3, cid=3, _plugin_id=1] -rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=4, cid=4, _plugin_id=1] +rule added, [ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], NetControl::DROP +rule added, [ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP +rule added, [ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], NetControl::DROP +rule removed, [ty=NetControl::FLOW, conn=, flow=[src_h=192.168.18.50/32, src_p=, dst_h=74.125.239.97/32, dst_p=, src_m=, dst_m=], ip=, mac=], NetControl::DROP +rule removed, [ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=443/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP +rule removed, [ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], NetControl::DROP diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic-cluster/manager-1.netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic-cluster/manager-1.netcontrol.log index 818a86edd8..2811185c09 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic-cluster/manager-1.netcontrol.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic-cluster/manager-1.netcontrol.log @@ -3,26 +3,24 @@ #empty_field (empty) #unset_field - #path netcontrol -#open 2016-03-08-22-10-57 +#open 2016-03-09-23-10-49 #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #types time string enum string enum string enum string string string string int interval string string -1457475057.498655 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All -1457475057.498655 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All -1457475057.498655 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - -1457475059.567575 worker-1:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All -1457475059.567575 worker-1:3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 15.000000 - Debug-All -1457475059.567575 worker-1:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All -1457475059.567575 worker-1:3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 15.000000 - Debug-All -1457475061.660987 worker-2:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All -1457475061.660987 worker-2:3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 15.000000 - Debug-All -1457475061.660987 worker-2:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All -1457475061.660987 worker-2:3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 15.000000 - Debug-All -1457475062.165525 worker-1:3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 15.000000 - Debug-All -1457475062.165525 worker-2:3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 15.000000 - Debug-All -1457475062.165525 worker-1:2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All -1457475062.165525 worker-2:2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All -1457475062.165525 worker-1:3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 15.000000 - Debug-All -1457475062.165525 worker-2:3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 15.000000 - Debug-All -1457475062.165525 worker-1:2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All -1457475062.165525 worker-2:2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All -#close 2016-03-08-22-11-02 +1457565049.807080 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All +1457565049.807080 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All +1457565049.807080 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - +1457565051.874738 worker-1:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 1.000000 - Debug-All +1457565051.874738 worker-1:3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +1457565051.874738 worker-1:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 1.000000 - Debug-All +1457565051.874738 worker-1:3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +1457565052.874916 worker-1:2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 1.000000 - Debug-All +1457565052.874916 worker-1:2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 1.000000 - Debug-All +1457565052.874916 worker-1:3 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +1457565052.874916 worker-1:3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +1457565052.874916 worker-1:2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 1.000000 - Debug-All +1457565052.874916 worker-1:3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +1457565053.950376 worker-2:2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 1.000000 - Debug-All +1457565053.950376 worker-2:3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +1457565053.950376 worker-2:2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 1.000000 - Debug-All +1457565053.950376 worker-2:3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +#close 2016-03-09-23-10-54 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/.stdout b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/.stdout index 4322b62392..846bb1b653 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/.stdout +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/.stdout @@ -1,21 +1,11 @@ netcontrol debug (Debug-All): init -netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=, dst_m=], ip=, mac=], expire=30.0 secs, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=1.1.2.2/32, mac=], expire=15.0 secs, priority=0, location=Hi there, out_port=, mod=, id=3, cid=3, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=1.2.3.4/32, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=, id=4, cid=4, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=, dst_m=], ip=, mac=], expire=30.0 secs, priority=0, location=, out_port=5, mod=, id=5, cid=5, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=127.0.0.2/32, src_p=, dst_h=, dst_p=, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=0, location=, out_port=, mod=, id=6, cid=6, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=127.0.0.2/32, src_p=, dst_h=8.8.8.8/32, dst_p=53/udp, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=[src_h=, src_p=, dst_h=127.0.0.3, dst_p=, src_m=, dst_m=, redirect_port=], id=7, cid=7, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=8.8.8.8/32, src_p=53/udp, dst_h=127.0.0.2/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=[src_h=8.8.8.8, src_p=, dst_h=, dst_p=, src_m=, dst_m=, redirect_port=], id=8, cid=8, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=127.0.0.2/32, src_p=, dst_h=127.0.0.3/32, dst_p=80/tcp, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=, id=9, cid=9, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::MAC, conn=, flow=, ip=, mac=FF:FF:FF:FF:FF:FF], expire=15.0 secs, priority=0, location=, out_port=, mod=, id=10, cid=10, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=, src_m=FF:FF:FF:FF:FF:FF, dst_m=], ip=, mac=], expire=15.0 