Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 11:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Rewrite internal handling of rules.

Browse source 
This has no user-facing changes. It makes the internal handling of rules
much easier (no crazy duplicate rules in case our rules are added to
several backends).

It also fixes several open ends and small bugs in the process.
This commit is contained in:
Johanna Amann 2016-03-09 15:43:47 -08:00
parent 562e5a9f63
commit 7ef431808d
31 changed files with 409 additions and 295 deletions
Download patch file Download diff file Expand all files Collapse all files

8
testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro
View file

@ -70,13 +70,13 @@ event connection_established(c: connection)
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
print "rule added", r;
print "rule added", r$entity, r$ty;
NetControl::remove_rule(r$id);
}
event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
print "rule removed", r;
print "rule removed", r$entity, r$ty;
}
@TEST-END-FILE
@ -103,14 +103,14 @@ event BrokerComm::incoming_connection_established(peer_name: string)
event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
{
print "add_rule", id, r, ar;
print "add_rule", id, r$entity, r$ty, ar;
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_added, id, r, ar$command));
}
event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
{
print "remove_rule", id, r, ar;
print "remove_rule", id, r$entity, r$ty, ar;
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_removed, id, r, ar$command));

8
testing/btest/scripts/base/frameworks/netcontrol/acld.bro
View file

@ -63,13 +63,13 @@ event connection_established(c: connection)
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
print "rule added", r;
print "rule added", r$entity, r$ty;
NetControl::remove_rule(r$id);
}
event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
print "rule removed", r;
print "rule removed", r$entity, r$ty;
}
@TEST-END-FILE
@ -96,14 +96,14 @@ event BrokerComm::incoming_connection_established(peer_name: string)
event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
{
print "add_rule", id, r, ar;
print "add_rule", id, r$entity, r$ty, ar;
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_added, id, r, ar$command));
}
event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
{
print "remove_rule", id, r, ar;
print "remove_rule", id, r$entity, r$ty, ar;
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_removed, id, r, ar$command));

4
testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro
View file

@ -30,8 +30,8 @@ event NetControl::init()
event connection_established(c: connection)
{
local id = c$id;
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
NetControl::drop_address(id$orig_h, 15sec);
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 1sec);
NetControl::drop_address(id$orig_h, 1sec);
}
event terminate_me() {

10
testing/btest/scripts/base/frameworks/netcontrol/broker.bro
View file

@ -49,18 +49,18 @@ event connection_established(c: connection)
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
print "rule added", r;
print "rule added", r$entity, r$ty;
NetControl::remove_rule(r$id);
}
event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
print "rule removed", r;
print "rule removed", r$entity, r$ty;
}
event NetControl::rule_timeout(r: NetControl::Rule, i: NetControl::FlowInfo, p: NetControl::PluginState)
{
print "rule timeout", r, i;
print "rule timeout", r$entity, r$ty, i;
}
@TEST-END-FILE
@ -87,14 +87,14 @@ event BrokerComm::incoming_connection_established(peer_name: string)
event NetControl::broker_add_rule(id: count, r: NetControl::Rule)
{
print "add_rule", id, r;
print "add_rule", id, r$entity, r$ty;
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_added, id, r, ""));
}
event NetControl::broker_remove_rule(id: count, r: NetControl::Rule)
{
print "remove_rule", id, r;
print "remove_rule", id, r$entity, r$ty;
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo()));
BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_removed, id, r, ""));

1
testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro
View file

@ -1,6 +1,5 @@
# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff .stdout
@load base/frameworks/netcontrol

15
testing/btest/scripts/base/frameworks/netcontrol/duplicate.bro Normal file
View file

@ -0,0 +1,15 @@
# @TEST-EXEC: bro -b -r $TRACES/tls/google-duplicate.trace %INPUT
# @TEST-EXEC: btest-diff netcontrol.log
@load base/frameworks/netcontrol
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T);
NetControl::activate(netcontrol_debug, 0);
}
event connection_established(c: connection)
{
NetControl::drop_address(c$id$orig_h, 0secs);
}

4
testing/btest/scripts/base/frameworks/netcontrol/multiple.bro
View file

@ -1,5 +1,6 @@
# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log
# @TEST-EXEC: btest-diff openflow.log
@load base/frameworks/netcontrol
@ -22,6 +23,7 @@ event remove_all()
NetControl::remove_rule(rules[i]);
}
event connection_established(c: connection)
{
local id = c$id;
@ -30,6 +32,6 @@ event connection_established(c: connection)
rules[|rules|] = NetControl::whitelist_address(id$orig_h, 0secs);
rules[|rules|] = NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 0secs);
schedule 10sec { remove_all() };
schedule 1sec { remove_all() };
}

2
testing/btest/scripts/base/frameworks/netcontrol/openflow.bro
View file

@ -17,5 +17,5 @@ event connection_established(c: connection)
{
local id = c$id;
NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
NetControl::drop_address(id$orig_h, 15sec);
NetControl::drop_address(id$resp_h, 15sec);
}

15
testing/btest/scripts/base/frameworks/netcontrol/timeout.bro Normal file
View file

@ -0,0 +1,15 @@
# @TEST-EXEC: bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime %INPUT
# @TEST-EXEC: btest-diff netcontrol.log
@load base/frameworks/netcontrol
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T);
NetControl::activate(netcontrol_debug, 0);
}
event connection_established(c: connection)
{
NetControl::drop_address(c$id$orig_h, 1secs);
}