Merge remote-tracking branch 'origin/master' into topic/johanna/tls-more-data

testing/btest/scripts/base/files/data_event/basic.bro

@@ -0,0 +1,20 @@
+# Just a very basic test to check if ANALYZER_DATA_EVENT works.
+# Also check if "in" works with binary data.
+# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+# @TEST-EXEC: btest-diff .stderr
+
+event stream_data(f: fa_file, data: string)
+	{
+	if ( "Windows" in data )
+		{
+		print "Found";
+		}
+	}
+
+event file_new (f: fa_file)
+	{
+	Files::add_analyzer(f, Files::ANALYZER_DATA_EVENT,
+		[$stream_event=stream_data]);
+	}
+

testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test

@@ -0,0 +1,31 @@
+# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event bro_init()
+	{
+	Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");
+	}
+
+event x509_ocsp_ext_signed_certificate_timestamp(f: fa_file, version: count, logid: string, timestamp: count, hash_algorithm: count, signature_algorithm: count, signature: string)
+	{
+	print version, SSL::ct_logs[logid]$description, double_to_time(timestamp/1000.0), hash_algorithm, signature_algorithm;
+
+	if ( |f$conns| != 1 )
+		return;
+
+	for ( cid in f$conns )
+		{
+		if ( ! f$conns[cid]?$ssl )
+			return;
+
+		local c = f$conns[cid];
+		}
+
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 || ! c$ssl$cert_chain[0]?$x509 )
+		return;
+
+	local cert = c$ssl$cert_chain[0]$x509$handle;
+
+	print "Verify of", SSL::ct_logs[logid]$description, sct_verify(cert, logid, SSL::ct_logs[logid]$key, signature, timestamp, hash_algorithm);
+	print "Bad verify of", SSL::ct_logs[logid]$description, sct_verify(cert, logid, SSL::ct_logs[logid]$key, signature, timestamp+1, hash_algorithm);
+	}

testing/btest/scripts/base/frameworks/cluster/custom_pool_exclusivity.bro

@@ -0,0 +1,114 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-2   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
+# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-diff manager-1/.stdout
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1"],
+	["proxy-2"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1"],
+	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
+};
+@TEST-END-FILE
+
+global my_pool_spec: Cluster::PoolSpec =
+		Cluster::PoolSpec(
+			$topic = "bro/cluster/pool/my_pool",
+			$node_type = Cluster::PROXY
+			);
+
+global my_pool: Cluster::Pool;
+
+redef Cluster::proxy_pool_spec =
+		Cluster::PoolSpec(
+			$topic = "bro/cluster/pool/proxy",
+			$node_type = Cluster::PROXY,
+			$exclusive = T,
+			$max_nodes = 1 
+			);
+
+event bro_init()
+	{
+	my_pool = Cluster::register_pool(my_pool_spec);
+	}
+
+global proxy_count = 0;
+
+event go_away()
+	{
+	terminate();
+	}
+
+function print_stuff(heading: string)
+	{
+	print heading;
+
+	local v: vector of count = vector(0, 1, 2, 3, 13, 37, 42, 101);
+
+	for ( i in v )
+		{
+		print "hrw", v[i], Cluster::hrw_topic(Cluster::proxy_pool, v[i]);
+		print "hrw (custom pool)", v[i], Cluster::hrw_topic(my_pool, v[i]);
+		}
+
+	local rr_key = "test";
+
+	for ( i in v )
+		{
+		print "rr", Cluster::rr_topic(Cluster::proxy_pool, rr_key);
+		print "rr (custom pool)", Cluster::rr_topic(my_pool, rr_key);
+		}
+
+	# Just checking the same keys still map to same topic ...
+	for ( i in v )
+		{
+		print "hrw", v[i], Cluster::hrw_topic(Cluster::proxy_pool, v[i]);
+		print "hrw (custom pool)", v[i], Cluster::hrw_topic(my_pool, v[i]);
+		}
+	}
+
+event Cluster::node_up(name: string, id: string)
+	{
+	if ( Cluster::node != "manager-1" )
+		return;
+
+	if ( name == "proxy-1" || name == "proxy-2" )
+		++proxy_count;
+
+	if ( proxy_count == 2 )	
+		{
+		print_stuff("1st stuff");
+		local e = Broker::make_event(go_away);
+		Broker::publish(Cluster::node_topic("proxy-1"), e);
+		}
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	if ( Cluster::node != "manager-1" )
+		return;
+
+	if ( name == "proxy-1" )
+		{
+		print_stuff("2nd stuff");
+		local e = Broker::make_event(go_away);
+		Broker::publish(Cluster::node_topic("proxy-2"), e);
+		}
+
+	if ( name == "proxy-2" )
+		{
+		print_stuff("no stuff");
+		terminate();
+		}
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	if ( name == "manager-1" )
+		terminate();
+	}

testing/btest/scripts/base/frameworks/cluster/custom_pool_limits.bro

@@ -0,0 +1,114 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-2   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
+# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-diff manager-1/.stdout
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1"],
+	["proxy-2"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1"],
+	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
+};
+@TEST-END-FILE
+
+global my_pool_spec: Cluster::PoolSpec =
+		Cluster::PoolSpec(
+			$topic = "bro/cluster/pool/my_pool",
+			$node_type = Cluster::PROXY
+			);
+
+global my_pool: Cluster::Pool;
+
+redef Cluster::proxy_pool_spec =
+		Cluster::PoolSpec(
+			$topic = "bro/cluster/pool/proxy",
+			$node_type = Cluster::PROXY,
+			$exclusive = F,
+			$max_nodes = 1 
+			);
+
+event bro_init()
+	{
+	my_pool = Cluster::register_pool(my_pool_spec);
+	}
+
+global proxy_count = 0;
+
+event go_away()
+	{
+	terminate();
+	}
+
+function print_stuff(heading: string)
+	{
+	print heading;
+
+	local v: vector of count = vector(0, 1, 2, 3, 13, 37, 42, 101);
+
+	for ( i in v )
+		{
+		print "hrw", v[i], Cluster::hrw_topic(Cluster::proxy_pool, v[i]);
+		print "hrw (custom pool)", v[i], Cluster::hrw_topic(my_pool, v[i]);
+		}
+
+	local rr_key = "test";
+
+	for ( i in v )
+		{
+		print "rr", Cluster::rr_topic(Cluster::proxy_pool, rr_key);
+		print "rr (custom pool)", Cluster::rr_topic(my_pool, rr_key);
+		}
+
+	# Just checking the same keys still map to same topic ...
+	for ( i in v )
+		{
+		print "hrw", v[i], Cluster::hrw_topic(Cluster::proxy_pool, v[i]);
+		print "hrw (custom pool)", v[i], Cluster::hrw_topic(my_pool, v[i]);
+		}
+	}
+
+event Cluster::node_up(name: string, id: string)
+	{
+	if ( Cluster::node != "manager-1" )
+		return;
+
+	if ( name == "proxy-1" || name == "proxy-2" )
+		++proxy_count;
+
+	if ( proxy_count == 2 )	
+		{
+		print_stuff("1st stuff");
+		local e = Broker::make_event(go_away);
+		Broker::publish(Cluster::node_topic("proxy-1"), e);
+		}
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	if ( Cluster::node != "manager-1" )
+		return;
+
+	if ( name == "proxy-1" )
+		{
+		print_stuff("2nd stuff");
+		local e = Broker::make_event(go_away);
+		Broker::publish(Cluster::node_topic("proxy-2"), e);
+		}
+
+	if ( name == "proxy-2" )
+		{
+		print_stuff("no stuff");
+		terminate();
+		}
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	if ( name == "manager-1" )
+		terminate();
+	}

testing/btest/scripts/base/frameworks/cluster/log_distribution.bro

@@ -0,0 +1,78 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run logger-1 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run logger-2 BROPATH=$BROPATH:.. CLUSTER_NODE=logger-2 bro %INPUT
+# @TEST-EXEC: btest-bg-run manager BROPATH=$BROPATH:.. CLUSTER_NODE=manager bro %INPUT
+# @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
+# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-diff logger-1/test.log
+# @TEST-EXEC: btest-diff logger-2/test.log
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::manager_is_logger = F;
+
+redef Cluster::nodes = {
+    ["manager"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+    ["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37760/tcp, $manager="manager", $interface="eth0"],
+    ["logger-1"] = [$node_type=Cluster::LOGGER,   $ip=127.0.0.1, $p=37762/tcp, $manager="manager"],
+    ["logger-2"] = [$node_type=Cluster::LOGGER,   $ip=127.0.0.1, $p=37763/tcp, $manager="manager"]
+};
+
+@TEST-END-FILE
+
+redef Log::default_rotation_interval = 0sec;
+
+module Test;
+redef enum Log::ID += { LOG };
+
+type Info: record {
+	num: count &log;
+};
+
+event bro_init() &priority=5
+	{
+	Log::create_stream(Test::LOG, [$columns=Info, $path="test"]);
+	}
+
+global peer_count = 0;
+global c = 0;
+
+event go_away()
+	{
+	terminate();
+	}
+
+event do_count()
+	{
+	Log::write(Test::LOG, [$num = ++c]);
+
+	if ( c == 100 )
+		{
+		Broker::flush_logs();
+		schedule 2sec { go_away() };
+		}
+	else
+		schedule 0.01sec { do_count() };
+	}
+
+event Cluster::node_up(name: string, id: string)
+	{
+	print "node_up", name;
+	++peer_count;
+
+	if ( Cluster::node == "worker-1" && peer_count == 3 )
+		{
+		Cluster::logger_pool$rr_key_seq["Cluster::rr_log_topic"] = 0;
+		schedule 0.25sec { do_count() };
+		}
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	print "node_down", name;
+	--peer_count;
+
+	if ( name == "worker-1" )
+		schedule 2sec { go_away() };
+	}
+

testing/btest/scripts/base/frameworks/cluster/start-it-up-logger.bro

@@ -1,16 +1,13 @@
 # @TEST-SERIALIZE: comm
 #
-# @TEST-EXEC: btest-bg-run logger-1  CLUSTER_NODE=logger-1 BROPATH=$BROPATH:.. bro %INPUT
-# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run logger-1  CLUSTER_NODE=logger-1  BROPATH=$BROPATH:.. bro %INPUT
 # @TEST-EXEC: btest-bg-run manager-1 CLUSTER_NODE=manager-1 BROPATH=$BROPATH:.. bro %INPUT
-# @TEST-EXEC: sleep 1
-# @TEST-EXEC: btest-bg-run proxy-1   CLUSTER_NODE=proxy-1 BROPATH=$BROPATH:.. bro %INPUT
-# @TEST-EXEC: btest-bg-run proxy-2   CLUSTER_NODE=proxy-2 BROPATH=$BROPATH:.. bro %INPUT
-# @TEST-EXEC: sleep 1
-# @TEST-EXEC: btest-bg-run worker-1  CLUSTER_NODE=worker-1 BROPATH=$BROPATH:.. bro %INPUT
-# @TEST-EXEC: btest-bg-run worker-2  CLUSTER_NODE=worker-2 BROPATH=$BROPATH:.. bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-1   CLUSTER_NODE=proxy-1   BROPATH=$BROPATH:.. bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-2   CLUSTER_NODE=proxy-2   BROPATH=$BROPATH:.. bro %INPUT
+# @TEST-EXEC: btest-bg-run worker-1  CLUSTER_NODE=worker-1  BROPATH=$BROPATH:.. bro %INPUT
+# @TEST-EXEC: btest-bg-run worker-2  CLUSTER_NODE=worker-2  BROPATH=$BROPATH:.. bro %INPUT
 # @TEST-EXEC: btest-bg-wait 30
-# @TEST-EXEC: btest-diff logger-1/.stdout
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff logger-1/.stdout
 # @TEST-EXEC: btest-diff manager-1/.stdout
 # @TEST-EXEC: btest-diff proxy-1/.stdout
 # @TEST-EXEC: btest-diff proxy-2/.stdout
@@ -21,56 +18,69 @@
 redef Cluster::manager_is_logger = F;
 redef Cluster::nodes = {
 	["logger-1"] = [$node_type=Cluster::LOGGER,   $ip=127.0.0.1, $p=37757/tcp],
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37758/tcp, $logger="logger-1", $workers=set("worker-1")],
-	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37759/tcp, $logger="logger-1", $manager="manager-1", $workers=set("worker-1")],
-	["proxy-2"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37760/tcp, $logger="logger-1", $manager="manager-1", $workers=set("worker-2")],
-	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37761/tcp, $logger="logger-1", $manager="manager-1", $proxy="proxy-1", $interface="eth0"],
-	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37762/tcp, $logger="logger-1", $manager="manager-1", $proxy="proxy-2", $interface="eth1"],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37758/tcp],
+	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1"],
+	["proxy-2"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1"],
+	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37762/tcp, $manager="manager-1", $interface="eth1"],
 };
 @TEST-END-FILE
 