secs, priority=0, location=, out_port=, mod=, id=11, cid=11, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=127.0.0.2/32, src_p=, dst_h=8.8.8.8/32, dst_p=53/udp, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=[src_h=, src_p=, dst_h=127.0.0.3, dst_p=, src_m=, dst_m=, redirect_port=], id=7, cid=7, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=8.8.8.8/32, src_p=53/udp, dst_h=127.0.0.2/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=[src_h=8.8.8.8, src_p=, dst_h=, dst_p=, src_m=, dst_m=, redirect_port=], id=8, cid=8, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=1.1.2.2/32, mac=], expire=15.0 secs, priority=0, location=Hi there, out_port=, mod=, id=3, cid=3, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=127.0.0.2/32, src_p=, dst_h=127.0.0.3/32, dst_p=80/tcp, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=, id=9, cid=9, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=, src_m=FF:FF:FF:FF:FF:FF, dst_m=], ip=, mac=], expire=15.0 secs, priority=0, location=, out_port=, mod=, id=11, cid=11, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=127.0.0.2/32, src_p=, dst_h=, dst_p=, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=0, location=, out_port=, mod=, id=6, cid=6, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::MAC, conn=, flow=, ip=, mac=FF:FF:FF:FF:FF:FF], expire=15.0 secs, priority=0, location=, out_port=, mod=, id=10, cid=10, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=1.2.3.4/32, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=, id=4, cid=4, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=, dst_m=], ip=, mac=], expire=30.0 secs, priority=0, location=, out_port=5, mod=, id=5, cid=5, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=, dst_m=], ip=, mac=], expire=30.0 secs, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_id=1] +netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=, dst_m=], ip=, mac=], expire=30.0 secs, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F] +netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=1.1.2.2/32, mac=], expire=15.0 secs, priority=0, location=Hi there, out_port=, mod=, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F] +netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=1.2.3.4/32, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F] +netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=, dst_m=], ip=, mac=], expire=30.0 secs, priority=0, location=, out_port=5, mod=, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F] +netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=127.0.0.2/32, src_p=, dst_h=, dst_p=, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=0, location=, out_port=, mod=, id=6, cid=6, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F] +netcontrol debug (Debug-All): add_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=127.0.0.2/32, src_p=, dst_h=8.8.8.8/32, dst_p=53/udp, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=[src_h=, src_p=, dst_h=127.0.0.3, dst_p=, src_m=, dst_m=, redirect_port=], id=7, cid=7, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F] +netcontrol debug (Debug-All): add_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=8.8.8.8/32, src_p=53/udp, dst_h=127.0.0.2/32, dst_p=, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=[src_h=8.8.8.8, src_p=, dst_h=, dst_p=, src_m=, dst_m=, redirect_port=], id=8, cid=8, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F] +netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=127.0.0.2/32, src_p=, dst_h=127.0.0.3/32, dst_p=80/tcp, src_m=, dst_m=], ip=, mac=], expire=15.0 secs, priority=5, location=, out_port=, mod=, id=9, cid=9, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F] +netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::MAC, conn=, flow=, ip=, mac=FF:FF:FF:FF:FF:FF], expire=15.0 secs, priority=0, location=, out_port=, mod=, id=10, cid=10, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F] +netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=, src_p=, dst_h=, dst_p=, src_m=FF:FF:FF:FF:FF:FF, dst_m=], ip=, mac=], expire=15.0 secs, priority=0, location=, out_port=, mod=, id=11, cid=11, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F] diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/netcontrol.log index cee95003b7..da4487f10f 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/netcontrol.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/netcontrol.log @@ -3,50 +3,30 @@ #empty_field (empty) #unset_field - #path netcontrol -#open 2016-03-08-21-39-06 +#open 2016-03-09-22-21-13 #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #types time string enum string enum string enum string string string string int interval string string -1457473146.241696 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All -1457473146.241696 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All -1457473146.241696 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - -1457473146.241696 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 - - 0 30.000000 - Debug-All -1457473146.241696 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 1.1.2.2/32 - - 0 15.000000 Hi there Debug-All -1457473146.241696 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 1.2.3.4/32 - - 5 15.000000 - Debug-All -1457473146.241696 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 -> 5 - 0 30.000000 - Debug-All -1457473146.241696 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->*/* - - 0 15.000000 - Debug-All -1457473146.241696 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->8.8.8.8/32/53 Src: _/_ (_) Dst: 127.0.0.3/_ (_) - 5 15.000000 - Debug-All -1457473146.241696 8 NetControl::RULE ADD NetControl::REQUESTED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 8.8.8.8/32/53->127.0.0.2/32/* Src: 8.8.8.8/_ (_) Dst: _/_ (_) - 5 15.000000 - Debug-All -1457473146.241696 9 NetControl::RULE ADD NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->127.0.0.3/32/80 - - 5 15.000000 - Debug-All -1457473146.241696 10 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::MAC FF:FF:FF:FF:FF:FF - - 0 15.000000 - Debug-All -1457473146.241696 11 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/* (FF:FF:FF:FF:FF:FF->*) - - 0 15.000000 - Debug-All -1457473146.241696 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 - - 0 30.000000 - Debug-All -1457473146.241696 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 1.1.2.2/32 - - 0 15.000000 Hi there Debug-All -1457473146.241696 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 1.2.3.4/32 - - 5 15.000000 - Debug-All -1457473146.241696 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 -> 5 - 0 30.000000 - Debug-All -1457473146.241696 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->*/* - - 0 15.000000 - Debug-All -1457473146.241696 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->8.8.8.8/32/53 Src: _/_ (_) Dst: 127.0.0.3/_ (_) - 5 15.000000 - Debug-All -1457473146.241696 8 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 8.8.8.8/32/53->127.0.0.2/32/* Src: 8.8.8.8/_ (_) Dst: _/_ (_) - 5 15.000000 - Debug-All -1457473146.241696 9 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->127.0.0.3/32/80 - - 5 15.000000 - Debug-All -1457473146.241696 10 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::MAC FF:FF:FF:FF:FF:FF - - 0 15.000000 - Debug-All -1457473146.241696 11 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/* (FF:FF:FF:FF:FF:FF->*) - - 0 15.000000 - Debug-All -1457473146.241696 7 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->8.8.8.8/32/53 Src: _/_ (_) Dst: 127.0.0.3/_ (_) - 5 15.000000 - Debug-All -1457473146.241696 8 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 8.8.8.8/32/53->127.0.0.2/32/* Src: 8.8.8.8/_ (_) Dst: _/_ (_) - 5 15.000000 - Debug-All -1457473146.241696 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 1.1.2.2/32 - - 0 15.000000 Hi there Debug-All -1457473146.241696 9 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->127.0.0.3/32/80 - - 5 15.000000 - Debug-All -1457473146.241696 11 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/* (FF:FF:FF:FF:FF:FF->*) - - 0 15.000000 - Debug-All -1457473146.241696 6 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->*/* - - 0 15.000000 - Debug-All -1457473146.241696 10 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::MAC FF:FF:FF:FF:FF:FF - - 0 15.000000 - Debug-All -1457473146.241696 4 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 1.2.3.4/32 - - 5 15.000000 - Debug-All -1457473146.241696 5 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 -> 5 - 0 30.000000 - Debug-All -1457473146.241696 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 - - 0 30.000000 - Debug-All -1457473146.241696 7 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->8.8.8.8/32/53 Src: _/_ (_) Dst: 127.0.0.3/_ (_) - 5 15.000000 - Debug-All -1457473146.241696 8 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 8.8.8.8/32/53->127.0.0.2/32/* Src: 8.8.8.8/_ (_) Dst: _/_ (_) - 5 15.000000 - Debug-All -1457473146.241696 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 1.1.2.2/32 - - 0 15.000000 Hi there Debug-All -1457473146.241696 9 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->127.0.0.3/32/80 - - 5 15.000000 - Debug-All -1457473146.241696 11 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/* (FF:FF:FF:FF:FF:FF->*) - - 0 15.000000 - Debug-All -1457473146.241696 6 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->*/* - - 0 15.000000 - Debug-All -1457473146.241696 10 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::MAC FF:FF:FF:FF:FF:FF - - 0 15.000000 - Debug-All -1457473146.241696 4 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 1.2.3.4/32 - - 5 15.000000 - Debug-All -1457473146.241696 5 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 -> 5 - 0 30.000000 - Debug-All -1457473146.241696 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 - - 0 30.000000 - Debug-All -#close 2016-03-08-21-39-06 +1457562073.119593 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All +1457562073.119593 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All +1457562073.119593 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - +1457562073.119593 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 - - 0 30.000000 - Debug-All +1457562073.119593 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 1.1.2.2/32 - - 0 15.000000 Hi there Debug-All +1457562073.119593 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 1.2.3.4/32 - - 5 15.000000 - Debug-All +1457562073.119593 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 -> 5 - 0 30.000000 - Debug-All +1457562073.119593 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->*/* - - 0 15.000000 - Debug-All +1457562073.119593 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->8.8.8.8/32/53 Src: _/_ (_) Dst: 127.0.0.3/_ (_) - 5 15.000000 - Debug-All +1457562073.119593 8 NetControl::RULE ADD NetControl::REQUESTED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 8.8.8.8/32/53->127.0.0.2/32/* Src: 8.8.8.8/_ (_) Dst: _/_ (_) - 5 15.000000 - Debug-All +1457562073.119593 9 NetControl::RULE ADD NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->127.0.0.3/32/80 - - 5 15.000000 - Debug-All +1457562073.119593 10 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::MAC FF:FF:FF:FF:FF:FF - - 0 15.000000 - Debug-All +1457562073.119593 11 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/* (FF:FF:FF:FF:FF:FF->*) - - 0 15.000000 - Debug-All +1457562073.119593 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 - - 0 30.000000 - Debug-All +1457562073.119593 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 1.1.2.2/32 - - 0 15.000000 Hi there Debug-All +1457562073.119593 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 1.2.3.4/32 - - 5 15.000000 - Debug-All +1457562073.119593 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.17.1/32/32->192.168.17.2/32/32 -> 5 - 0 30.000000 - Debug-All +1457562073.119593 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->*/* - - 0 15.000000 - Debug-All +1457562073.119593 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->8.8.8.8/32/53 Src: _/_ (_) Dst: 127.0.0.3/_ (_) - 5 15.000000 - Debug-All +1457562073.119593 8 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::MODIFY NetControl::FORWARD NetControl::FLOW 8.8.8.8/32/53->127.0.0.2/32/* Src: 8.8.8.8/_ (_) Dst: _/_ (_) - 5 15.000000 - Debug-All +1457562073.119593 9 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::FLOW 127.0.0.2/32/*->127.0.0.3/32/80 - - 5 15.000000 - Debug-All +1457562073.119593 10 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::MAC FF:FF:FF:FF:FF:FF - - 0 15.000000 - Debug-All +1457562073.119593 11 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::FLOW */*->*/* (FF:FF:FF:FF:FF:FF->*) - - 0 15.000000 - Debug-All +#close 2016-03-09-22-21-13 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out index c6d61a3a14..3b02eef7c7 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out @@ -1,5 +1,5 @@ BrokerComm::incoming_connection_established -add_rule, 0, [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_id=1] -add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=3, cid=3, _plugin_id=1] -remove_rule, 