Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Netcontrol: more logging in catch-and-release

Browse source 
Catch-and-release logs now include the plugin that is responsible for an
action. Furthermore, the catch-and-release log also includes instances
where a rule already existed, and where an error occurred during an
operation.
This commit is contained in:
Johanna Amann 2024-02-05 14:38:21 +00:00
parent 2df520414e
commit 979d43eac0
10 changed files with 345 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

60
scripts/base/frameworks/netcontrol/plugins/debug.zeek
View file

@ -12,7 +12,21 @@ export {
## ##
## do_something: If true, the plugin will claim it supports all operations; if ## do_something: If true, the plugin will claim it supports all operations; if
## false, it will indicate it doesn't support any. ## false, it will indicate it doesn't support any.
##
## name: Optional name that for the plugin.
global create_debug: function(do_something: bool, name: string &default="") : PluginState; global create_debug: function(do_something: bool, name: string &default="") : PluginState;
## Instantiates a debug plugin for the NetControl framework. This variation
## of the plugin will return "exists" to any rule operations.
##
## name: Name of this plugin.
global create_debug_exists: function(name: string) : PluginState;
## Instantiates a debug plugin for the NetControl framework. This variation
## of the plugin will return "error" to any rule operations.
##
## name: Name of this plugin.
global create_debug_error: function(name: string) : PluginState;
} }
function do_something(p: PluginState) : bool function do_something(p: PluginState) : bool
@ -55,6 +69,34 @@ function debug_add_rule(p: PluginState, r: Rule) : bool
return F; return F;
} }
function debug_add_rule_exists(p: PluginState, r: Rule) : bool
{
local s = fmt("add_rule_exists: %s", r);
debug_log(p, s);
if ( do_something(p) )
{
event NetControl::rule_exists(r, p);
return T;
}
return F;
}
function debug_add_rule_error(p: PluginState, r: Rule) : bool
{
local s = fmt("add_rule_error: %s", r);
debug_log(p, s);
if ( do_something(p) )
{
event NetControl::rule_error(r, p, "debug error");
return T;
}
return F;
}
function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool
{ {
local s = fmt("remove_rule (%s): %s", reason, r); local s = fmt("remove_rule (%s): %s", reason, r);
@ -87,3 +129,21 @@ function create_debug(do_something: bool, name: string) : PluginState
return p; return p;
} }
function create_debug_error(name: string) : PluginState
{
local p: PluginState = copy([$plugin=debug_plugin]);
p$config["name"] = name;
p$config["all"] = "1";
p$plugin$add_rule = debug_add_rule_error;
return p;
}
function create_debug_exists(name: string) : PluginState
{
local p: PluginState = copy([$plugin=debug_plugin]);
p$config["name"] = name;
p$config["all"] = "1";
p$plugin$add_rule = debug_add_rule_exists;
return p;
}

31
scripts/policy/frameworks/netcontrol/catch-and-release.zeek
View file

@ -73,6 +73,8 @@ export {
location: string &log &optional; location: string &log &optional;
## Additional informational string by the catch and release framework about this log-line. ## Additional informational string by the catch and release framework about this log-line.
message: string &log &optional; message: string &log &optional;
## Plugin triggering the log entry.
plugin: string &log &optional;
}; };
## Stops all packets involving an IP address from being forwarded. This function ## Stops all packets involving an IP address from being forwarded. This function
@ -270,11 +272,40 @@ event rule_added(r: Rule, p: PluginState, msg: string)
local bi = blocks[ip]; local bi = blocks[ip];
local log = populate_log_record(ip, bi, DROPPED); local log = populate_log_record(ip, bi, DROPPED);
log$plugin = p$plugin$name(p);
if ( msg != "" ) if ( msg != "" )
log$message = msg; log$message = msg;
Log::write(CATCH_RELEASE, log); Log::write(CATCH_RELEASE, log);
} }
event rule_exists(r: Rule, p: PluginState, msg: string)
{
if ( !cr_check_rule(r) )
return;
local ip = subnet_to_addr(r$entity$ip);
local bi = blocks[ip];
local log = populate_log_record(ip, bi, INFO);
log$plugin = p$plugin$name(p);
local infomsg = "Existing rule encountered while inserting rule";
log$message = msg + infomsg;
print p;
Log::write(CATCH_RELEASE, log);
}
event rule_error(r: Rule, p: PluginState, msg: string)
{
if ( !cr_check_rule(r) )
return;
local ip = subnet_to_addr(r$entity$ip);
local bi = blocks[ip];
local log = populate_log_record(ip, bi, INFO);
log$message = "Error occurred during rule operation: " + msg;
Log::write(CATCH_RELEASE, log);
}
event rule_timeout(r: Rule, i: FlowInfo, p: PluginState) event rule_timeout(r: Rule, i: FlowInfo, p: PluginState)
{ {