-global fully_connected: event();
-
 global peer_count = 0;
 
 global fully_connected_nodes = 0;
 
-event fully_connected()
+event fully_connected(n: string)
 	{
 	++fully_connected_nodes;
+
 	if ( Cluster::node == "logger-1" )
 		{
+		print "got fully_connected event from", n;
+
 		if ( peer_count == 5 && fully_connected_nodes == 5 )
-			terminate_communication();
+			{
+			print "termination condition met: shutting down";
+			terminate();
+			}
+		}
+	else
+		{
+		print "sent fully_connected event";
 		}
 	}
 
-redef Cluster::worker2logger_events += /fully_connected/;
-redef Cluster::proxy2logger_events += /fully_connected/;
-redef Cluster::manager2logger_events += /fully_connected/;
+event bro_init()
+	{
+	Broker::auto_publish(Cluster::logger_topic, fully_connected);
+	}
 
-event remote_connection_handshake_done(p: event_peer)
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print "Connected to a peer";
 	++peer_count;
+
 	if ( Cluster::node == "logger-1" )
 		{
 		if ( peer_count == 5 && fully_connected_nodes == 5 )
-			terminate_communication();
+			{
+			print "termination condition met: shutting down";
+			terminate();
+			}
 		}
 	else if ( Cluster::node == "manager-1" )
 		{
 		if ( peer_count == 5 )
-			event fully_connected();
+			event fully_connected(Cluster::node);
 		}
 	else
 		{
-		if ( peer_count == 3 )
-			event fully_connected();
+		if ( peer_count == 4 )
+			event fully_connected(Cluster::node);
 		}
 	}
 
-event remote_connection_closed(p: event_peer)
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	terminate();
 	}

testing/btest/scripts/base/frameworks/cluster/start-it-up.bro

@@ -1,14 +1,12 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
-# @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-2   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
-# @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
 # @TEST-EXEC: btest-bg-wait 30
-# @TEST-EXEC: btest-diff manager-1/.stdout
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout
 # @TEST-EXEC: btest-diff proxy-1/.stdout
 # @TEST-EXEC: btest-diff proxy-2/.stdout
 # @TEST-EXEC: btest-diff worker-1/.stdout
@@ -16,11 +14,11 @@
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1")],
-	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1", $workers=set("worker-1")],
-	["proxy-2"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1", $workers=set("worker-2")],
-	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth0"],
-	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $proxy="proxy-2", $interface="eth1"],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1"],
+	["proxy-2"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1"],
+	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
 };
 @TEST-END-FILE
 
@@ -32,34 +30,42 @@ global fully_connected_nodes = 0;
 
 event fully_connected()
 	{
+	if ( ! is_remote_event() )
+		return;
+
+	print "Got fully_connected event";
 	fully_connected_nodes = fully_connected_nodes + 1;
+
 	if ( Cluster::node == "manager-1" )
 		{
 		if ( peer_count == 4 && fully_connected_nodes == 4 )
-			terminate_communication();
+			terminate();
 		}
 	}
 
-redef Cluster::worker2manager_events += /fully_connected/;
-redef Cluster::proxy2manager_events += /fully_connected/;
+event bro_init()
+	{
+	Broker::auto_publish(Cluster::manager_topic, fully_connected);
+	}
 
-event remote_connection_handshake_done(p: event_peer)
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	print "Connected to a peer";
 	peer_count = peer_count + 1;
+
 	if ( Cluster::node == "manager-1" )
 		{
 		if ( peer_count == 4 && fully_connected_nodes == 4 )
-			terminate_communication();
+			terminate();
 		}
 	else
 		{
-		if ( peer_count == 2 )
+		if ( peer_count == 3 )
 			event fully_connected();
 		}
 	}
 
-event remote_connection_closed(p: event_peer)
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	terminate();
 	}

testing/btest/scripts/base/frameworks/cluster/topic_distribution.bro

@@ -0,0 +1,84 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-2   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
+# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-diff manager-1/.stdout
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1"],
+	["proxy-2"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1"],
+	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
+};
+@TEST-END-FILE
+
+global proxy_count = 0;
+
+event go_away()
+	{
+	terminate();
+	}
+
+function print_stuff(heading: string)
+	{
+	print heading;
+
+	local v: vector of count = vector(0, 1, 2, 3, 13, 37, 42, 101);
+
+	for ( i in v )
+		print "hrw", v[i], Cluster::hrw_topic(Cluster::proxy_pool, v[i]);
+
+	local rr_key = "test";
+
+	for ( i in v )
+		print "rr", Cluster::rr_topic(Cluster::proxy_pool, rr_key);
+
+	# Just checking the same keys still map to same topic ...
+	for ( i in v )
+		print "hrw", v[i], Cluster::hrw_topic(Cluster::proxy_pool, v[i]);
+	}
+
+event Cluster::node_up(name: string, id: string)
+	{
+	if ( Cluster::node != "manager-1" )
+		return;
+
+	if ( name == "proxy-1" || name == "proxy-2" )
+		++proxy_count;
+
+	if ( proxy_count == 2 )	
+		{
+		print_stuff("1st stuff");
+		local e = Broker::make_event(go_away);
+		Broker::publish(Cluster::node_topic("proxy-1"), e);
+		}
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	if ( Cluster::node != "manager-1" )
+		return;
+
+	if ( name == "proxy-1" )
+		{
+		print_stuff("2nd stuff");
+		local e = Broker::make_event(go_away);
+		Broker::publish(Cluster::node_topic("proxy-2"), e);
+		}
+
+	if ( name == "proxy-2" )
+		{
+		print_stuff("no stuff");
+		terminate();
+		}
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	if ( name == "manager-1" )
+		terminate();
+	}

testing/btest/scripts/base/frameworks/cluster/topic_distribution_bifs.bro

@@ -0,0 +1,95 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-2   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-2 bro %INPUT
+# @TEST-EXEC: btest-bg-wait 30
+# @TEST-EXEC: btest-diff manager-1/.stdout
+# @TEST-EXEC: btest-diff proxy-1/.stdout
+# @TEST-EXEC: btest-diff proxy-2/.stdout
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1"],
+	["proxy-2"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1"],
+	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
+};
+@TEST-END-FILE
+
+global proxy_count = 0;
+global q = 0;
+
+event go_away()
+	{
+	terminate();
+	}
+
+event distributed_event_hrw(c: count)
+	{
+	print "got distributed event hrw", c;
+	}
+
+event distributed_event_rr(c: count)
+	{
+	print "got distributed event rr", c;
+	}
+
+function send_stuff(heading: string)
+	{
+	print heading;
+
+	local v: vector of count = vector(0, 1, 2, 3, 13, 37, 42, 101);
+
+	for ( i in v )
+		print "hrw", v[i], Cluster::publish_hrw(Cluster::proxy_pool, v[i],
+												distributed_event_hrw, v[i]);
+
+	local rr_key = "test";
+
+	for ( i in v )
+		print "rr", Cluster::publish_rr(Cluster::proxy_pool, rr_key,
+										distributed_event_rr, v[i]);
+	}
+
+event Cluster::node_up(name: string, id: string)
+	{
+	if ( Cluster::node != "manager-1" )
+		return;
+
+	if ( name == "proxy-1" || name == "proxy-2" )
+		++proxy_count;
+
+	if ( proxy_count == 2 )	
+		{
+		send_stuff("1st stuff");
+		local e = Broker::make_event(go_away);
+		Broker::publish(Cluster::node_topic("proxy-1"), e);
+		}
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	if ( Cluster::node != "manager-1" )
+		return;
+
+	if ( name == "proxy-1" )
+		{
+		send_stuff("2nd stuff");
+		local e = Broker::make_event(go_away);
+		Broker::publish(Cluster::node_topic("proxy-2"), e);
+		}
+
+	if ( name == "proxy-2" )
+		{
+		send_stuff("no stuff");
+		terminate();
+		}
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	if ( name == "manager-1" )
+		terminate();
+	}

testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro

@@ -1,42 +0,0 @@
-# @TEST-SERIALIZE: comm
-#
-# @TEST-EXEC: btest-bg-run receiver bro -b ../receiver.bro
-# @TEST-EXEC: btest-bg-run sender   bro -b ../sender.bro
-# @TEST-EXEC: btest-bg-wait -k 10
-#
-# Don't diff the receiver log just because port is always going to change
-# @TEST-EXEC: egrep -v 'CPU|bytes|pid|socket buffer size' sender/communication.log >send.log
-# @TEST-EXEC: btest-diff send.log
-
-@TEST-START-FILE sender.bro
-
-@load base/frameworks/communication/main
-
-redef Communication::nodes += {
-    ["foo"] = [$host = 127.0.0.1, $events = /NOTHING/, $connect=T]
-};
-
-event remote_connection_handshake_done(p: event_peer)
-	{
-	terminate_communication();
-	}
-
-event remote_connection_closed(p: event_peer)
-	{
-	terminate();
-	}
-
-@TEST-END-FILE
-
-#############
-
-@TEST-START-FILE receiver.bro
-
-@load frameworks/communication/listen
-
-event remote_connection_closed(p: event_peer)
-	{
-	terminate();
-	}
-
-@TEST-END-FILE

testing/btest/scripts/base/frameworks/config/basic.bro

@@ -0,0 +1,57 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff bro/config.log
+# @TEST-EXEC: btest-diff bro/.stderr
+
+@load base/frameworks/config
+@load base/protocols/conn
+
+redef exit_only_after_terminate = T;
+redef Config::config_files += {"../configfile"};
+
+@TEST-START-FILE configfile
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testporttcp 42/tcp
+testportudp 42/udp
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,6
+test_set 
+test_set -
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testporttcp = 40/udp;
+	option testportudp = 40/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	if ( sub_bytes(name, 1,  7) != "config-" )
+		return;
+
+	terminate();
+	}

testing/btest/scripts/base/frameworks/config/basic_cluster.bro

@@ -0,0 +1,81 @@
+# @TEST-SERIALIZE: comm
+# 
+# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
+# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-diff manager-1/.stdout
+# @TEST-EXEC: btest-diff worker-1/.stdout
+# @TEST-EXEC: btest-diff worker-2/.stdout
+# @TEST-EXEC: btest-diff manager-1/config.log
+
+@load base/frameworks/config
+
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
+};
+@TEST-END-FILE
+
+redef Log::default_rotation_interval = 0secs;
+
+export {
+	option testport = 42/tcp;
+	option teststring = "a";
+}
+
+global n = 0;
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	terminate();
+	}
+
+global ready_for_data: event();
+
+event bro_init()
+	{
+	Broker::auto_publish(Cluster::worker_topic, ready_for_data);
+	}
+
+@if ( Cluster::node == "worker-1" )
+event ready_for_data()
+	{
+	Config::set_value("testport", 44/tcp);
+	Config::set_value("teststring", "b", "comment");
+	}
+@endif
+
+event die()
+	{
+	terminate();
+	}
+
+function option_changed(ID: string, new_value: any, location: string): any
+	{
+	print "option changed", ID, new_value, location;
+	schedule 5sec { die() };
+	return new_value;
+	}
+
+event bro_init() &priority=5
+	{
+	Option::set_change_handler("testport", option_changed, -100);
+	Option::set_change_handler("teststring", option_changed, -100);
+	}
+
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
+
+global peer_count = 0;
+event Cluster::node_up(name: string, id: string)
+	{
+	++peer_count;
+	if ( peer_count == 2 )
+		event ready_for_data();
+	}
+
+@endif