0, [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_id=1] -remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=3, cid=3, _plugin_id=1] +add_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP +add_rule, 0, [ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], NetControl::DROP +remove_rule, 0, [ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP +remove_rule, 0, [ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], NetControl::DROP diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.send.out b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.send.out index 65f523ea94..31d94be31e 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.send.out +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.send.out @@ -1,7 +1,7 @@ BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp -rule added, [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_id=1] -rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=3, cid=3, _plugin_id=1] -rule timeout, [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_id=1], [duration=, packet_count=, byte_count=] -rule removed, [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_id=1] -rule timeout, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=3, cid=3, _plugin_id=1], [duration=, packet_count=, byte_count=] -rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], expire=36000.0, priority=0, location=, out_port=, mod=, id=3, cid=3, _plugin_id=1] +rule added, [ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP +rule added, [ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], NetControl::DROP +rule timeout, [ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP, [duration=, packet_count=, byte_count=] +rule removed, [ty=NetControl::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], NetControl::DROP +rule timeout, [ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], NetControl::DROP, [duration=, packet_count=, byte_count=] +rule removed, [ty=NetControl::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], NetControl::DROP diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/.stdout b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/.stdout deleted file mode 100644 index 17c390799f..0000000000 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/.stdout +++ /dev/null @@ -1,11 +0,0 @@ -netcontrol debug (Debug-All): init -netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=10.0 mins, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=1.0 hr, priority=0, location=Re-drop by catch-and-release, out_port=, mod=, id=3, cid=3, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=1.0 day, priority=0, location=Re-drop by catch-and-release, out_port=, mod=, id=4, cid=4, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=7.0 days, priority=0, location=Re-drop by catch-and-release, out_port=, mod=, id=5, cid=5, _plugin_id=1] -netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=7.0 days, priority=0, location=Re-drop by catch-and-release, out_port=, mod=, id=6, cid=6, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=10.0 mins, priority=0, location=, out_port=, mod=, id=2, cid=2, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=1.0 hr, priority=0, location=Re-drop by catch-and-release, out_port=, mod=, id=3, cid=3, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=1.0 day, priority=0, location=Re-drop by catch-and-release, out_port=, mod=, id=4, cid=4, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=7.0 days, priority=0, location=Re-drop by catch-and-release, out_port=, mod=, id=6, cid=6, _plugin_id=1] -netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=, flow=, ip=192.168.18.50/32, mac=], expire=7.0 days, priority=0, location=Re-drop by catch-and-release, out_port=, mod=, id=5, cid=5, _plugin_id=1] diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log index 823a2e6cd7..f3bd6fafe0 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log @@ -3,30 +3,16 @@ #empty_field (empty) #unset_field - #path netcontrol -#open 2016-03-08-22-15-32 +#open 2016-03-09-23-42-34 #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #types time string enum string enum string enum string string string string int interval string string 0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All 0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All 0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - 1398529018.678276 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All -1398529018.678276 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release Debug-All -1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release Debug-All -1398529018.678276 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release Debug-All -1398529018.678276 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release Debug-All +1398529018.678276 3 NetControl::RULE - NetControl::FAILED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - discarded duplicate insertion 0 3600.000000 Re-drop by catch-and-release - +1398529018.678276 4 NetControl::RULE - NetControl::FAILED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - discarded duplicate insertion 0 86400.000000 Re-drop by catch-and-release - +1398529018.678276 5 NetControl::RULE - NetControl::FAILED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - discarded duplicate insertion 0 604800.000000 Re-drop by catch-and-release - +1398529018.678276 6 NetControl::RULE - NetControl::FAILED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - discarded duplicate insertion 0 604800.000000 Re-drop by catch-and-release - 1398529018.678276 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All -1398529018.678276 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release Debug-All -1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release Debug-All -1398529018.678276 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release Debug-All -1398529018.678276 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release Debug-All -1398529020.164464 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All -1398529020.164464 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release Debug-All -1398529020.164464 4 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release Debug-All -1398529020.164464 6 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release Debug-All -1398529020.164464 5 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release Debug-All -1398529020.164464 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - Debug-All -1398529020.164464 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release Debug-All -1398529020.164464 4 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release Debug-All -1398529020.164464 6 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release