16
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log
View file

@ -5,12 +5,12 @@
#unset_field - #unset_field -
#path netcontrol_catch_release #path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message #fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string #types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::ADDED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic. XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::ADDED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic. -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop - XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 - XXXXXXXXXX.XXXXXX 1 test drop - Debug-All
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - -
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 test drop - Debug-All
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - -
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 test drop - Debug-All
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

12
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log
View file

@ -5,10 +5,10 @@
#unset_field - #unset_field -
#path netcontrol_catch_release #path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message #fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string #types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROP_REQUESTED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROP_REQUESTED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROPPED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::DROPPED 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - Debug-All
XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::UNBLOCK 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::UNBLOCK 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::FORGOTTEN 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 10.0.0.1 NetControl::FORGOTTEN 1.000000 2.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

49
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol.log Normal file
View file

@ -0,0 +1,49 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - exists
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - exists
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - error
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - error
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - exists
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - error
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - exists
XXXXXXXXXX.XXXXXX 2 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 600.000000 - error
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 600.000000 - -
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 3 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 3600.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 3 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 3600.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 4 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 86400.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 4 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 86400.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 5 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 5 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 6 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 6 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::EXISTS NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: exists
XXXXXXXXXX.XXXXXX 7 NetControl::ERROR - - NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - debug error 0 604800.000000 Re-drop by catch-and-release: error
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1

35
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol_catch_release.log Normal file
View file

@ -0,0 +1,35 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Error occurred during rule operation: debug error -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - plugin-1
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - -
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::INFO 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::INFO 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - Error occurred during rule operation: debug error -
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - plugin-1
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - -
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::INFO 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::INFO 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - Error occurred during rule operation: debug error -
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - plugin-1
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - -
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - Error occurred during rule operation: debug error -
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - plugin-1
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - -
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - Error occurred during rule operation: debug error -
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - plugin-1
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - -
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - Existing rule encountered while inserting rule exists
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::INFO 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - Error occurred during rule operation: debug error -
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - plugin-1
#close XXXX-XX-XX-XX-XX-XX

35
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol.log Normal file
View file

@ -0,0 +1,35 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-1
0.000000 - NetControl::MESSAGE - - - - - - - activating plugin with priority 0 - - - plugin-2
0.000000 - NetControl::MESSAGE - - - - - - - activation finished - - - plugin-2
0.000000 - NetControl::MESSAGE - - - - - - - plugin initialization done - - - -
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-2
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-1
XXXXXXXXXX.XXXXXX 2 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 600.000000 - plugin-2
XXXXXXXXXX.XXXXXX 2 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 600.000000 - -
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 3 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 3600.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 3 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 3600.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 4 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 86400.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 4 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 86400.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 5 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 5 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 6 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 6 NetControl::RULE - NetControl::REMOVED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - delete_rule: testing 0 604800.000000 Re-drop by catch-and-release: -
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::REQUESTED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-1
XXXXXXXXXX.XXXXXX 7 NetControl::RULE ADD NetControl::SUCCEEDED NetControl::DROP NetControl::FORWARD NetControl::ADDRESS 192.168.18.50/32 - - 0 604800.000000 Re-drop by catch-and-release: plugin-2