testing/btest/scripts/base/frameworks/config/cluster_resend.bro

@@ -0,0 +1,107 @@
+# @TEST-SERIALIZE: comm
+# 
+# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
+# @TEST-EXEC: sleep 15
+# @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
+# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-diff manager-1/.stdout
+# @TEST-EXEC: btest-diff worker-1/.stdout
+# @TEST-EXEC: btest-diff worker-2/.stdout
+# @TEST-EXEC: btest-diff manager-1/config.log
+
+# In this test we check if values get updated on a worker, even if they were set before the
+# worker is present.
+
+@load base/frameworks/config
+
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
+};
+@TEST-END-FILE
+
+redef Log::default_rotation_interval = 0secs;
+
+export {
+	option testport = 42/tcp;
+	option teststring = "a";
+	option testcount: count = 0;
+}
+
+global n = 0;
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	terminate();
+	}
+
+global ready_for_data: event();
+
+event bro_init()
+	{
+	Broker::auto_publish(Cluster::worker_topic, ready_for_data);
+	}
+
+@if ( Cluster::node == "worker-1" )
+event ready_for_data()
+	{
+	Config::set_value("testport", 44/tcp);
+	Config::set_value("teststring", "b", "comment");
+	}
+@endif
+
+@if ( Cluster::node == "manager-1" )
+event ready_for_data()
+	{
+	Config::set_value("testcount", 1);
+	}
+@endif
+
+event die()
+	{
+	terminate();
+	}
+
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
+event Cluster::node_up(name: string, id: string)
+	{
+		print "Node up", name;
+		if ( name == "worker-2" )
+		schedule 5sec { die() };
+	}
+@endif
+
+function option_changed(ID: string, new_value: any, location: string): any
+	{
+	print "option changed", ID, new_value, location;
+	return new_value;
+	}
+
+event bro_init() &priority=5
+	{
+	Option::set_change_handler("testport", option_changed, -100);
+	Option::set_change_handler("teststring", option_changed, -100);
+	Option::set_change_handler("testcount", option_changed, -100);
+	}
+
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
+
+global peer_count = 0;
+event Cluster::node_up(name: string, id: string) &priority=-5
+	{
+	++peer_count;
+	if ( peer_count == 1 )
+		event ready_for_data();
+	}
+
+@endif
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	terminate();
+	}

testing/btest/scripts/base/frameworks/config/read_config.bro

@@ -0,0 +1,57 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff bro/config.log
+
+@load base/frameworks/config
+@load base/protocols/conn
+
+redef exit_only_after_terminate = T;
+redef InputConfig::empty_field = "(empty)";
+
+@TEST-START-FILE configfile
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,6
+test_set (empty)
+test_set -
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	if ( sub_bytes(name, 1,  7) != "config-" )
+		return;
+
+	terminate();
+	}
+
+event bro_init()
+	{
+	Config::read_config("../configfile");
+	}

testing/btest/scripts/base/frameworks/config/read_config_cluster.bro

@@ -0,0 +1,104 @@
+# @TEST-SERIALIZE: comm
+# 
+# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
+# @TEST-EXEC: btest-bg-wait 15
+# @TEST-EXEC: btest-diff manager-1/.stdout
+# @TEST-EXEC: btest-diff worker-1/.stdout
+# @TEST-EXEC: btest-diff worker-2/.stdout
+# @TEST-EXEC: btest-diff manager-1/config.log
+
+@load base/frameworks/config
+
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
+};
+@TEST-END-FILE
+
+@TEST-START-FILE configfile
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,6
+test_set (empty)
+test_set -
+test_set_full 1,3,4,5,6,7
+@TEST-END-FILE
+
+redef Log::default_rotation_interval = 0secs;
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_set_full: set[count] = {1, 2, 3, 7, 10, 15};
+	option test_vector: vector of count = {};
+}
+
+event bro_init()
+	{
+	Config::read_config("../configfile");
+	}
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	terminate();
+	}
+
+function option_changed(ID: string, new_value: any, location: string): any
+	{
+	print "option changed", ID, new_value, location;
+	return new_value;
+	}
+
+event bro_init() &priority=5
+	{
+	Option::set_change_handler("testport", option_changed, -100);
+	Option::set_change_handler("teststring", option_changed, -100);
+	}
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	terminate();
+	}
+
+@if ( Cluster::is_enabled() && Cluster::local_node_type() == Cluster::MANAGER )
+event die()
+	{
+	terminate();
+	}
+
+event Cluster::node_up(name: string, id: string)
+	{
+	schedule 10sec { die() };
+	}
+@endif
+
+module Config;
+
+event Config::cluster_set_option(ID: string, val: any, location: string) &priority=-10
+	{
+	print "cluster_set_option", ID, val, location;
+	}

testing/btest/scripts/base/frameworks/config/several-files.bro

@@ -0,0 +1,57 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | grep -v ^# | $SCRIPTS/diff-sort" btest-diff bro/config.log
+
+@load base/frameworks/config
+@load base/protocols/conn
+
+redef exit_only_after_terminate = T;
+redef Config::config_files += {"../configfile1", "../configfile2"};
+
+@TEST-START-FILE configfile1
+testbool F
+testcount 2
+testint		-1
+testenum Conn::LOG
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,6
+@TEST-END-FILE
+
+@TEST-START-FILE configfile2
+testport 45
+testaddr 127.0.0.1
+testinterval 60
+testtime 1507321987
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+}
+
+global ct = 0;
+
+event Input::end_of_data(name: string, source: string)
+	{
+	if ( sub_bytes(name, 1, 7) != "config-" )
+		return;
+
+	++ct;
+
+	# Exit after this event has been raised for each config file.
+	if ( ct == 2 )
+		terminate();
+
+	}

testing/btest/scripts/base/frameworks/config/updates.bro

@@ -0,0 +1,114 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 10 || (btest-bg-wait -k 1 && false)
+# @TEST-EXEC: mv configfile2 configfile
+# @TEST-EXEC: touch configfile
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 10 || (btest-bg-wait -k 1 && false)
+# @TEST-EXEC: mv configfile3 configfile
+# @TEST-EXEC: touch configfile
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 10 || (btest-bg-wait -k 1 && false)
+# @TEST-EXEC: mv configfile4 configfile
+# @TEST-EXEC: touch configfile
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff bro/config.log
+
+@load base/frameworks/config
+@load base/protocols/conn
+
+redef exit_only_after_terminate = T;
+redef Config::config_files += {"../configfile"};
+
+@TEST-START-FILE configfile
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,6
+@TEST-END-FILE
+
+@TEST-START-FILE configfile2
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,9
+@TEST-END-FILE
+
+@TEST-START-FILE configfile3
+testbool F
+testcount    2
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+@TEST-END-FILE
+
+@TEST-START-FILE configfile4
+testbool F
+testcount    2
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testinterval 60
+testtime 1507321987
+test_set a,b,c,d,erdbeerschnitzel
+test_vector 1,2,3,4,5,9
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+}
+
+global eolcount = 0;
+
+event Input::end_of_data(name: string, source:string)
+	{
+	print "eod";
+	if ( sub_bytes(name, 1,  7) != "config-" )
+		return;
+
+	eolcount += 1;
+
+	if ( eolcount == 1 )
+		system("touch got1");
+	else if ( eolcount == 2 )
+		system("touch got2");
+	else if ( eolcount == 3 )
+		system("touch got3");
+	else if ( eolcount == 4 )
+		terminate();
+	}

testing/btest/scripts/base/frameworks/control/configuration_update.bro

@@ -1,18 +1,10 @@
 # @TEST-SERIALIZE: comm
 #
-# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65531/tcp 
-# @TEST-EXEC: sleep 5
-# @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=configuration_update
-# @TEST-EXEC: sleep 5
-# @TEST-EXEC: btest-bg-run controller2 BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=shutdown
+# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro -Bbroker %INPUT frameworks/control/controllee Broker::default_port=65531/tcp
+# @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro -Bbroker %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=configuration_update
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff controllee/.stdout
 
-redef Communication::nodes = {
-	# We're waiting for connections from this host for control.
-	["control"] = [$host=127.0.0.1, $class="control", $events=Control::controller_events],
-};
-
 const test_var = "ORIGINAL VALUE (this should be printed out first)" &redef;
 
 @TEST-START-FILE test-redef.bro
@@ -22,9 +14,26 @@ redef test_var = "NEW VALUE (this should be printed out second)";
 event bro_init()
 	{
 	print test_var;
+	Reporter::info("handle bro_init");
 	}
 	
 event bro_done()
 	{
 	print test_var;
+	Reporter::info("handle bro_done");
+	}
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	terminate();
+	}
+
+event Control::configuration_update_request()
+	{
+	Reporter::info("handle Control::configuration_update_request");
+	}
+
+event Control::configuration_update_response()
+	{
+	Reporter::info("handle Control::configuration_update_response");
 	}

testing/btest/scripts/base/frameworks/control/id_value.bro

@@ -1,15 +1,10 @@
 # @TEST-SERIALIZE: comm
 #
-# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port=65532/tcp 
+# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Broker::default_port=65532/tcp
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65532/tcp Control::cmd=id_value Control::arg=test_var
 # @TEST-EXEC: btest-bg-wait -k 10
 # @TEST-EXEC: btest-diff controller/.stdout
 
-redef Communication::nodes = {
-	# We're waiting for connections from this host for control.
-	["control"] = [$host=127.0.0.1, $class="control", $events=Control::controller_events],
-};
-
 # This value shouldn't ever be printed to the controllers stdout.
 const test_var = "Original value" &redef;
 
@@ -19,8 +14,13 @@ const test_var = "Original value" &redef;
 redef test_var = "This is the value from the controllee";
 @TEST-END-FILE
 
+event die()
+	{
+	terminate();
+	}
+
 event Control::id_value_response(id: string, val: string)
 	{
 	print fmt("Got an id_value_response(%s, %s) event", id, val);
-	terminate();
+	schedule 2sec { die() };
 	}

testing/btest/scripts/base/frameworks/control/shutdown.bro

@@ -1,10 +1,6 @@
 # @TEST-SERIALIZE: comm
 #
-# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65530/tcp 
+# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Broker::default_port=65530/tcp
 # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65530/tcp Control::cmd=shutdown
 # @TEST-EXEC: btest-bg-wait 10
 
-redef Communication::nodes = {
-	# We're waiting for connections from this host for control.
-	["control"] = [$host=127.0.0.1, $class="control", $events=Control::controller_events],
-};

testing/btest/scripts/base/frameworks/file-analysis/bifs/file_exists_lookup_file.bro

@@ -0,0 +1,21 @@
+# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT 2>&1
+# @TEST-EXEC: btest-diff .stdout
+
+event bro_init()
+	{
+	print "This should fail but not crash";
+	print Files::lookup_file("asdf");
+
+	print "This should return F";
+	print Files::file_exists("asdf");
+	}
+
+event file_sniff(f: fa_file, meta: fa_metadata)
+	{
+	print "lookup fid: " + f$id;
+	local looked_up_file = Files::lookup_file(f$id);
+	print "We should have found the file id: " + looked_up_file$id ;
+
+	print "This should return T";
+	print Files::file_exists(f$id);
+	}

testing/btest/scripts/base/frameworks/input/basic.bro

@@ -7,9 +7,9 @@ redef exit_only_after_terminate = T;
 @TEST-START-FILE input.log
 #separator \x09
 #path	ssh
-#fields	b	i	e	c	p	sn	a	d	t	iv	s	sc	ss	se	vc	ve	ns
-#types	bool	int	enum	count	port	subnet	addr	double	time	interval	string	table	table	table	vector	vector	string
-T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242
+#fields	b	bt	i	e	c	p	pp	sn	a	d	t	iv	s	sc	ss	se	vc	ve	ns
+#types	bool	int	enum	count	port	port	subnet	addr	double	time	interval	string	table	table	table	vector	vector	string
+T	1	-42	SSH::LOG	21	123	5/icmp	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242
 @TEST-END-FILE
 
 @load base/protocols/ssh
@@ -26,9 +26,11 @@ type Idx: record {
 
 type Val: record {
 	b: bool;
+	bt: bool;
 	e: Log::ID;
 	c: count;
 	p: port;
+	pp: port;
 	sn: subnet;
 	a: addr;
 	d: double;

testing/btest/scripts/base/frameworks/input/config/basic.bro

@@ -0,0 +1,75 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff out
+
+redef exit_only_after_terminate = T;
+redef InputConfig::empty_field = "EMPTY";
+redef InputConfig::set_separator = "\t";
+
+@TEST-START-FILE configfile
+testbool F
+testcount    1
+testcount 2
+testcount 2
+testint		-1
+testenum Conn::LOG
+testport 45
+testportandproto 45/udp
+testaddr 127.0.0.1
+testaddr 2607:f8b0:4005:801::200e
+testinterval 60
+testtime 1507321987
+test_set a	b	c	d	erdbeerschnitzel
+test_vector 1	2	3	4	5	6
+test_set (empty)
+test_set EMPTY
+test_set -
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+global outfile: file;
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testportandproto = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+}
+
+type Idx: record {
+	option_name: string;
+};
+
+type Val: record {
+	option_val: string;
+};
+
+global currconfig: table[string] of string = table();
+
+event InputConfig::new_value(name: string, source: string, id: string, value: any)
+	{
+	print outfile, id, value;
+	}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	close(outfile);
+	terminate();
+	}
+
+event bro_init()
+	{
+	outfile = open("../out");
+	Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
+	}
+

testing/btest/scripts/base/frameworks/input/config/errors.bro

@@ -0,0 +1,66 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: tail -n +2 .stderr > errout
+# @TEST-EXEC: btest-diff errout
+
+redef exit_only_after_terminate = T;
+
+@TEST-START-FILE configfile
+testbool A
+testtesttesttesttesttest
+testbool A B
+testcount A
+testenum unknown
+testbooool T
+test_any F
+test_table whatever
+@TEST-END-FILE
+
+@load base/protocols/ssh
+@load base/protocols/conn
+
+global outfile: file;
+
+export {
+	option testbool: bool = T;
+	option testcount: count = 0;
+	option testint: int = 0;
+	option testenum = SSH::LOG;
+	option testport = 42/tcp;
+	option testaddr = 127.0.0.1;
+	option testtime = network_time();
+	option testinterval = 1sec;
+	option teststring = "a";
+	option test_set: set[string] = {};
+	option test_vector: vector of count = {};
+	option test_any: any = 5;
+	option test_table: table[string] of string = {};
+}
+
+type Idx: record {
+	option_name: string;
+};
+
+type Val: record {
+	option_val: string;
+};
+
+global currconfig: table[string] of string = table();
+
+event InputConfig::new_value(name: string, source: string, id: string, value: any)
+	{
+	print outfile, id, value;
+	}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	close(outfile);
+	terminate();
+	}
+
+event bro_init()
+	{
+	outfile = open("../out");
+	Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
+	}
+

testing/btest/scripts/base/frameworks/input/empty-values-hashing.bro

@@ -1,6 +1,6 @@
 # @TEST-EXEC: cp input1.log input.log
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp input2.log input.log
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff out
@@ -20,8 +20,6 @@
 2	TEST	TEST
 @TEST-END-FILE
 