Debug-All -1398529020.164464 5 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release Debug-All -#close 2016-03-08-22-15-32 +#close 2016-03-09-23-42-34 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.duplicate/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.duplicate/netcontrol.log new file mode 100644 index 0000000000..780c3d9c64 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.duplicate/netcontrol.log @@ -0,0 +1,15 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path netcontrol +#open 2016-03-09-23-06-58 +#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin +#types time string enum string enum string enum string string string string int interval string string +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All +0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - +1394747126.854788 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.4.149/32 - - 0 0.000000 - Debug-All +1394747126.854788 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.4.149/32 - - 0 0.000000 - Debug-All +1394747129.505358 3 NetControl::RULE - NetControl::FAILED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.4.149/32 - discarded duplicate insertion 0 0.000000 - - +#close 2016-03-09-23-06-58 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.hook/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.hook/netcontrol.log index ce0d07a261..2936694e2a 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.hook/netcontrol.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.hook/netcontrol.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path netcontrol -#open 2016-03-08-22-00-47 +#open 2016-03-09-23-15-50 #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #types time string enum string enum string enum string string string string int interval string string 0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All @@ -13,8 +13,4 @@ 1398529018.678276 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 0.0.0.0/0/56981->74.125.239.97/32/443 -> 5 - 0 30.000000 - Debug-All 1398529018.678276 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 0.0.0.0/0/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All 1398529018.678276 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 0.0.0.0/0/56981->74.125.239.97/32/443 -> 5 - 0 30.000000 - Debug-All -1398529020.164464 5 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 0.0.0.0/0/56981->74.125.239.97/32/443 -> 5 - 0 30.000000 - Debug-All -1398529020.164464 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 0.0.0.0/0/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All -1398529020.164464 5 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 0.0.0.0/0/56981->74.125.239.97/32/443 -> 5 - 0 30.000000 - Debug-All -1398529020.164464 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 0.0.0.0/0/56981->74.125.239.97/32/443 - - 0 30.000000 - Debug-All -#close 2016-03-08-22-00-47 +#close 2016-03-09-23-15-50 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/netcontrol.log index 0ffea89a1a..986c1cd5a2 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/netcontrol.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/netcontrol.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path netcontrol -#open 2016-03-08-22-46-38 +#open 2016-03-09-23-40-32 #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #types time string enum string enum string enum string string string string int interval string string 0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 10 - - - Debug-All @@ -16,31 +16,34 @@ 0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - Openflow-Log-42 1398529018.678276 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Debug-All 1398529018.678276 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Openflow-Log-42 -1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Debug-All -1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Openflow-Log-42 -1398529018.678276 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Debug-All -1398529018.678276 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Openflow-Log-42 -1398529018.678276 8 NetControl::RULE ADD NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Debug-All -1398529018.678276 8 NetControl::RULE ADD NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Openflow-Log-42 +1398529018.678276 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Debug-All +1398529018.678276 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Openflow-Log-42 +1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Debug-All +1398529018.678276 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Openflow-Log-42 +1398529018.678276 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Debug-All +1398529018.678276 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Openflow-Log-42 1398529018.678276 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Debug-All -1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Debug-All -1398529018.678276 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Debug-All -1398529018.678276 8 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Debug-All +1398529018.678276 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Debug-All +1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Debug-All +1398529018.678276 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Debug-All 1398529018.678276 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Openflow-Log-42 -1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Openflow-Log-42 -1398529018.678276 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Openflow-Log-42 -1398529018.678276 8 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Openflow-Log-42 -1398529018.678429 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Debug-All -1398529018.678429 4 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Debug-All -1398529018.678429 6 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Debug-All -1398529018.678429 8 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Debug-All -1398529018.678429 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Debug-All -1398529018.678429 4 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Debug-All -1398529018.678429 6 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Debug-All -1398529018.678429 8 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Debug-All -1398529020.164464 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Openflow-Log-42 -1398529020.164464 4 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Openflow-Log-42 -1398529020.164464 6 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Openflow-Log-42 -1398529020.164464 8 