Netcontrol: more logging in catch-and-release

Catch-and-release logs now include the plugin that is responsible for an action. Furthermore, the catch-and-release log also includes instances where a rule already existed, and where an error occurred during an operation.
2025-10-02 14:48:21 +00:00 · 2024-02-05 14:38:21 +00:00 · 2024-02-05 14:38:21 +00:00 · 979d43eac0
commit 979d43eac0
parent 2df520414e
10 changed files with 345 additions and 29 deletions
--- a/scripts/base/frameworks/netcontrol/plugins/debug.zeek
+++ b/scripts/base/frameworks/netcontrol/plugins/debug.zeek
@ -12,7 +12,21 @@ export {
 	##
 	## do_something: If true, the plugin will claim it supports all operations; if
 	##               false, it will indicate it doesn't support any.
+	##
+	## name: Optional name that for the plugin.
 	global create_debug: function(do_something: bool, name: string &default="") : PluginState;
+
+	## Instantiates a debug plugin for the NetControl framework. This variation
+	## of the plugin will return "exists" to any rule operations.
+	##
+	## name: Name of this plugin.
+	global create_debug_exists: function(name: string) : PluginState;
+
+	## Instantiates a debug plugin for the NetControl framework. This variation
+	## of the plugin will return "error" to any rule operations.
+	##
+	## name: Name of this plugin.
+	global create_debug_error: function(name: string) : PluginState;
 }

 function do_something(p: PluginState) : bool
@ -55,6 +69,34 @@ function debug_add_rule(p: PluginState, r: Rule) : bool
 	return F;
 	}

+function debug_add_rule_exists(p: PluginState, r: Rule) : bool
+	{
+	local s = fmt("add_rule_exists: %s", r);
+	debug_log(p, s);
+
+	if ( do_something(p) )
+		{
+		event NetControl::rule_exists(r, p);
+		return T;
+		}
+
+	return F;
+	}
+
+function debug_add_rule_error(p: PluginState, r: Rule) : bool
+	{
+	local s = fmt("add_rule_error: %s", r);
+	debug_log(p, s);
+
+	if ( do_something(p) )
+		{
+		event NetControl::rule_error(r, p, "debug error");
+		return T;
+		}
+
+	return F;
+	}
+
 function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool
 	{
 	local s = fmt("remove_rule (%s): %s", reason, r);
@ -87,3 +129,21 @@ function create_debug(do_something: bool, name: string) : PluginState

 	return p;
 	}
+
+function create_debug_error(name: string) : PluginState
+	{
+	local p: PluginState = copy([$plugin=debug_plugin]);
+	p$config["name"] = name;
+	p$config["all"] = "1";
+	p$plugin$add_rule = debug_add_rule_error;
+	return p;
+	}
+
+function create_debug_exists(name: string) : PluginState
+	{
+	local p: PluginState = copy([$plugin=debug_plugin]);
+	p$config["name"] = name;
+	p$config["all"] = "1";
+	p$plugin$add_rule = debug_add_rule_exists;
+	return p;
+	}