-@load base/frameworks/communication  # let network-time run
-
 redef exit_only_after_terminate = T;
 
 module A;
@@ -77,7 +75,9 @@ event Input::end_of_data(name: string, source: string)
 	print outfile, servers;
 	
 	try = try + 1;
-	if ( try == 2 )
+	if ( try == 1 )
+		system("touch got1");
+	else if ( try == 2 )
 		{
 		print outfile, "done";
 		close(outfile);

testing/btest/scripts/base/frameworks/input/invalid-lines.bro

@@ -0,0 +1,67 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff out
+
+redef exit_only_after_terminate = T;
+redef InputAscii::fail_on_invalid_lines = F;
+
+@TEST-START-FILE input.log
+#separator \x09
+#path	ssh
+#fields	b	i	e	c	p	sn	a	d	t	iv	s	sc	ss	se	vc	ve	ns
+#types	bool	int	enum	count	port	subnet	addr	double	time	interval	string	table	table	table	vector	vector	string
+T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30
+T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242
+T	-43	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	4242 HOHOHO
+T	-41
+@TEST-END-FILE
+
+@load base/protocols/ssh
+
+global outfile: file;
+
+redef InputAscii::empty_field = "EMPTY";
+
+module A;
+
+type Idx: record {
+	i: int;
+};
+
+type Val: record {
+	b: bool;
+	e: Log::ID;
+	c: count;
+	p: port;
+	sn: subnet;
+	a: addr;
+	d: double;
+	t: time;
+	iv: interval;
+	s: string;
+	ns: string;
+	sc: set[count];
+	ss: set[string];
+	se: set[string];
+	vc: vector of int;
+	ve: vector of int;
+};
+
+global servers: table[int] of Val = table();
+global servers2: table[int] of Val = table();
+
+event bro_init()
+	{
+	outfile = open("../out");
+	# first read in the old stuff into the table...
+	Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]);
+	Input::add_table([$source="../input.log", $name="ssh2", $idx=Idx, $val=Val, $destination=servers2, $config=table(["fail_on_invalid_lines"] = "T")]);
+	}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	print outfile, servers;
+	Input::remove("ssh");
+	close(outfile);
+	terminate();
+	}

testing/btest/scripts/base/frameworks/input/invalidset.bro

@@ -0,0 +1,65 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
+# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderrwithoutfirstline
+
+@TEST-START-FILE input.log
+#separator \x09
+#fields	i	s
+name	-
+name	127.0.0.1
+@TEST-END-FILE
+
+redef exit_only_after_terminate = T;
+redef InputAscii::fail_on_invalid_lines = T;
+
+global outfile: file;
+
+module A;
+
+type Idx: record {
+	i: string;
+};
+
+type Val: record {
+	s: set[subnet];
+};
+
+global endcount: count = 0;
+
+global servers: table[string] of Val = table();
+
+event handle_our_errors(desc: Input::TableDescription, msg: string, level: Reporter::Level)
+	{
+	print outfile, "TableErrorEvent", msg, level;
+	}
+
+event handle_our_errors_event(desc: Input::EventDescription, msg: string, level: Reporter::Level)
+	{
+	print outfile, "EventErrorEvent", msg, level;
+	}
+
+event line(description: Input::EventDescription, tpe: Input::Event, v: Val)
+	{
+	print outfile, "Event", v;
+	}
+
+event bro_init()
+	{
+	outfile = open("../out");
+	# first read in the old stuff into the table...
+	Input::add_table([$source="../input.log", $name="ssh", $error_ev=handle_our_errors, $idx=Idx, $val=Val, $destination=servers]);
+	Input::add_event([$source="../input.log", $name="sshevent", $error_ev=handle_our_errors_event, $fields=Val, $want_record=T, $ev=line]);
+	}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	++endcount;
+
+	if ( endcount == 2 )
+		{
+		print outfile, servers;
+		terminate();
+		}
+	}

testing/btest/scripts/base/frameworks/input/invalidtext.bro

@@ -13,6 +13,7 @@
 @TEST-END-FILE
 
 redef exit_only_after_terminate = T;
+redef InputAscii::fail_on_invalid_lines = T;
 
 global outfile: file;
 

testing/btest/scripts/base/frameworks/input/missing-file-initially.bro

@@ -0,0 +1,61 @@
+# This tests files that don't exist initially and then do later during
+# runtime to make sure the ascii reader is resilient to files missing.
+# It does a second test at the same time which configures the old
+# failing behavior.
+
+# @TEST-EXEC: btest-bg-run bro bro %INPUT
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/init 5 || (btest-bg-wait -k 1 && false)
+# @TEST-EXEC: mv does-exist.dat does-not-exist.dat
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/next 5 || (btest-bg-wait -k 1 && false)
+# @TEST-EXEC: mv does-not-exist.dat does-not-exist-again.dat
+# @TEST-EXEC: echo "3 streaming still works" >> does-not-exist-again.dat
+# @TEST-EXEC: btest-bg-wait 5
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stdout
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff bro/.stderr
+
+@TEST-START-FILE does-exist.dat
+#separator \x09
+#fields	line
+#types	string
+1 now it does
+2 and more!
+@TEST-END-FILE
+
+redef exit_only_after_terminate = T;
+
+@load base/frameworks/input
+
+module A;
+
+type Val: record {
+	line: string;
+};
+
+global line_count = 0;
+
+event line(description: Input::EventDescription, tpe: Input::Event, v: Val)
+	{
+	print fmt("%s: %s", description$name, v$line);
+	++line_count;
+
+	if ( line_count == 4 )
+		system("touch next");
+	if ( line_count == 5 )
+		terminate();
+	}
+
+event line2(description: Input::EventDescription, tpe: Input::Event, v: Val)
+	{
+	print "DONT PRINT THIS LINE";
+	}
+
+
+event bro_init()
+	{
+	Input::add_event([$source="../does-not-exist.dat", $name="input", $reader=Input::READER_ASCII, $mode=Input::REREAD, $fields=Val, $ev=line, $want_record=T]);
+	Input::add_event([$source="../does-not-exist.dat", $name="inputstream", $reader=Input::READER_ASCII, $mode=Input::STREAM, $fields=Val, $ev=line, $want_record=T]);
+	Input::add_event([$source="../does-not-exist.dat", $name="inputmanual", $reader=Input::READER_ASCII, $mode=Input::MANUAL, $fields=Val, $ev=line, $want_record=T]);
+	Input::add_event([$source="../does-not-exist.dat", $name="input2", $reader=Input::READER_ASCII, $mode=Input::REREAD, $fields=Val, $ev=line2, $want_record=T,
+	                  $config=table(["fail_on_file_problem"] = "T")]);
+	system("touch init");
+	}

testing/btest/scripts/base/frameworks/input/missing-file.bro

@@ -3,6 +3,7 @@
 # @TEST-EXEC: btest-diff bro/.stderr
 
 redef exit_only_after_terminate = T;
+redef InputAscii::fail_on_file_problem = T;
 
 global outfile: file;
 global try: count;

testing/btest/scripts/base/frameworks/input/port-embedded.bro

@@ -0,0 +1,44 @@
+# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff bro/.stdout
+# @TEST-EXEC: btest-diff bro/.stderr
+
+@TEST-START-FILE input.log
+#fields	i	p
+1.2.3.4	80/tcp
+1.2.3.5	52/udp
+1.2.3.6	30/unknown
+1.2.3.7	50/trash
+@TEST-END-FILE
+
+redef exit_only_after_terminate = T;
+
+redef InputAscii::empty_field = "EMPTY";
+
+module A;
+
+type Idx: record {
+	i: addr;
+};
+
+type Val: record {
+	p: port;
+};
+
+global servers: table[addr] of Val = table();
+
+event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, right: Val)
+	{
+	print left, right;
+	}
+
+event bro_init()
+	{
+	Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $ev=line, $destination=servers]);
+	}
+
+event Input::end_of_data(name: string, source: string)
+	{
+	Input::remove("input");
+	terminate();
+	}

testing/btest/scripts/base/frameworks/input/predicatemodifyandreread.bro

@@ -1,12 +1,12 @@
 # @TEST-EXEC: cp input1.log input.log
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp input2.log input.log
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp input3.log input.log
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp input4.log input.log
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp input5.log input.log
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff out
@@ -57,8 +57,6 @@
 
 redef exit_only_after_terminate = T;
 
-@load base/frameworks/communication  # let network-time run
-
 redef InputAscii::empty_field = "EMPTY";
 
 module A;
@@ -98,7 +96,15 @@ event Input::end_of_data(name: string, source: string)
 	try = try + 1;
 	print outfile, fmt("Update_finished for %s, try %d", name, try);
 	print outfile, servers;
-	
+
+	if ( try == 1 )
+		system("touch got1");
+	else if ( try == 2 )
+		system("touch got2");
+	else if ( try == 3 )
+		system("touch got3");
+	else if ( try == 4 )
+		system("touch got4");
 	if ( try == 5 )
 		{
 		close(outfile);

testing/btest/scripts/base/frameworks/input/raw/executestdin.bro

@@ -4,10 +4,10 @@
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
 
 redef exit_only_after_terminate = T;
-@load base/frameworks/communication  # let network-time run. otherwise there are no heartbeats...
 
 global outfile: file;
 global processes_finished: count = 0;
+global lines_received: count = 0;
 global n: count = 0;
 global total_processes: count = 0;
 
@@ -21,10 +21,23 @@ type Val: record {
 	s: string;
 };
 
+global more_input: function(name_prefix: string);
+
+function check_terminate_condition()
+	{
+	if ( processes_finished != total_processes )
+		return;
+
+	if ( lines_received != (total_processes - 1) * 2 )
+		return;
+
+	terminate();
+	}
+
 event line(description: Input::EventDescription, tpe: Input::Event, s: string)
 	{
-	print outfile, tpe, description$source, description$name;
-	print outfile, s;
+	++lines_received;
+	print outfile, tpe, description$source, description$name, s;
 	}
 
 event InputRaw::process_finished(name: string, source:string, exit_code:count, signal_exit:bool)
@@ -32,10 +45,18 @@ event InputRaw::process_finished(name: string, source:string, exit_code:count, s
 	print "process_finished", name, source;
 	Input::remove(name);
 	++processes_finished;
-	if ( processes_finished == total_processes )
+	if ( processes_finished == 1 )
+		{
+		more_input("input");
+		more_input("input");
+		more_input("input");
+		more_input("input");
+		more_input("input");
+		}
+	else if ( processes_finished == total_processes )
 		{
 		close(outfile);
-		terminate();
+		check_terminate_condition();
 		}
 	}
 
@@ -60,9 +81,4 @@ event bro_init()
 	                  $reader=Input::READER_RAW, $mode=Input::STREAM,
 	                  $name="input", $fields=Val, $ev=line, $want_record=F,
 	                  $config=config_strings]);
-	more_input("input");
-	more_input("input");
-	more_input("input");
-	more_input("input");
-	more_input("input");
 	}

testing/btest/scripts/base/frameworks/input/raw/executestream.bro

@@ -1,8 +1,8 @@
 # @TEST-EXEC: cp input1.log input.log
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT 
-# @TEST-EXEC: sleep 3
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cat input2.log >> input.log
-# @TEST-EXEC: sleep 3
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cat input3.log >> input.log
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff out
@@ -26,7 +26,6 @@ sdf
 3rw43wRRERLlL#RWERERERE.
 @TEST-END-FILE
 