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Openflow-Log-42 -1398529020.164464 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Openflow-Log-42 -#close 2016-03-08-22-46-38 +1398529018.678276 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Openflow-Log-42 +1398529018.678276 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Openflow-Log-42 +1398529018.678276 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Openflow-Log-42 +1398529020.091883 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Openflow-Log-42 +1398529020.091883 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Debug-All +1398529020.091883 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Openflow-Log-42 +1398529020.091883 3 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Debug-All +1398529020.091883 4 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Openflow-Log-42 +1398529020.091883 4 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Debug-All +1398529020.091883 5 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Openflow-Log-42 +1398529020.091883 5 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Debug-All +1398529020.091883 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Debug-All +1398529020.091883 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Debug-All +1398529020.091883 4 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Debug-All +1398529020.091883 5 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Debug-All +1398529020.091883 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 - - 0 0.000000 - Openflow-Log-42 +1398529020.091883 3 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 0.000000 - Openflow-Log-42 +1398529020.091883 4 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::WHITELIST NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 5 0.000000 - Openflow-Log-42 +1398529020.091883 5 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::REDIRECT NetControl::FORWARD NetControl::FLOW 192.168.18.50/32/56981->74.125.239.97/32/443 -> 5 - 0 0.000000 - Openflow-Log-42 +#close 2016-03-09-23-40-32 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/openflow.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/openflow.log new file mode 100644 index 0000000000..ead5d70ec7 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/openflow.log @@ -0,0 +1,21 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path openflow +#open 2016-03-09-23-40-54 +#fields ts dpid match.in_port match.dl_src match.dl_dst match.dl_vlan match.dl_vlan_pcp match.dl_type match.nw_tos match.nw_proto match.nw_src match.nw_dst match.tp_src match.tp_dst flow_mod.cookie flow_mod.table_id flow_mod.command flow_mod.idle_timeout flow_mod.hard_timeout flow_mod.priority flow_mod.out_port flow_mod.out_group flow_mod.flags flow_mod.actions.out_ports flow_mod.actions.vlan_vid flow_mod.actions.vlan_pcp flow_mod.actions.vlan_strip flow_mod.actions.dl_src flow_mod.actions.dl_dst flow_mod.actions.nw_tos flow_mod.actions.nw_src flow_mod.actions.nw_dst flow_mod.actions.tp_src flow_mod.actions.tp_dst +#types time count count string string count count count count count subnet subnet count count count count enum count count count count count count vector[count] count count bool string string count addr addr count count +1398529018.678276 42 - - - - - 2048 - 6 192.168.18.50/32 74.125.239.97/32 56981 443 4398046511108 - OpenFlow::OFPFC_ADD 0 0 0 - - 1 (empty) - - F - - - - - - - +1398529018.678276 42 - - - - - 2048 - - 192.168.18.50/32 - - - 4398046511110 - OpenFlow::OFPFC_ADD 0 0 0 - - 1 (empty) - - F - - - - - - - +1398529018.678276 42 - - - - - 2048 - - - 192.168.18.50/32 - - 4398046511111 - OpenFlow::OFPFC_ADD 0 0 0 - - 1 (empty) - - F - - - - - - - +1398529018.678276 42 - - - - - 2048 - - 192.168.18.50/32 - - - 4398046511112 - OpenFlow::OFPFC_ADD 0 0 5 - - 1 4294967290 - - F - - - - - - - +1398529018.678276 42 - - - - - 2048 - - - 192.168.18.50/32 - - 4398046511113 - OpenFlow::OFPFC_ADD 0 0 5 - - 1 4294967290 - - F - - - - - - - +1398529018.678276 42 - - - - - 2048 - 6 192.168.18.50/32 74.125.239.97/32 56981 443 4398046511114 - OpenFlow::OFPFC_ADD 0 0 0 - - 1 5 - - F - - - - - - - +1398529020.091883 42 - - - - - - - - - - - - 4398046511108 - OpenFlow::OFPFC_DELETE 0 0 0 - - 0 (empty) - - F - - - - - - - +1398529020.091883 42 - - - - - - - - - - - - 4398046511110 - OpenFlow::OFPFC_DELETE 0 0 0 - - 0 (empty) - - F - - - - - - - +1398529020.091883 42 - - - - - - - - - - - - 4398046511111 - OpenFlow::OFPFC_DELETE 0 0 0 - - 0 (empty) - - F - - - - - - - +1398529020.091883 42 - - - - - - - - - - - - 4398046511112 - OpenFlow::OFPFC_DELETE 0 0 0 - - 0 (empty) - - F - - - - - - - +1398529020.091883 42 - - - - - - - - - - - - 4398046511113 - OpenFlow::OFPFC_DELETE 0 0 0 - - 0 (empty) - - F - - - - - - - +1398529020.091883 42 - - - - - - - - - - - - 4398046511114 - OpenFlow::OFPFC_DELETE 0 0 0 - - 0 (empty) - - F - - - - - - - +#close 2016-03-09-23-40-54 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/netcontrol.log index cec23634b4..abab12a0c9 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/netcontrol.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/netcontrol.log @@ -3,7 +3,7 @@ #empty_field (empty) #unset_field - #path netcontrol -#open 2016-03-08-22-47-07 +#open 2016-03-09-23-28-53 #fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin #types time string enum string enum string enum string string string string int interval string string 0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Openflow-Log-42 @@ -11,15 +11,15 @@ 0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - 0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - Openflow-Log-42 1254722767.875996 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 30.000000 - Openflow-Log-42 -1254722767.875996 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 15.000000 - Openflow-Log-42 +1254722767.875996 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 74.53.140.153/32 - - 0 15.000000 - Openflow-Log-42 1254722767.875996 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 10.10.1.4/32/1470->74.53.140.153/32/25 - - 0 30.000000 - Openflow-Log-42 -1254722767.875996 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 10.10.1.4/32 - - 0 15.000000 - Openflow-Log-42 +1254722767.875996 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 74.53.140.153/32 - - 0 15.000000 - Openflow-Log-42 1437831787.861602 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.133.100/32/49648->192.168.133.102/32/25 - - 0 30.000000 - Openflow-Log-42 -1437831787.861602 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.133.100/32 - - 0 15.000000 - Openflow-Log-42 +1437831787.861602 