Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Extend NetControl logging and fix bugs.

Browse source 
Netcontrol log now includes more information; before that, it had not
quite caught up to the new capabilities (like flow modifying and
redirection, as well as mac addresses).

Furthermore, this fixes a number of bugs with cluster mode (like
duplicate events), test failures due to updates in Bro, etc.
This commit is contained in:
Johanna Amann 2016-02-11 19:45:30 -08:00
parent 9f3c0c9bb4
commit a38327bd08
38 changed files with 466 additions and 267 deletions
Download patch file Download diff file Expand all files Collapse all files

12
testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/recv.recv.out
View file

@ -1,7 +1,7 @@
BrokerComm::incoming_connection_established
add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=<uninitialized>, dst_h=74.53.140.153/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_id=1], [command=blockhosthost, cookie=2, arg=10.10.1.4 74.53.140.153, comment=here]
add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_id=1], [command=droptcpport, cookie=3, arg=25, comment=here]
add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_id=1], [command=drop, cookie=4, arg=10.10.1.4/32, comment=]
remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=<uninitialized>, dst_h=74.53.140.153/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_id=1], [command=restorehosthost, cookie=2, arg=10.10.1.4 74.53.140.153, comment=here]
remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_id=1], [command=restoretcpport, cookie=3, arg=25, comment=here]
remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_id=1], [command=restore, cookie=4, arg=10.10.1.4/32, comment=]
add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_id=1], [command=blockhosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here]
add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=there, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_id=1], [command=droptcpport, cookie=3, arg=443, comment=there]
add_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_id=1], [command=drop, cookie=4, arg=192.168.18.50/32, comment=]
remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_id=1], [command=restorehosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here]
remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=there, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_id=1], [command=restoretcpport, cookie=3, arg=443, comment=there]
remove_rule, 0, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_id=1], [command=restore, cookie=4, arg=192.168.18.50/32, comment=]

12
testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/send.send.out
View file

@ -1,7 +1,7 @@
BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=<uninitialized>, dst_h=74.53.140.153/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_id=1]
rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_id=1]
rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_id=1]
rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=<uninitialized>, dst_h=74.53.140.153/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_id=1]
rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_id=1]
rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_id=1]
rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_id=1]
rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=there, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_id=1]
rule added, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_id=1]
rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=here, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_id=1]
rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=there, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_id=1]
rule removed, [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_id=1]