-@load base/frameworks/communication  # let network-time run
 
 module A;
 
@@ -39,12 +38,16 @@ global outfile: file;
 
 event line(description: Input::EventDescription, tpe: Input::Event, s: string)
 	{
-	print outfile, description;
+	print outfile, description$source, description$reader, description$mode, description$name;
 	print outfile, tpe;
 	print outfile, s;
 
 	try = try + 1;
-	if ( try == 8 )
+	if ( try == 1 )
+		system("touch got1");
+	else if ( try == 3 )
+		system("touch got3");
+	else if ( try == 8 )
 		{
 		print outfile, "done";
 		close(outfile);

testing/btest/scripts/base/frameworks/input/raw/offset.bro

@@ -1,6 +1,6 @@
 # @TEST-EXEC: cp input.log input2.log
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: echo "hi" >> input2.log
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
@@ -10,7 +10,6 @@ sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
 @TEST-END-FILE
 
 redef exit_only_after_terminate = T;
-@load base/frameworks/communication # keep network time running
 
 global outfile: file;
 global try: count;
@@ -25,7 +24,9 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
 	{
 	print outfile, s;
 	try = try + 1;
-	if ( try == 3 )
+	if ( try == 2 )
+		system("touch got2");
+	else if ( try == 3 )
 		{
 		close(outfile);
 		terminate();

testing/btest/scripts/base/frameworks/input/raw/stderr.bro

@@ -1,73 +1,68 @@
+# @TEST-EXEC: mkdir mydir && touch mydir/a && touch mydir/b && touch mydir/c
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT 
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff out
 
 redef exit_only_after_terminate = T;
-@load base/frameworks/communication  # let network-time run. otherwise there are no heartbeats...
 
 type Val: record {
 	s: string;
 	is_stderr: bool;
 };
 
-global try: count;
+global try = 0;
+global n = 0;
 global outfile: file;
 
 event line(description: Input::EventDescription, tpe: Input::Event, s: string, is_stderr: bool)
 	{
-	print outfile, tpe;
+	local line_output = fmt("%s line output (stderr=%s): ", tpe, is_stderr);
+
 	if ( is_stderr ) 
 		{
 		# work around localized error messages. and if some localization does not include the filename... well... that would be bad :)
 		if ( strstr(s, "nonexistant") > 0 ) 
-			{
-			print outfile, "stderr output contained nonexistant";
-			}
+			line_output += "<stderr output contained nonexistant>";
+		else
+			line_output += "<unexpected/weird error localization>";
 		}
 	else
-		{
-		print outfile, s;
-		}
-	print outfile, is_stderr;
+		line_output += s;
 
-	try = try + 1;
-	if ( try == 7 )
-		{
-		print outfile, "done";
-		Input::remove("input");
-		}
+	print outfile, line_output;
+	++try;
+
+	if ( n == 2 && try == 7 )
+		terminate();
 	}
 
-global n = 0;
-
 event Input::end_of_data(name: string, source:string)
 	{
-	print outfile, "End of Data event";
-	print outfile, name;
+	print outfile, "End of Data event", name;
 	++n;
-	if ( n == 2 )
+
+	if ( n == 2 && try == 7 )
 		terminate();
 	}
 
 event InputRaw::process_finished(name: string, source:string, exit_code:count, signal_exit:bool)
 	{
-	print outfile, "Process finished event";
-	print outfile, name;
-	if ( exit_code != 0 ) 
-		print outfile, "Exit code != 0";
+	print outfile, "Process finished event", name, exit_code != 0;
 	++n;
-	if ( n == 2 )
+
+	if ( n == 2 && try == 7 )
 		terminate();
 	}
 
 event bro_init()
 	{
-
 	local config_strings: table[string] of string = {
 		["read_stderr"] = "1"
 	};
 
 	outfile = open("../out");
-	try = 0;
-	Input::add_event([$source="ls .. ../nonexistant ../nonexistant2 ../nonexistant3 |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line, $want_record=F, $config=config_strings, $mode=Input::STREAM]);
+	Input::add_event([$source="ls ../mydir ../nonexistant ../nonexistant2 ../nonexistant3 |",
+	                 $reader=Input::READER_RAW, $name="input",
+	                 $fields=Val, $ev=line, $want_record=F,
+	                 $config=config_strings, $mode=Input::STREAM]);
 	}

testing/btest/scripts/base/frameworks/input/raw/streamraw.bro

@@ -1,8 +1,8 @@
 # @TEST-EXEC: cp input1.log input.log
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT 
-# @TEST-EXEC: sleep 3
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cat input2.log >> input.log
-# @TEST-EXEC: sleep 3
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cat input3.log >> input.log
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff out
@@ -26,8 +26,6 @@ sdf
 3rw43wRRERLlL#RWERERERE.
 @TEST-END-FILE
 
-@load base/frameworks/communication  # let network-time run
-
 module A;
 
 type Val: record {
@@ -39,12 +37,17 @@ global outfile: file;
 
 event line(description: Input::EventDescription, tpe: Input::Event, s: string)
 	{
-	print outfile, description;
+	print outfile, description$source, description$reader, description$mode, description$name;
 	print outfile, tpe;
 	print outfile, s;
 
 	try = try + 1;
-	if ( try == 8 )
+
+	if ( try == 1 )
+		system("touch got1");
+	else if ( try == 3 )
+		system("touch got3");
+	else if ( try == 8 )
 		{
 		print outfile, "done";
 		close(outfile);

testing/btest/scripts/base/frameworks/input/reread.bro

@@ -1,12 +1,12 @@
 # @TEST-EXEC: cp input1.log input.log
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp input2.log input.log
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp input3.log input.log
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got3 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp input4.log input.log
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got4 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp input5.log input.log
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff out
@@ -43,7 +43,7 @@ T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz
 F	-43	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
 F	-44	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
 F	-45	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
-F	-46	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
+0	-46	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
 F	-47	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
 F	-48	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
 @TEST-END-FILE
@@ -56,7 +56,6 @@ F	-48	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz
 @TEST-END-FILE
 
 @load base/protocols/ssh
-@load base/frameworks/communication  # let network-time run
 
 redef exit_only_after_terminate = T;
 redef InputAscii::empty_field = "EMPTY";
@@ -127,7 +126,16 @@ event Input::end_of_data(name: string, source: string)
 	print outfile, servers;
 	
 	try = try + 1;
-	if ( try == 5 )
+
+	if ( try == 1 )
+		system("touch got1");
+	else if ( try == 2 )
+		system("touch got2");
+	else if ( try == 3 )
+		system("touch got3");
+	else if ( try == 4 )
+		system("touch got4");
+	else if ( try == 5 )
 		{
 		print outfile, "done";
 		close(outfile);

testing/btest/scripts/base/frameworks/input/stream.bro

@@ -1,8 +1,8 @@
 # @TEST-EXEC: cp input1.log input.log
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
-# @TEST-EXEC: sleep 3
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got1 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cat input2.log >> input.log
-# @TEST-EXEC: sleep 3
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cat input3.log >> input.log
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff out
@@ -21,7 +21,6 @@ T	-43	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz
 F	-43	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
 @TEST-END-FILE
 
-@load base/frameworks/communication # keep network time running
 @load base/protocols/ssh
 redef exit_only_after_terminate = T;
 
@@ -67,8 +66,12 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
 	print outfile, servers;
 
 	try = try + 1;
-	
-	if ( try == 3 )
+
+	if ( try == 1 )
+		system("touch got1");
+	else if ( try == 2 )
+		system("touch got2");
+	else if ( try == 3 )
 		{
 		print outfile, "done";
 		close(outfile);

testing/btest/scripts/base/frameworks/input/twotables.bro

@@ -1,6 +1,6 @@
 # @TEST-EXEC: cp input1.log input.log
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
-# @TEST-EXEC: sleep 5
+# @TEST-EXEC: $SCRIPTS/wait-for-file bro/got2 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp input3.log input.log
 # @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff event.out
@@ -30,7 +30,6 @@ T	-43	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz
 F	-44	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
 @TEST-END-FILE
 
-@load base/frameworks/communication # keep network time running
 @load base/protocols/ssh
 redef exit_only_after_terminate = T;
 
@@ -117,7 +116,9 @@ event Input::end_of_data(name: string, source: string)
 	#print fin_out, servers;
 	
 	try = try + 1;
-	if ( try == 3 )
+	if ( try == 2 )
+		system("touch got2");
+	else if ( try == 3 )
 		{
 		print fin_out, "done";
 		print fin_out, servers;

testing/btest/scripts/base/frameworks/intel/cluster-transparency-with-proxy.bro

@@ -0,0 +1,90 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run proxy-1  BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
+# @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
+# @TEST-EXEC: btest-bg-wait -k 10
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-2/.stdout
+# @TEST-EXEC: btest-diff manager-1/intel.log
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
+	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1"],
+	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1"],
+	["proxy-1"]  = [$node_type=Cluster::PROXY,  $ip=127.0.0.1, $p=37762/tcp, $manager="manager-1"],
+};
+@TEST-END-FILE
+
+module Intel;
+
+redef Log::default_rotation_interval=0sec;
+
+event Cluster::node_up(name: string, id: string)
+	{
+	# Insert the data once both workers are connected.
+	if ( Cluster::local_node_type() == Cluster::MANAGER && Cluster::worker_count == 2 && Cluster::proxy_pool$alive_count == 1 )
+		{
+		Intel::insert([$indicator="1.2.3.4", $indicator_type=Intel::ADDR, $meta=[$source="manager"]]);
+		}
+	}
+
+global worker2_data = 0;
+global sent_data = F;
+# Watch for new indicators send to workers.
+event Intel::insert_indicator(item: Intel::Item)
+	{
+	print fmt("new_indicator: %s inserted by %s", item$indicator, item$meta$source);
+
+	if ( ! sent_data )
+		{
+		# We wait to insert data here because we can now be sure the 
+		# full cluster is constructed.
+		sent_data = T;
+		if ( Cluster::node == "worker-1" )
+			Intel::insert([$indicator="123.123.123.123", $indicator_type=Intel::ADDR, $meta=[$source="worker-1"]]);
+		if ( Cluster::node == "worker-2" )
+			Intel::insert([$indicator="4.3.2.1", $indicator_type=Intel::ADDR, $meta=[$source="worker-2"]]);
+		}
+
+	# We're forcing worker-2 to do a lookup when it has three intelligence items
+	# which were distributed over the cluster (data inserted locally is resent).
+	if ( Cluster::node == "worker-2" )
+		{
+		++worker2_data;
+		if ( worker2_data == 3 )
+			{
+			# Now that everything is inserted, see if we can match on the data inserted
+			# by worker-1.
+			print "Doing a lookup";
+			Intel::seen([$host=123.123.123.123, $where=Intel::IN_ANYWHERE]);
+			}
+		}
+	}
+
+# Watch for remote inserts sent to the manager.
+event Intel::insert_item(item: Intel::Item)
+	{
+	print fmt("insert_item: %s inserted by %s", item$indicator, item$meta$source);
+	}
+
+# Watch for new items.
+event Intel::new_item(item: Intel::Item)
+	{
+	print fmt("new_item triggered for %s by %s on %s", item$indicator,
+			item$meta$source, Cluster::node);
+	}
+
+event Intel::log_intel(rec: Intel::Info)
+	{
+	terminate();
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	# Cascading termination
+	terminate();
+	}

testing/btest/scripts/base/frameworks/intel/cluster-transparency.bro

@@ -11,19 +11,17 @@
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1"],
 	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1"],
 };
 @TEST-END-FILE
 
-@load base/frameworks/control
-
 module Intel;
 
 redef Log::default_rotation_interval=0sec;
 
-event remote_connection_handshake_done(p: event_peer)
+event Cluster::node_up(name: string, id: string)
 	{
 	# Insert the data once both workers are connected.
 	if ( Cluster::local_node_type() == Cluster::MANAGER && Cluster::worker_count == 2 )
@@ -34,12 +32,10 @@ event remote_connection_handshake_done(p: event_peer)
 
 global worker2_data = 0;
 global sent_data = F;
-event Intel::cluster_new_item(item: Intel::Item)
+# Watch for new indicators send to workers.
+event Intel::insert_indicator(item: Intel::Item)
 	{
-	if ( ! is_remote_event() )
-		return;
-
-	print fmt("cluster_new_item: %s inserted by %s (from peer: %s)", item$indicator, item$meta$source, get_event_peer()$descr);
+	print fmt("new_indicator: %s inserted by %s", item$indicator, item$meta$source);
 
 	if ( ! sent_data )
 		{
@@ -67,14 +63,26 @@ event Intel::cluster_new_item(item: Intel::Item)
 		}
 	}
 