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.133.102/32 - - 0 15.000000 - Openflow-Log-42 1437831787.861602 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.133.100/32/49648->192.168.133.102/32/25 - - 0 30.000000 - Openflow-Log-42 -1437831787.861602 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.133.100/32 - - 0 15.000000 - Openflow-Log-42 +1437831787.861602 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.133.102/32 - - 0 15.000000 - Openflow-Log-42 1437831799.610433 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.133.100/32/49655->17.167.150.73/32/443 - - 0 30.000000 - Openflow-Log-42 -1437831799.610433 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.133.100/32 - - 0 15.000000 - Openflow-Log-42 +1437831799.610433 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 17.167.150.73/32 - - 0 15.000000 - Openflow-Log-42 1437831799.610433 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::MONITOR NetControl::FLOW 192.168.133.100/32/49655->17.167.150.73/32/443 - - 0 30.000000 - Openflow-Log-42 -1437831799.610433 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.133.100/32 - - 0 15.000000 - Openflow-Log-42 -#close 2016-03-08-22-47-07 +1437831799.610433 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 17.167.150.73/32 - - 0 15.000000 - Openflow-Log-42 +#close 2016-03-09-23-28-53 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/openflow.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/openflow.log index 56274f20f8..6cff86bdb2 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/openflow.log +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/openflow.log @@ -3,16 +3,16 @@ #empty_field (empty) #unset_field - #path openflow -#open 2016-02-11-21-07-34 +#open 2016-03-09-23-28-53 #fields ts dpid match.in_port match.dl_src match.dl_dst match.dl_vlan match.dl_vlan_pcp match.dl_type match.nw_tos match.nw_proto match.nw_src match.nw_dst match.tp_src match.tp_dst flow_mod.cookie flow_mod.table_id flow_mod.command flow_mod.idle_timeout flow_mod.hard_timeout flow_mod.priority flow_mod.out_port flow_mod.out_group flow_mod.flags flow_mod.actions.out_ports flow_mod.actions.vlan_vid flow_mod.actions.vlan_pcp flow_mod.actions.vlan_strip flow_mod.actions.dl_src flow_mod.actions.dl_dst flow_mod.actions.nw_tos flow_mod.actions.nw_src flow_mod.actions.nw_dst flow_mod.actions.tp_src flow_mod.actions.tp_dst #types time count count string string count count count count count subnet subnet count count count count enum count count count count count count vector[count] count count bool string string count addr addr count count 1254722767.875996 42 - - - - - 2048 - 6 10.10.1.4/32 74.53.140.153/32 1470 25 4398046511108 - OpenFlow::OFPFC_ADD 0 30 0 - - 1 (empty) - - F - - - - - - - -1254722767.875996 42 - - - - - 2048 - - 10.10.1.4/32 - - - 4398046511110 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - -1254722767.875996 42 - - - - - 2048 - - - 10.10.1.4/32 - - 4398046511111 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - +1254722767.875996 42 - - - - - 2048 - - 74.53.140.153/32 - - - 4398046511110 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - +1254722767.875996 42 - - - - - 2048 - - - 74.53.140.153/32 - - 4398046511111 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - 1437831787.861602 42 - - - - - 2048 - 6 192.168.133.100/32 192.168.133.102/32 49648 25 4398046511112 - OpenFlow::OFPFC_ADD 0 30 0 - - 1 (empty) - - F - - - - - - - -1437831787.861602 42 - - - - - 2048 - - 192.168.133.100/32 - - - 4398046511114 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - -1437831787.861602 42 - - - - - 2048 - - - 192.168.133.100/32 - - 4398046511115 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - +1437831787.861602 42 - - - - - 2048 - - 192.168.133.102/32 - - - 4398046511114 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - +1437831787.861602 42 - - - - - 2048 - - - 192.168.133.102/32 - - 4398046511115 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - 1437831799.610433 42 - - - - - 2048 - 6 192.168.133.100/32 17.167.150.73/32 49655 443 4398046511116 - OpenFlow::OFPFC_ADD 0 30 0 - - 1 (empty) - - F - - - - - - - -1437831799.610433 42 - - - - - 2048 - - 192.168.133.100/32 - - - 4398046511118 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - -1437831799.610433 42 - - - - - 2048 - - - 192.168.133.100/32 - - 4398046511119 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - -#close 2016-02-11-21-07-34 +1437831799.610433 42 - - - - - 2048 - - 17.167.150.73/32 - - - 4398046511118 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - +1437831799.610433 42 - - - - - 2048 - - - 17.167.150.73/32 - - 4398046511119 - OpenFlow::OFPFC_ADD 0 15 0 - - 1 (empty) - - F - - - - - - - +#close 2016-03-09-23-28-53 diff --git a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.timeout/netcontrol.log b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.timeout/netcontrol.log new file mode 100644 index 0000000000..957af822e2 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.timeout/netcontrol.log @@ -0,0 +1,17 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path netcontrol +#open 2016-03-09-23-06-49 +#fields ts rule_id category cmd state action target entity_type entity mod msg priority expire location plugin +#types time string enum string enum string enum string string string string int interval string string +0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - Debug-All +0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - Debug-All +0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - - +1457564809.281931 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +1457564809.281931 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +1457564810.695538 2 NetControl::RULE EXPIRE NetControl::TIMEOUT NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +1457564810.695538 2 NetControl::RULE REMOVE NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +1457564810.695538 2 NetControl::RULE REMOVE NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 1.000000 - Debug-All +#close 2016-03-09-23-06-51 diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro index da0f74900e..566739c0b7 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro @@ -70,13 +70,13 @@ event connection_established(c: connection) event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string) { - print "rule added", r; + print "rule added", r$entity, r$ty; NetControl::remove_rule(r$id); } event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string) { - print "rule removed", r; + print "rule removed", r$entity, r$ty; } @TEST-END-FILE @@ -103,14 +103,14 @@ event BrokerComm::incoming_connection_established(peer_name: string) event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule) { - print "add_rule", id, r, ar; + print "add_rule", id, r$entity, r$ty, ar; BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_added, id, r, ar$command)); } event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule) { - print "remove_rule", id, r, ar; + print "remove_rule", id, r$entity, r$ty, ar; BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_removed, id, r, ar$command)); diff --git a/testing/btest/scripts/base/frameworks/netcontrol/acld.bro b/testing/btest/scripts/base/frameworks/netcontrol/acld.bro index 33c943f68d..dfeaee1055 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/acld.