From ad2361b7ac13a8935b7c2491a6cf324b7c8bae48 Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 27 May 2015 07:37:25 -0700 Subject: [PATCH] remove (disfunctional) notifications from pacf --- scripts/base/frameworks/pacf/main.bro | 95 +------------------ scripts/base/frameworks/pacf/plugin.bro | 18 +--- .../base/frameworks/pacf/plugins/debug.bro | 24 ----- .../base/frameworks/pacf/plugins/openflow.bro | 2 - .../frameworks/pacf/plugins/packetfilter.bro | 4 - scripts/base/frameworks/pacf/types.bro | 32 ------- .../.stdout | 4 +- .../base/frameworks/openflow/log-cluster.bro | 1 - 8 files changed, 7 insertions(+), 173 deletions(-) diff --git a/scripts/base/frameworks/pacf/main.bro b/scripts/base/frameworks/pacf/main.bro index abc50fe428..362a9a1ca8 100644 --- a/scripts/base/frameworks/pacf/main.bro +++ b/scripts/base/frameworks/pacf/main.bro @@ -57,10 +57,10 @@ export { ## Returns: The id of the inserted rule on succes and zero on failure. global shunt_flow: function(f: flow_id, t: interval, location: string &default="") : count; - ## Removes all rules and notifications for an entity. + ## Removes all rules for an entity. ## ## e: The entity. Note that this will be directly to entities of existing - ## notifications and notifications, which must match exactly field by field. + ## rules, which must match exactly field by field. global reset: function(e: Entity); ## Flushes all state. @@ -135,67 +135,6 @@ export { ## msg: An optional informational message by the plugin. global rule_error: event(r: Rule, p: PluginState, msg: string &default=""); - ## Installs a notification. - ## - ## n: The notification to install. - ## - ## Returns: If succesful, returns an ID string unique to the notification that can later - ## be used to refer to it. If unsuccessful, returns an empty string. The ID is also - ## assigned to ``r$id``. Note that "successful" means "a plugin knew how to handle - ## the notification", it doesn't necessarily mean that it was indeed successfully put in - ## place, because that might happen asynchronously and thus fail only later. - global add_notification: function(n: Notification) : string; - - ## Removes a notification. - ## - ## id: The notification to remove, specified as the ID returned by :bro:id:`add_notification` . - ## - ## Returns: True if succesful, the relevant plugin indicated that ity knew how - ## to handle the removal. Note that again "success" means the plugin accepted the - ## removal. They might still fail to put it into effect, as that might happen - ## asynchronously and thus go wrong at that point. - global remove_notification: function(id: count) : bool; - - ###### Asynchronous feedback on notifications. - - ## Confirms that a notification was put in place. - ## - ## n: The notification now in place. - ## - ## plugin: The name of the plugin that put it into place. - ## - ## msg: An optional informational message by the plugin. - global notification_added: event(n: Notification, p: PluginState, msg: string &default=""); - - ## Reports that a notification was removed due to a remove: function() call. - ## - ## n: The notification now removed. - ## - ## plugin: The name of the plugin that had the notification in place and now - ## removed it. - ## - ## msg: An optional informational message by the plugin. - global notification_removed: event(n: Notification, p: PluginState, msg: string &default=""); - - ## Reports that a notification was removed internally due to a timeout. - ## - ## n: The notification now removed. - ## - ## plugin: The name of the plugin that had the notification in place and now - ## removed it. - ## - ## msg: An optional informational message by the plugin. - global notification_timeout: event(n: Notification, p: PluginState); - - ## Reports an error when operating on a notification. - ## - ## n: The notification that encountered an error. - ## - ## plugin: The name of the plugin that reported the error. - ## - ## msg: An optional informational message by the plugin. - global notification_error: event(n: Notification, p: PluginState, msg: string &default=""); - ## Type of an entry in the PACF log. type InfoCategory: enum { ## A log entry reflecting a framework message. @@ -203,9 +142,7 @@ export { ## A log entry reflecting a framework message. ERROR, ## A log entry about about a rule. - RULE, - ## A log entry about about a notification. - NOTIFICATION + RULE }; ## State of an entry in the PACF log. @@ -472,29 +409,3 @@ event rule_error(r: Rule, p: PluginState, msg: string &default="") { log_rule_error(r, msg, p); } - -function add_notification(n: Notification) : string - { - print "Pacf::add_notification not implemented yet"; - } - -function remove_notification(id: count) : bool - { - print "Pacf::remove_notification not implemented yet"; - } - -event notification_added(n: Notification, p: PluginState, msg: string &default="") - { - } - -event notification_removed(n: Notification, p: PluginState, msg: string &default="") - { - } - -event notification_timeout(n: Notification, p: PluginState) - { - } - -event notification_error(n: Notification, p: PluginState, msg: string &default="") - { - } diff --git a/scripts/base/frameworks/pacf/plugin.bro b/scripts/base/frameworks/pacf/plugin.bro index 3e89ebd25d..501befed76 100644 --- a/scripts/base/frameworks/pacf/plugin.bro +++ b/scripts/base/frameworks/pacf/plugin.bro @@ -28,14 +28,13 @@ export { # events ``rule_{added,remove,error}`` to signal if it indeed worked out; # this is separate from accepting the operation because often a plugin # will only know later (i.e., asynchrously) if that was an error for - # something it thought it could handle. The same applies to notifications, - # with the corresponding ``notification_*`` events. + # something it thought it could handle. type Plugin: record { # Returns a descriptive name of the plugin instance, suitable for use in logging # messages. Note that this function is not optional. name: function(state: PluginState) : string; - ## If true, plugin can expire rules/notifications itself. If false, + ## If true, plugin can expire rules itself. If false, ## framework will manage rule expiration. can_expire: bool; @@ -60,19 +59,6 @@ export { # remove_rule(). remove_rule: function(state: PluginState, r: Rule) : bool &optional; - # Implements the add_notification() operation. If the plugin accepts the notification, - # it returns true, false otherwise. The notification will already have its - # ``id`` field set, which the plugin may use for identification - # purposes. - add_notification: function(state: PluginState, r: Notification) : bool &optional; - - # Implements the remove_notification() operation. This will only be called for - # notifications that the plugins has previously accepted with add_notification(). - # The ``id`` field will match that of the add_notification() call. Generally, - # a plugin that accepts an add_notification() should also accept the - # remove_notification(). - remove_notification: function(state: PluginState, r: Notification) : bool &optional; - # A transaction groups a number of operations. The plugin can add them internally # and postpone putting them into effect until committed. This allows to build a # configuration of multiple rules at once, including replaying a previous state. diff --git a/scripts/base/frameworks/pacf/plugins/debug.bro b/scripts/base/frameworks/pacf/plugins/debug.bro index 09fb87ef3f..f032a22a37 100644 --- a/scripts/base/frameworks/pacf/plugins/debug.bro +++ b/scripts/base/frameworks/pacf/plugins/debug.bro @@ -60,28 +60,6 @@ function debug_remove_rule(p: PluginState, r: Rule) : bool return T; } -function debug_add_notification(p: PluginState, r: Notification) : bool - { - local s = fmt("add_notification: %s", r); - debug_log(p, s); - - if ( do_something(p) ) - { - event Pacf::notification_added(r, p); - return T; - } - - return F; - } - -function debug_remove_notification(p: PluginState, r: Notification) : bool - { - local s = fmt("remove_notification: %s", r); - debug_log(p, s); - - return do_something(p); - } - function debug_transaction_begin(p: PluginState) { debug_log(p, "transaction_begin"); @@ -99,8 +77,6 @@ global debug_plugin = Plugin( $done = debug_done, $add_rule = debug_add_rule, $remove_rule = debug_remove_rule, - $add_notification = debug_add_notification, - $remove_notification = debug_remove_notification, $transaction_begin = debug_transaction_begin, $transaction_end = debug_transaction_end ); diff --git a/scripts/base/frameworks/pacf/plugins/openflow.bro b/scripts/base/frameworks/pacf/plugins/openflow.bro index d0acb398db..ba77af7922 100644 --- a/scripts/base/frameworks/pacf/plugins/openflow.bro +++ b/scripts/base/frameworks/pacf/plugins/openflow.bro @@ -390,8 +390,6 @@ global openflow_plugin = Plugin( # $done = openflow_done, $add_rule = openflow_add_rule, $remove_rule = openflow_remove_rule -# $add_notification = openflow_add_notification, -# $remove_notification = openflow_remove_notification, # $transaction_begin = openflow_transaction_begin, # $transaction_end = openflow_transaction_end ); diff --git a/scripts/base/frameworks/pacf/plugins/packetfilter.bro b/scripts/base/frameworks/pacf/plugins/packetfilter.bro index 116151eeb4..d2f2841790 100644 --- a/scripts/base/frameworks/pacf/plugins/packetfilter.bro +++ b/scripts/base/frameworks/pacf/plugins/packetfilter.bro @@ -102,10 +102,6 @@ global packetfilter_plugin = Plugin( # $done = packetfilter_done, $add_rule = packetfilter_add_rule, $remove_rule = packetfilter_remove_rule -# $add_notification = packetfilter_add_notification, -# $remove_notification = packetfilter_remove_notification, -# $transaction_begin = packetfilter_transaction_begin, -# $transaction_end = packetfilter_transaction_end ); function create_packetfilter() : PluginState diff --git a/scripts/base/frameworks/pacf/types.bro b/scripts/base/frameworks/pacf/types.bro index 723ac788c5..b76ab06d3c 100644 --- a/scripts/base/frameworks/pacf/types.bro +++ b/scripts/base/frameworks/pacf/types.bro @@ -115,37 +115,5 @@ export { byte_count: count &optional; ##< total bytes exchanged over connections matched by the rule }; - ## Type of notifications that the framework supports. Each type lists the - ## :bro:id:`Notification` argument(s) it uses, if any. - ## - ## Plugins may extend this type to define their own. - type NotificationType: enum { - ## Notify if threshold of packets has been reached by entity. - ## - ## i: Number of packets. - NUM_PACKETS, - - ## Notify if threshold of bytes has been reached by entity. - ## - ## i: Number of bytes. - NUM_BYTES, - }; - - ## A notification for the framework to raise when a condition has been reached. - ## Different than with rules, all matching conditions will be reported, not only - ## the first match. - type Notification: record { - ty: NotificationType; ##< Type of notification. - entity: Entity; ##< Entity to apply notification to. - expire: interval &optional; ##< Timeout after which to expire the notification. - src: string &optional; ##< Optional string describing where/what installed the notification. - - i: int; ##< Argument for notification types requiring an integer argument. - d: double; ##< Argument for notification types requiring a double argument. - s: string; ##< Argument for notification types requiring a string argument. - - id: count &default=0; ##< Internally determined unique ID for this notification. Will be set when added. - }; - } diff --git a/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/.stdout b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/.stdout index da1794833d..f9a3a61220 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/.stdout +++ b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/.stdout @@ -1,4 +1,4 @@ -pacf debug (Debug-All): add_rule: [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], expire=30.0 secs, priority=0, location=, c=, i=, d=, s=, mod=, id=2, _plugin_id=] -pacf debug (Debug-All): add_rule: [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], expire=15.0 secs, priority=0, location=, c=, i=, d=, s=, mod=, id=3, _plugin_id=] +pacf debug (Debug-All): add_rule: [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], expire=30.0 secs, priority=0, location=, c=, i=, d=, s=, mod=, id=2, _plugin_id=1] +pacf debug (Debug-All): add_rule: [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], expire=15.0 secs, priority=0, location=, c=, i=, d=, s=, mod=, id=3, _plugin_id=1] pacf debug (Debug-All): remove_rule: [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=, flow=, ip=10.10.1.4/32, mac=], expire=15.0 secs, priority=0, location=, c=, i=, d=, s=, mod=, id=3, _plugin_id=1] pacf debug (Debug-All): remove_rule: [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=, dst_m=], ip=, mac=], expire=30.0 secs, priority=0, location=, c=, i=, d=, s=, mod=, id=2, _plugin_id=1] diff --git a/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro b/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro index f015e20875..0859e18571 100644 --- a/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro +++ b/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro @@ -24,7 +24,6 @@ global of_controller: OpenFlow::Controller; event bro_init() { of_controller = OpenFlow::log_new(42); - #OpenFlow::flow_mod(of_controller, [], [$cookie=1, $command=OpenFlow::OFPFC_ADD, $actions=[$out_ports=vector(3, 7)]]); } event connection_established(c: connection)