-event Intel::log_intel(rec: Intel::Info)
+# Watch for remote inserts sent to the manager.
+event Intel::insert_item(item: Intel::Item)
 	{
-	event Control::shutdown_request();
+	print fmt("insert_item: %s inserted by %s", item$indicator, item$meta$source);
 	}
 
-event remote_connection_closed(p: event_peer)
+# Watch for new items.
+event Intel::new_item(item: Intel::Item)
+	{
+	print fmt("new_item triggered for %s by %s on %s", item$indicator,
+			item$meta$source, Cluster::node);
+	}
+
+event Intel::log_intel(rec: Intel::Info)
+	{
+	terminate();
+	}
+
+event Cluster::node_down(name: string, id: string)
 	{
 	# Cascading termination
-	#print fmt("disconnected from: %s", p);
-	terminate_communication();
+	terminate();
 	}

testing/btest/scripts/base/frameworks/intel/expire-item.bro

@@ -7,11 +7,13 @@
 # @TEST-START-FILE intel.dat
 #fields	indicator	indicator_type	meta.source	meta.desc	meta.url
 1.2.3.4	Intel::ADDR	source1	this host is bad	http://some-data-distributor.com/1
+192.168.0.0/16	Intel::SUBNET	source1	this network is bad	http://some-data-distributor.com/2
 # @TEST-END-FILE
 
-@load frameworks/communication/listen
 @load frameworks/intel/do_expire
 
+redef exit_only_after_terminate = T;
+
 redef Intel::read_files += { "../intel.dat" };
 redef enum Intel::Where += { SOMEWHERE };
 redef Intel::item_expiration = 9sec;
@@ -20,13 +22,32 @@ redef table_expire_interval = 3sec;
 global runs = 0;
 event do_it()
 	{
+	++runs;
+	print fmt("-- Run %s --", runs);
+
 	print "Trigger: 1.2.3.4";
 	Intel::seen([$host=1.2.3.4,
 	             $where=SOMEWHERE]);
 
-	++runs;
+	if ( runs == 2 )
+		{
+		# Reinserting the indicator should reset the expiration
+		print "Reinsert: 1.2.3.4";
+		local item = [
+			$indicator="1.2.3.4",
+			$indicator_type=Intel::ADDR,
+			$meta=[
+				$source="source2",
+				$desc="this host is still bad",
+				$url="http://some-data-distributor.com/2"]
+			];
+		Intel::insert(item);
+		}
+
 	if ( runs < 6 )
 		schedule 3sec { do_it() };
+	else
+		terminate();
 	}
 
 event Intel::match(s: Intel::Seen, items: set[Intel::Item])

testing/btest/scripts/base/frameworks/intel/input-and-match.bro

@@ -1,4 +1,3 @@
-# @TEST-SERIALIZE: comm
 
 # @TEST-EXEC: btest-bg-run broproc bro %INPUT
 # @TEST-EXEC: btest-bg-wait -k 5
@@ -11,8 +10,7 @@
 e@mail.com	Intel::EMAIL	source1	Phishing email source	http://some-data-distributor.com/100000
 @TEST-END-FILE
 
-@load frameworks/communication/listen
-
+redef exit_only_after_terminate = T;
 redef Intel::read_files += { "../intel.dat" };
 redef enum Intel::Where += { SOMEWHERE };
 

testing/btest/scripts/base/frameworks/intel/match-subnet.bro

@@ -14,7 +14,7 @@
 192.168.128.0/18	Intel::SUBNET	source1	this subnetwork might be baaad	http://some-data-distributor.com/5
 # @TEST-END-FILE
 
-@load frameworks/communication/listen
+redef exit_only_after_terminate = T;
 
 redef Intel::read_files += { "../intel.dat" };
 redef enum Intel::Where += { SOMEWHERE };

testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.bro

@@ -1,7 +1,6 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
-# @TEST-EXEC: sleep 2
 # @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
 # @TEST-EXEC: btest-bg-wait -k 10
@@ -12,7 +11,7 @@
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1"],
 	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1"],
 };

testing/btest/scripts/base/frameworks/intel/remove-item-cluster.bro

@@ -2,20 +2,18 @@
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
-# @TEST-EXEC: btest-bg-wait -k 10
+# @TEST-EXEC: btest-bg-wait -k 13
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff manager-1/.stdout
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff worker-1/.stdout
 # @TEST-EXEC: btest-diff manager-1/intel.log
 
 # @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1"],
 };
 # @TEST-END-FILE
 
-@load base/frameworks/control
-
 module Intel;
 
 redef Log::default_rotation_interval=0sec;
@@ -37,7 +35,7 @@ event test_worker()
 	Intel::seen([$host=10.10.10.10, $where=Intel::IN_ANYWHERE]);
 	}
 
-event remote_connection_handshake_done(p: event_peer)
+event Cluster::node_up(name: string, id: string)
 	{
 	# Insert the data once all workers are connected.
 	if ( Cluster::local_node_type() == Cluster::MANAGER && Cluster::worker_count == 1 )
@@ -54,7 +52,7 @@ event remote_connection_handshake_done(p: event_peer)
 	}
 
 global worker_data = 0;
-event Intel::cluster_new_item(item: Intel::Item)
+event Intel::insert_indicator(item: Intel::Item)
 	{
 	# Run test on worker-1 when all items have been inserted
 	if ( Cluster::node == "worker-1" )
@@ -70,19 +68,24 @@ event Intel::remove_item(item: Item, purge_indicator: bool)
 	print fmt("Removing %s (source: %s).", item$indicator, item$meta$source);
 	}
 
-event purge_item(item: Item)
+event remove_indicator(item: Item)
 	{
 	print fmt("Purging %s.", item$indicator);
 	}
 
+event die()
+	{
+	terminate();
+	}
+
 event Intel::log_intel(rec: Intel::Info)
 	{
 	print "Logging intel hit!";
-	event Control::shutdown_request();
+	schedule 2sec { die() };
 	}
 
-event remote_connection_closed(p: event_peer)
+event Cluster::node_down(name: string, id: string)
 	{
 	# Cascading termination
-	terminate_communication();
+	schedule 2sec { die() };
 	}

testing/btest/scripts/base/frameworks/intel/remove-non-existing.bro

@@ -9,7 +9,7 @@
 192.168.1.1	Intel::ADDR	source1	this host is just plain baaad	http://some-data-distributor.com/1
 # @TEST-END-FILE
 
-@load frameworks/communication/listen
+redef exit_only_after_terminate = T;
 
 redef Intel::read_files += { "../intel.dat" };
 redef enum Intel::Where += { SOMEWHERE };

testing/btest/scripts/base/frameworks/intel/updated-match.bro

@@ -1,12 +1,10 @@
-# @TEST-SERIALIZE: comm
-
 # @TEST-EXEC: cp intel1.dat intel.dat
 # @TEST-EXEC: btest-bg-run broproc bro %INPUT
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file broproc/got1 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp intel2.dat intel.dat
-# @TEST-EXEC: sleep 2
+# @TEST-EXEC: $SCRIPTS/wait-for-file broproc/got2 5 || (btest-bg-wait -k 1 && false)
 # @TEST-EXEC: cp intel3.dat intel.dat
-# @TEST-EXEC: btest-bg-wait 6
+# @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: cat broproc/intel.log > output
 # @TEST-EXEC: cat broproc/notice.log >> output
 # @TEST-EXEC: btest-diff output
@@ -28,7 +26,6 @@
 4.3.2.1	Intel::ADDR	source2	this host might also be baaad	http://some-data-distributor.com/4321	T
 # @TEST-END-FILE
 
-@load base/frameworks/communication # let network-time run
 @load frameworks/intel/do_notice
 
 redef exit_only_after_terminate = T;
@@ -36,6 +33,8 @@ redef Intel::read_files += { "../intel.dat" };
 redef enum Intel::Where += { SOMEWHERE };
 
 global runs = 0;
+global entries_read = 0;
+
 event do_it()
 	{
 	Intel::seen([$host=1.2.3.4,
@@ -44,8 +43,11 @@ event do_it()
 	             $where=SOMEWHERE]);
 
 	++runs;
-	if ( runs < 3 )
-		schedule 3sec { do_it() };
+
+	if ( runs == 1 )
+		system("touch got1");
+	if ( runs == 2 )
+		system("touch got2");
 	}
 
 global log_lines = 0;
@@ -56,7 +58,17 @@ event Intel::log_intel(rec: Intel::Info)
 		terminate();
 	}
 
-event bro_init() &priority=-10
+module Intel;
+
+event Intel::read_entry(desc: Input::EventDescription, tpe: Input::Event, item: Intel::Item)
 	{
-	schedule 1sec { do_it() };
+	++entries_read;
+	print entries_read;
+
+	if ( entries_read == 1 )
+		event do_it();
+	else if ( entries_read == 3 )
+		event do_it();
+	else if ( entries_read == 5 )
+		event do_it();
 	}

testing/btest/scripts/base/frameworks/logging/adapt-filter.bro

@@ -27,7 +27,7 @@ event bro_init()
 	filter$path= "ssh-new-default";
 	Log::add_filter(SSH::LOG, filter);
 
-    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
 }

testing/btest/scripts/base/frameworks/logging/ascii-double.bro

@@ -1,6 +1,10 @@
+# @TEST-DOC: Test that the ASCII writer logs values of type "double" correctly.
 #
+# @TEST-EXEC: bro -b %INPUT test-json.bro
+# @TEST-EXEC: mv test.log json.log
 # @TEST-EXEC: bro -b %INPUT
 # @TEST-EXEC: btest-diff test.log
+# @TEST-EXEC: btest-diff json.log
 # 
 # Make sure  we do not write out scientific notation for doubles.
 
@@ -14,16 +18,68 @@ export {
 	};
 }
 
-event bro_init()
+function logwrite(val: double)
 {
-	Log::create_stream(Test::LOG, [$columns=Info]);
-	Log::write(Test::LOG, [$d=2153226000.0]);
-	Log::write(Test::LOG, [$d=2153226000.1]);
-	Log::write(Test::LOG, [$d=2153226000.123456789]);
-	Log::write(Test::LOG, [$d=1.0]);
-	Log::write(Test::LOG, [$d=1.1]);
-	Log::write(Test::LOG, [$d=1.123456789]);
-	Log::write(Test::LOG, [$d=1.1234]);
-	Log::write(Test::LOG, [$d=3.14e15]);
+	Log::write(Test::LOG, [$d=val]);
 }
 