29
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol_catch_release.log Normal file
View file

@ -0,0 +1,29 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - plugin-1
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - plugin-2
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - -
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - plugin-1
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - plugin-2
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - -
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - plugin-1
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - plugin-2
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - -
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - plugin-1
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - plugin-2
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - -
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - plugin-1
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - plugin-2
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - -
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - plugin-1
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - plugin-2
#close XXXX-XX-XX-XX-XX-XX

30
testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log
View file

@ -5,19 +5,19 @@
#unset_field - #unset_field -
#path netcontrol_catch_release #path netcontrol_catch_release
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message #fields ts rule_id ip action block_interval watch_interval blocked_until watched_until num_blocked location message plugin
#types time string addr enum interval interval time time count string string #types time string addr enum interval interval time time count string string string
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROP_REQUESTED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::INFO 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - Already blocked using catch-and-release - ignoring duplicate -
XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - XXXXXXXXXX.XXXXXX 2 192.168.18.50 NetControl::DROPPED 600.000000 3600.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 1 - - Debug-All
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::SEEN_AGAIN 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - -
XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - XXXXXXXXXX.XXXXXX 3 192.168.18.50 NetControl::DROPPED 3600.000000 86400.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 2 - - Debug-All
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::SEEN_AGAIN 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - -
XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - XXXXXXXXXX.XXXXXX 4 192.168.18.50 NetControl::DROPPED 86400.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 3 - - Debug-All
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - -
XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - XXXXXXXXXX.XXXXXX 5 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 4 - - Debug-All
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - -
XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - XXXXXXXXXX.XXXXXX 6 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 5 - - Debug-All
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::SEEN_AGAIN 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - -
XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - XXXXXXXXXX.XXXXXX 7 192.168.18.50 NetControl::DROPPED 604800.000000 604800.000000 XXXXXXXXXX.XXXXXX XXXXXXXXXX.XXXXXX 6 - - Debug-All
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

77
testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-two-plugins.zeek Normal file
View file

@ -0,0 +1,77 @@
# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log
# @TEST-EXEC: btest-diff netcontrol_catch_release.log
@load base/frameworks/netcontrol
@load policy/frameworks/netcontrol/catch-and-release
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
local netcontrol_debug_two = NetControl::create_debug(T, "plugin-2");
NetControl::activate(netcontrol_debug, 0);
NetControl::activate(netcontrol_debug_two, 0);
}
global i: count = 0;
event connection_established(c: connection)
{
local id = c$id;
NetControl::drop_address_catch_release(id$orig_h);
# second one should be ignored because duplicate
NetControl::drop_address_catch_release(id$orig_h);
}
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
if ( p$plugin$name(p) == "plugin-1" )
return;
if ( ++i >= 6 )
return;
# delete directly, without notifying anything.
NetControl::delete_rule(r$id, "testing");
NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
}
@TEST-START-NEXT
@load base/frameworks/netcontrol
@load policy/frameworks/netcontrol/catch-and-release
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
local netcontrol_debug_two = NetControl::create_debug_exists("exists");
local netcontrol_debug_error = NetControl::create_debug_error("error");
NetControl::activate(netcontrol_debug_two, 0);
NetControl::activate(netcontrol_debug_error, 0);
NetControl::activate(netcontrol_debug, 0);
}
global i: count = 0;
event connection_established(c: connection)
{
local id = c$id;
NetControl::drop_address_catch_release(id$orig_h);
# second one should be ignored because duplicate
NetControl::drop_address_catch_release(id$orig_h);
}
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
{
if ( p$plugin$name(p) != "plugin-1" )
return;
if ( ++i >= 6 )
return;
# delete directly, without notifying anything.
NetControl::delete_rule(r$id, "testing");
NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
}