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/acld.bro @@ -63,13 +63,13 @@ event connection_established(c: connection) event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string) { - print "rule added", r; + print "rule added", r$entity, r$ty; NetControl::remove_rule(r$id); } event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string) { - print "rule removed", r; + print "rule removed", r$entity, r$ty; } @TEST-END-FILE @@ -96,14 +96,14 @@ event BrokerComm::incoming_connection_established(peer_name: string) event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule) { - print "add_rule", id, r, ar; + print "add_rule", id, r$entity, r$ty, ar; BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_added, id, r, ar$command)); } event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule) { - print "remove_rule", id, r, ar; + print "remove_rule", id, r$entity, r$ty, ar; BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_removed, id, r, ar$command)); diff --git a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro index f255f619d8..c476751d57 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro @@ -30,8 +30,8 @@ event NetControl::init() event connection_established(c: connection) { local id = c$id; - NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec); - NetControl::drop_address(id$orig_h, 15sec); + NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 1sec); + NetControl::drop_address(id$orig_h, 1sec); } event terminate_me() { diff --git a/testing/btest/scripts/base/frameworks/netcontrol/broker.bro b/testing/btest/scripts/base/frameworks/netcontrol/broker.bro index 30b9d18c1c..56a76433f2 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/broker.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/broker.bro @@ -49,18 +49,18 @@ event connection_established(c: connection) event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string) { - print "rule added", r; + print "rule added", r$entity, r$ty; NetControl::remove_rule(r$id); } event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string) { - print "rule removed", r; + print "rule removed", r$entity, r$ty; } event NetControl::rule_timeout(r: NetControl::Rule, i: NetControl::FlowInfo, p: NetControl::PluginState) { - print "rule timeout", r, i; + print "rule timeout", r$entity, r$ty, i; } @TEST-END-FILE @@ -87,14 +87,14 @@ event BrokerComm::incoming_connection_established(peer_name: string) event NetControl::broker_add_rule(id: count, r: NetControl::Rule) { - print "add_rule", id, r; + print "add_rule", id, r$entity, r$ty; BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_added, id, r, "")); } event NetControl::broker_remove_rule(id: count, r: NetControl::Rule) { - print "remove_rule", id, r; + print "remove_rule", id, r$entity, r$ty; BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo())); BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_removed, id, r, "")); diff --git a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro index 0710fb6981..a809833ecf 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro @@ -1,6 +1,5 @@ # @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log -# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stdout @load base/frameworks/netcontrol diff --git a/testing/btest/scripts/base/frameworks/netcontrol/duplicate.bro b/testing/btest/scripts/base/frameworks/netcontrol/duplicate.bro new file mode 100644 index 0000000000..c64bd9e16b --- /dev/null +++ b/testing/btest/scripts/base/frameworks/netcontrol/duplicate.bro @@ -0,0 +1,15 @@ +# @TEST-EXEC: bro -b -r $TRACES/tls/google-duplicate.trace %INPUT +# @TEST-EXEC: btest-diff netcontrol.log + +@load base/frameworks/netcontrol + +event NetControl::init() + { + local netcontrol_debug = NetControl::create_debug(T); + NetControl::activate(netcontrol_debug, 0); + } + +event connection_established(c: connection) + { + NetControl::drop_address(c$id$orig_h, 0secs); + } diff --git a/testing/btest/scripts/base/frameworks/netcontrol/multiple.bro b/testing/btest/scripts/base/frameworks/netcontrol/multiple.bro index db98382615..56a764f2e9 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/multiple.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/multiple.bro @@ -1,5 +1,6 @@ # @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log +# @TEST-EXEC: btest-diff openflow.log @load base/frameworks/netcontrol @@ -22,6 +23,7 @@ event remove_all() NetControl::remove_rule(rules[i]); } + event connection_established(c: connection) { local id = c$id; @@ -30,6 +32,6 @@ event connection_established(c: connection) rules[|rules|] = NetControl::whitelist_address(id$orig_h, 0secs); rules[|rules|] = NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 0secs); - schedule 10sec { remove_all() }; + schedule 1sec { remove_all() }; } diff --git a/testing/btest/scripts/base/frameworks/netcontrol/openflow.bro b/testing/btest/scripts/base/frameworks/netcontrol/openflow.bro index 47cb0fb9e4..36c06fcc3d 100644 --- a/testing/btest/scripts/base/frameworks/netcontrol/openflow.bro +++ b/testing/btest/scripts/base/frameworks/netcontrol/openflow.bro @@ -17,5 +17,5 @@ event connection_established(c: connection) { local id = c$id; NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec); - NetControl::drop_address(id$orig_h, 15sec); + NetControl::drop_address(id$resp_h, 15sec); } diff --git a/testing/btest/scripts/base/frameworks/netcontrol/timeout.bro b/testing/btest/scripts/base/frameworks/netcontrol/timeout.bro new file mode 100644 index 0000000000..e308205ffc --- /dev/null +++ b/testing/btest/scripts/base/frameworks/netcontrol/timeout.bro @@ -0,0 +1,15 @@ +# @TEST-EXEC: bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime %INPUT +# @TEST-EXEC: btest-diff netcontrol.log + +@load base/frameworks/netcontrol + +event NetControl::init() + { + local netcontrol_debug = NetControl::create_debug(T); + NetControl::activate(netcontrol_debug, 0); + } + +event connection_established(c: connection) + { + NetControl::drop_address(c$id$orig_h, 1secs); + }