+event bro_init()
+{
+	local d: double;
+	local dmax: double = 1.79e308;
+	local dmin: double = 2.23e-308;
+
+	Log::create_stream(Test::LOG, [$columns=Info]);
+
+	# relatively large values
+	logwrite(2153226000.0);
+	logwrite(2153226000.1);
+	logwrite(2153226000.123456789);
+
+	# relatively small values
+	logwrite(1.0);
+	logwrite(1.1);
+	logwrite(1.123456789);
+	logwrite(-1.123456789);
+	logwrite(1.1234);
+	logwrite(.1234);
+
+	# scientific notation (positive exponents)
+	logwrite(5e4);
+	logwrite(-5e4);
+	logwrite(3.14e15);
+	logwrite(-3.14e15);
+	logwrite(dmax);
+	logwrite(-dmax);
+
+	# scientific notation (negative exponents)
+	logwrite(1.23456789e-5);
+	logwrite(dmin);
+	logwrite(-dmin);
+
+	# inf
+	d = dmax;       # ok
+	d = d * 2.0;    # inf
+	logwrite(d);
+
+	# -inf
+	d = -dmax;      # ok
+	d = d * 2.0;    # -inf
+	logwrite(d);
+
+	# negative zero (compares equal to 0.0, but has different representation)
+	d = -0.0;
+	logwrite(d);
+
+	# nan
+	d = dmax;       # ok
+	d = d * 2.0;    # inf
+	d = d * 0.0;    # nan
+	logwrite(d);
+}
+
+# @TEST-START-FILE test-json.bro
+
+redef LogAscii::use_json = T;
+
+# @TEST-END-FILE

testing/btest/scripts/base/frameworks/logging/ascii-gz-rotate.bro

@@ -0,0 +1,25 @@
+# Test that log rotation works with compressed logs.
+#
+# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: gunzip test.*.log.gz
+#
+
+module Test;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Log: record {
+		s: string;
+	} &log;
+}
+
+redef Log::default_rotation_interval = 1hr;
+redef LogAscii::gzip_level = 1;
+
+event bro_init()
+{
+	Log::create_stream(Test::LOG, [$columns=Log]);
+
+	Log::write(Test::LOG, [$s="testing"]);
+}

testing/btest/scripts/base/frameworks/logging/ascii-gz.bro

@@ -0,0 +1,75 @@
+#
+# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: gunzip ssh.log.gz
+# @TEST-EXEC: btest-diff ssh.log
+# @TEST-EXEC: btest-diff ssh-uncompressed.log
+#
+# Testing all possible types.
+
+redef LogAscii::gzip_level = 9;
+
+module SSH;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Log: record {
+		b: bool;
+		i: int;
+		e: Log::ID;
+		c: count;
+		p: port;
+		sn: subnet;
+		a: addr;
+		d: double;
+		t: time;
+		iv: interval;
+		s: string;
+		sc: set[count];
+		ss: set[string];
+		se: set[string];
+		vc: vector of count;
+		ve: vector of string;
+		f: function(i: count) : string;
+	} &log;
+}
+
+function foo(i : count) : string
+	{
+	if ( i > 0 )
+		return "Foo";
+	else
+		return "Bar";
+	}
+
+event bro_init()
+{
+	Log::create_stream(SSH::LOG, [$columns=Log]);
+	local filter = Log::Filter($name="ssh-uncompressed", $path="ssh-uncompressed",
+	                           $config = table(["gzip_level"] = "0"));
+	Log::add_filter(SSH::LOG, filter);
+
+	local empty_set: set[string];
+	local empty_vector: vector of string;
+
+	Log::write(SSH::LOG, [
+		$b=T,
+		$i=-42,
+		$e=SSH::LOG,
+		$c=21,
+		$p=123/tcp,
+		$sn=10.0.0.1/24,
+		$a=1.2.3.4,
+		$d=3.14,
+		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "2008-07-09T16:13:30Z") + 0.543210 secs),
+		$iv=100secs,
+		$s="hurz",
+		$sc=set(1,2,3,4),
+		$ss=set("AA", "BB", "CC"),
+		$se=empty_set,
+		$vc=vector(10, 20, 30),
+		$ve=empty_vector,
+		$f=foo
+		]);
+}
+

testing/btest/scripts/base/frameworks/logging/disable-stream.bro

@@ -21,13 +21,12 @@ event bro_init()
 
 	Log::disable_stream(SSH::LOG);
 
-    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
-	
 }
 

testing/btest/scripts/base/frameworks/logging/enable-stream.bro

@@ -0,0 +1,33 @@
+#
+# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+
+module SSH;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH::LOG, [$columns=Log]);
+
+	Log::disable_stream(SSH::LOG);
+
+	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::enable_stream(SSH::LOG);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+}
+

testing/btest/scripts/base/frameworks/logging/field-extension-cluster-error.bro

@@ -1,23 +1,27 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
-# @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT"
 # @TEST-EXEC: btest-bg-wait 20
-# @TEST-EXEC: btest-diff manager-1/reporter.log
+# @TEST-EXEC: cat manager-1/reporter.log | grep -v "reporter/" > manager-reporter.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-canonifier | grep -v ^# | $SCRIPTS/diff-sort" btest-diff manager-reporter.log
 
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
 };
 @TEST-END-FILE
 
-redef Log::default_rotation_interval = 0secs;
-
 @load base/protocols/conn
 
+@if ( Cluster::node == "worker-1" )
+redef exit_only_after_terminate = T;
+@endif
+
+redef Log::default_rotation_interval = 0secs;
+
 redef Log::default_scope_sep="_";
 
 type Extension: record {
@@ -39,11 +43,32 @@ redef Log::default_ext_func = add_extension;
 
 @endif
 
-event terminate_me() {
+event die()
+	{
 	terminate();
-}
+	}
 
-event remote_connection_closed(p: event_peer) {
-  schedule 1sec { terminate_me() };
-}
+event slow_death()
+	{
+	Broker::flush_logs();
+	schedule 2sec { die() };
+	}
 
+event kill_worker()
+	{
+	Broker::publish("death", slow_death);
+	}
+
+event bro_init()
+	{
+	if ( Cluster::node == "worker-1" )
+		Broker::subscribe("death");
+
+	if ( Cluster::node == "manager-1" )
+		schedule 13sec { kill_worker() };
+	}
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	schedule 2sec { die() };
+	}

testing/btest/scripts/base/frameworks/logging/field-extension-cluster.bro

@@ -1,7 +1,6 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
-# @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/wikipedia.trace %INPUT"
 # @TEST-EXEC: btest-bg-wait 20
 # @TEST-EXEC: btest-diff manager-1/http.log
@@ -9,15 +8,19 @@
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
 };
 @TEST-END-FILE
 
-redef Log::default_rotation_interval = 0secs;
-
 @load base/protocols/conn
 
+@if ( Cluster::node == "worker-1" )
+redef exit_only_after_terminate = T;
+@endif
+
+redef Log::default_rotation_interval = 0secs;
+
 redef Log::default_scope_sep="_";
 
 type Extension: record {
@@ -35,11 +38,35 @@ function add_extension(path: string): Extension
 
 redef Log::default_ext_func = add_extension;
 
-event terminate_me() {
+event die()
+	{
 	terminate();
-}
+	}
 
-event remote_connection_closed(p: event_peer) {
-  schedule 1sec { terminate_me() };
-}
+event slow_death()
+	{
+	Broker::flush_logs();
+	schedule 2sec { die() };
+	}
 
+event kill_worker()
+	{
+	Broker::publish("death", slow_death);
+	}
+
+event bro_init()
+	{
+	if ( Cluster::node == "worker-1" )
+		Broker::subscribe("death");
+	}
+
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	if ( Cluster::node == "manager-1" )
+		schedule 2sec { kill_worker() };
+	}
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	schedule 2sec { die() };
+	}

testing/btest/scripts/base/frameworks/logging/remote-config.bro

@@ -1,94 +0,0 @@
-# @TEST-SERIALIZE: comm
-#
-# @TEST-EXEC: btest-bg-run sender bro -b --pseudo-realtime %INPUT ../sender.bro
-# @TEST-EXEC: sleep 1
-# @TEST-EXEC: btest-bg-run receiver bro -b --pseudo-realtime %INPUT ../receiver.bro
-# @TEST-EXEC: sleep 1
-# @TEST-EXEC: btest-bg-wait 15
-# @TEST-EXEC: btest-diff sender/test.log
-# @TEST-EXEC: btest-diff sender/test.failure.log
-# @TEST-EXEC: btest-diff sender/test.success.log
-# @TEST-EXEC: ( cd sender && for i in *.log; do cat $i | $SCRIPTS/diff-remove-timestamps >c.$i; done )
-# @TEST-EXEC: ( cd receiver && for i in *.log; do cat $i | $SCRIPTS/diff-remove-timestamps >c.$i; done )
-# @TEST-EXEC: cmp receiver/c.test.log sender/c.test.log
-# @TEST-EXEC: cmp receiver/c.test.failure.log sender/c.test.failure.log
-# @TEST-EXEC: cmp receiver/c.test.success.log sender/c.test.success.log
-
-# This is the common part loaded by both sender and receiver.
-module Test;
-
-export {
-	# Create a new ID for our log stream
-	redef enum Log::ID += { LOG };
-
-	# Define a record with all the columns the log file can have.
-	# (I'm using a subset of fields from ssh-ext for demonstration.)
-	type Log: record {
-		t: time;
-		id: conn_id; # Will be rolled out into individual columns.
-		status: string &optional;
-		country: string &default="unknown";
-	} &log;
-}
-
-event bro_init()
-{
-	Log::create_stream(Test::LOG, [$columns=Log]);
-	Log::add_filter(Test::LOG, [$name="f1", $path="test.success", $pred=function(rec: Log): bool { return rec$status == "success"; }]);
-}
-
-#####
-
-@TEST-START-FILE sender.bro
-
-@load frameworks/communication/listen
-
-module Test;
-
-function fail(rec: Log): bool
-	{
-	return rec$status != "success";
-	}
-
-event remote_connection_handshake_done(p: event_peer)
-	{
-	local config: table[string] of string;
-	config["tsv"] = "T";
-	Log::add_filter(Test::LOG, [$name="f2", $path="test.failure", $pred=fail, $config=config]);
-
-	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
-
-	local r: Log = [$t=network_time(), $id=cid, $status="success"];
-
-	# Log something.
-	Log::write(Test::LOG, r);
-	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
-	disconnect(p);
-	}
-
-event remote_connection_closed(p: event_peer)
-	{
-	terminate();
-	}
-
-@TEST-END-FILE
-
-@TEST-START-FILE receiver.bro
-
-#####
-
-@load base/frameworks/communication
-
-redef Communication::nodes += {
-    ["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T]
-};
-
-event remote_connection_closed(p: event_peer)
-	{
-	terminate();
-	}
-
-@TEST-END-FILE

testing/btest/scripts/base/frameworks/logging/remote-types.bro

@@ -1,91 +0,0 @@
-# @TEST-SERIALIZE: comm
-#
-# @TEST-EXEC: btest-bg-run sender bro -B threading,logging --pseudo-realtime %INPUT ../sender.bro
-# @TEST-EXEC: btest-bg-run receiver bro -B threading,logging --pseudo-realtime %INPUT ../receiver.bro
-# @TEST-EXEC: btest-bg-wait -k 10
-# @TEST-EXEC: btest-diff receiver/test.log
-# @TEST-EXEC: cat receiver/test.log | egrep -v '#open|#close' >r.log
-# @TEST-EXEC: cat sender/test.log   | egrep -v '#open|#close' >s.log
-# @TEST-EXEC: cmp r.log s.log
-
-# Remote version testing all types.
-
-# This is the common part loaded by both sender and receiver.
-
-redef LogAscii::empty_field = "EMPTY";
-
-module Test;
-
-export {
-	# Create a new ID for our log stream
-	redef enum Log::ID += { LOG };
-
-	type Log: record {
-		b: bool;
-		i: int;
-		e: Log::ID;
-		c: count;
-		p: port;
-		sn: subnet;
-		a: addr;
-		d: double;
-		t: time;
-		iv: interval;
-		s: string;
-		sc: set[count];
-		ss: set[string];
-		se: set[string];
-		vc: vector of count;
-		ve: vector of string;
-	} &log;
-}
-
-event bro_init()
-{
-	Log::create_stream(Test::LOG, [$columns=Log]);
-}
-
-#####
-
-@TEST-START-FILE sender.bro
-
-module Test;
-
-@load frameworks/communication/listen
-
-event remote_connection_handshake_done(p: event_peer)
-	{
-	local empty_set: set[string];
-	local empty_vector: vector of string;
-
-	Log::write(Test::LOG, [
-		$b=T,
-		$i=-42,
-		$e=Test::LOG,
-		$c=21,
-		$p=123/tcp,
-		$sn=10.0.0.1/24,
-		$a=1.2.3.4,
-		$d=3.14,
-		$t=network_time(),
-		$iv=100secs,
-		$s="hurz",
-		$sc=set(1,2,3,4),
-		$ss=set("AA", "BB", "CC"),
-		$se=empty_set,
-		$vc=vector(10, 20, 30),
-		$ve=empty_vector
-		]);
-	disconnect(p);
-	}
-@TEST-END-FILE
-
-@TEST-START-FILE receiver.bro
-
-#####
-
-redef Communication::nodes += {
-    ["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T]
-};
-
-@TEST-END-FILE

testing/btest/scripts/base/frameworks/logging/remote.bro

@@ -1,92 +0,0 @@
-# @TEST-SERIALIZE: comm
-#
-# @TEST-EXEC: btest-bg-run sender bro -b --pseudo-realtime %INPUT ../sender.bro
-# @TEST-EXEC: sleep 1
-# @TEST-EXEC: btest-bg-run receiver bro -b --pseudo-realtime %INPUT ../receiver.bro
-# @TEST-EXEC: sleep 1
-# @TEST-EXEC: btest-bg-wait 15
-# @TEST-EXEC: btest-diff sender/test.log
-# @TEST-EXEC: btest-diff sender/test.failure.log
-# @TEST-EXEC: btest-diff sender/test.success.log
-# @TEST-EXEC: ( cd sender && for i in *.log; do cat $i | $SCRIPTS/diff-remove-timestamps >c.$i; done )
-# @TEST-EXEC: ( cd receiver && for i in *.log; do cat $i | $SCRIPTS/diff-remove-timestamps >c.$i; done )
-# @TEST-EXEC: cmp receiver/c.test.log sender/c.test.log
-# @TEST-EXEC: cmp receiver/c.test.failure.log sender/c.test.failure.log
-# @TEST-EXEC: cmp receiver/c.test.success.log sender/c.test.success.log
-
-# This is the common part loaded by both sender and receiver.
-module Test;
-
-export {
-	# Create a new ID for our log stream
-	redef enum Log::ID += { LOG };
-
-	# Define a record with all the columns the log file can have.
-	# (I'm using a subset of fields from ssh-ext for demonstration.)
-	type Log: record {
-		t: time;
-		id: conn_id; # Will be rolled out into individual columns.
-		status: string &optional;
-		country: string &default="unknown";
-	} &log;
-}
-
-event bro_init()
-{
-	Log::create_stream(Test::LOG, [$columns=Log]);
-	Log::add_filter(Test::LOG, [$name="f1", $path="test.success", $pred=function(rec: Log): bool { return rec$status == "success"; }]);
-}
-
-#####
-
-@TEST-START-FILE sender.bro
-
-@load frameworks/communication/listen
-
-module Test;
-
-function fail(rec: Log): bool
-	{
-	return rec$status != "success";
-	}
-
-event remote_connection_handshake_done(p: event_peer)
-	{
-	Log::add_filter(Test::LOG, [$name="f2", $path="test.failure", $pred=fail]);
-
-	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
-
-	local r: Log = [$t=network_time(), $id=cid, $status="success"];
-
-	# Log something.
-	Log::write(Test::LOG, r);
-	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(Test::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
-	disconnect(p);
-	}
-
-event remote_connection_closed(p: event_peer)
-	{
-	terminate();
-	}
-
-@TEST-END-FILE
-
-@TEST-START-FILE receiver.bro
-
-#####
-
-@load base/frameworks/communication
-
-redef Communication::nodes += {
-    ["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T]
-};
-
-event remote_connection_closed(p: event_peer)
-	{
-	terminate();
-	}
-
-@TEST-END-FILE

testing/btest/scripts/base/frameworks/logging/remove.bro

@@ -2,6 +2,7 @@
 # @TEST-EXEC: bro -b -B logging %INPUT
 # @TEST-EXEC: btest-diff ssh.log
 # @TEST-EXEC: btest-diff ssh.failure.log
+# @TEST-EXEC: btest-diff .stdout
 
 module SSH;
 
@@ -24,11 +25,12 @@ event bro_init()
 	Log::create_stream(SSH::LOG, [$columns=Log]);
 	Log::add_filter(SSH::LOG, [$name="f1", $path="ssh.failure", $pred=function(rec: Log): bool { return rec$status == "failure"; }]);
 
-    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+	local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
 
 	# Log something.
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	print Log::get_filter_names(SSH::LOG);
 
 	Log::remove_filter(SSH::LOG, "f1");
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="BR"]);
@@ -37,5 +39,6 @@ event bro_init()
 	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
 
 	Log::remove_filter(SSH::LOG, "doesn-not-exist");
+	print Log::get_filter_names(SSH::LOG);
 }
 

testing/btest/scripts/base/frameworks/logging/rotate.bro

@@ -1,5 +1,6 @@
 #
-# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT 2>&1 | grep "test" >out
+# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT >bro.out 2>&1
+# @TEST-EXEC: grep "test" bro.out | sort >out
 # @TEST-EXEC: for i in `ls test.*.log | sort`; do printf '> %s\n' $i; cat $i; done >>out
 # @TEST-EXEC: btest-diff out
 

testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro

@@ -1,7 +1,6 @@
-# @TEST-SERIALIZE: brokercomm
-# @TEST-REQUIRES: grep -q ENABLE_BROKER:BOOL=true $BUILD/CMakeCache.txt
-# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
-# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.bro broker_port=$BROKER_PORT >send.out"
+# @TEST-SERIALIZE: comm
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.bro >send.out"
 
 # @TEST-EXEC: btest-bg-wait 20
 # @TEST-EXEC: btest-diff recv/recv.out
@@ -11,30 +10,39 @@
 
 @load base/frameworks/netcontrol
 
-const broker_port: port &redef;
 redef exit_only_after_terminate = T;
+global have_peer = F;
+global did_init = F;
+
+event bro_init()
+	{
+	suspend_processing();
+	}
 
 event NetControl::init()
 	{
-	suspend_processing();
-	local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=broker_port, $acld_topic="bro/event/netcontroltest"));
+	local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=Broker::default_port, $acld_topic="bro/event/netcontroltest"));
 	NetControl::activate(netcontrol_acld, 0);
 	}
 
 event NetControl::init_done()
 	{
-	continue_processing();
+	did_init = T;
+
+	if ( did_init && have_peer )
+		continue_processing();
 	}
 
-event Broker::outgoing_connection_established(peer_address: string,
-                                            peer_port: port,
-                                            peer_name: string)
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
-	print "Broker::outgoing_connection_established", peer_address, peer_port;
+	print "Broker peer added", endpoint$network;
+	have_peer = T;
+
+	if ( did_init && have_peer )
+		continue_processing();
 	}
 
-event Broker::outgoing_connection_broken(peer_address: string,
-                                       peer_port: port)
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	terminate();
 	}
@@ -86,36 +94,41 @@ event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState,
 @load base/frameworks/netcontrol
 @load base/frameworks/broker
 
-const broker_port: port &redef;
 redef exit_only_after_terminate = T;
 
+event die()
+	{
+	terminate();
+	}
+
 event bro_init()
 	{
-	Broker::enable();
-	Broker::subscribe_to_events("bro/event/netcontroltest");
-	Broker::listen(broker_port, "127.0.0.1");
+	Broker::subscribe("bro/event/netcontroltest");
+	Broker::listen("127.0.0.1");
 	}
 
-event Broker::incoming_connection_established(peer_name: string)
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
-	print "Broker::incoming_connection_established";
+	print "Broker peer added";
 	}
 
 event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
 	{
 	print "add_rule", id, r$entity, r$ty, ar;
 
-	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_added, id, r, ar$command));
+	Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_added, id, r, ar$command);
 	}
 
 event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
 	{
 	print "remove_rule", id, r$entity, r$ty, ar;
 
-	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_removed, id, r, ar$command));
+	Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_removed, id, r, ar$command);
 
 	if ( r$cid == 4 )
-		terminate();
+		{
+		schedule 2sec { die() };
+		}
 	}
 
 @TEST-END-FILE

testing/btest/scripts/base/frameworks/netcontrol/acld.bro

@@ -1,7 +1,6 @@
-# @TEST-SERIALIZE: brokercomm
-# @TEST-REQUIRES: grep -q ENABLE_BROKER:BOOL=true $BUILD/CMakeCache.txt
-# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
-# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.bro broker_port=$BROKER_PORT >send.out"
+# @TEST-SERIALIZE: comm
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.bro >send.out"
 
 # @TEST-EXEC: btest-bg-wait 20
 # @TEST-EXEC: btest-diff send/netcontrol.log
@@ -12,30 +11,39 @@
 
 @load base/frameworks/netcontrol
 
-const broker_port: port &redef;
 redef exit_only_after_terminate = T;
+global have_peer = F;
+global did_init = F;
+
+event bro_init()
+	{
+	suspend_processing();
+	}
 
 event NetControl::init()
 	{
-	suspend_processing();
-	local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=broker_port, $acld_topic="bro/event/netcontroltest"));
+	local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=Broker::default_port, $acld_topic="bro/event/netcontroltest"));
 	NetControl::activate(netcontrol_acld, 0);
 	}
 
-event Broker::outgoing_connection_established(peer_address: string,
-                                            peer_port: port,
-                                            peer_name: string)
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
-	print "Broker::outgoing_connection_established", peer_address, peer_port;
+	print "Broker peer added", endpoint$network;
+	have_peer = T;
+
+	if ( did_init && have_peer )
+		continue_processing();
 	}
 
 event NetControl::init_done()
 	{
-	continue_processing();
+	did_init = T;
+
+	if ( did_init && have_peer )
+		continue_processing();
 	}
 
-event Broker::outgoing_connection_broken(peer_address: string,
-                                       peer_port: port)
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	terminate();
 	}
@@ -79,6 +87,11 @@ event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState,
 	print "rule removed", r$entity, r$ty;
 	}
 
+event NetControl::rule_error(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	print "rule error", r$entity, r$ty;
+	}
+
 @TEST-END-FILE
 
 @TEST-START-FILE recv.bro
@@ -86,19 +99,22 @@ event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState,
 @load base/frameworks/netcontrol
 @load base/frameworks/broker
 
-const broker_port: port &redef;
 redef exit_only_after_terminate = T;
 
+event die()
+	{
+	terminate();
+	}
+
 event bro_init()
 	{
-	Broker::enable();
-	Broker::subscribe_to_events("bro/event/netcontroltest");
-	Broker::listen(broker_port, "127.0.0.1");
+	Broker::subscribe("bro/event/netcontroltest");
+	Broker::listen("127.0.0.1");
 	}
 
-event Broker::incoming_connection_established(peer_name: string)
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
-	print "Broker::incoming_connection_established";
+	print "Broker peer added";
 	}
 
 event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
@@ -106,19 +122,24 @@ event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::
 	print "add_rule", id, r$entity, r$ty, ar;
 
 	if ( r$cid != 3 )
-		Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_added, id, r, ar$command));
+		Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_added, id, r, ar$command);
 	else
-		Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_exists, id, r, ar$command));
+		Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_exists, id, r, ar$command);
 	}
 
 event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
 	{
 	print "remove_rule", id, r$entity, r$ty, ar;
 
-	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_removed, id, r, ar$command));
+	if ( r$cid != 2 )
+		Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_removed, id, r, ar$command);
+	else
+		Broker::publish("bro/event/netcontroltest", NetControl::acld_rule_error, id, r, ar$command);
 
 	if ( r$cid == 4 )
-		terminate();
+		{
+		schedule 2sec { die() };
+		}
 	}
 
 @TEST-END-FILE

testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro

@@ -1,9 +1,10 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
-# @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
-# @TEST-EXEC: sleep 1
+
+# @TEST-EXEC: $SCRIPTS/wait-for-pid $(cat worker-1/.pid) 10 || (btest-bg-wait -k 1 && false)
+
 # @TEST-EXEC: btest-bg-run worker-2  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
 # @TEST-EXEC: btest-bg-wait 20
 # @TEST-EXEC: btest-diff worker-1/.stdout
@@ -11,7 +12,7 @@
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
 	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth0"],
 };
@@ -28,7 +29,7 @@ event bro_init()
 	suspend_processing();
 	}
 
-event remote_connection_handshake_done(p: event_peer)
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	continue_processing();
 	}
@@ -51,9 +52,15 @@ event terminate_me() {
 	terminate();
 }
 
-event remote_connection_closed(p: event_peer) {
-	schedule 1sec { terminate_me() };
-}
+global peers_lost = 0;
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	++peers_lost;
+
+	if ( peers_lost == 2 )
+		schedule 2sec { terminate_me() };
+	}
 
 event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string &default="")
 	{

testing/btest/scripts/base/frameworks/netcontrol/broker.bro

@@ -1,7 +1,6 @@
-# @TEST-SERIALIZE: brokercomm
-# @TEST-REQUIRES: grep -q ENABLE_BROKER:BOOL=true $BUILD/CMakeCache.txt
-# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
-# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.bro broker_port=$BROKER_PORT >send.out"
+# @TEST-SERIALIZE: comm
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.bro >send.out"
 
 # @TEST-EXEC: btest-bg-wait 20
 # @TEST-EXEC: btest-diff send/netcontrol.log
@@ -12,30 +11,39 @@
 
 @load base/frameworks/netcontrol
 
-const broker_port: port &redef;
 redef exit_only_after_terminate = T;
+global have_peer = F;
+global did_init = F;
+
+event bro_init()
+	{
+	suspend_processing();
+	}
 
 event NetControl::init()
 	{
-	suspend_processing();
-	local netcontrol_broker = NetControl::create_broker(NetControl::BrokerConfig($host=127.0.0.1, $bport=broker_port, $topic="bro/event/netcontroltest"), T);
+	local netcontrol_broker = NetControl::create_broker(NetControl::BrokerConfig($host=127.0.0.1, $bport=Broker::default_port, $topic="bro/event/netcontroltest"), T);
 	NetControl::activate(netcontrol_broker, 0);
 	}
 
 event NetControl::init_done()
 	{
-	continue_processing();
+	did_init = T;
+
+	if ( did_init && have_peer )
+		continue_processing();
 	}
 
-event Broker::outgoing_connection_established(peer_address: string,
-                                            peer_port: port,
-                                            peer_name: string)
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
-	print "Broker::outgoing_connection_established", peer_address, peer_port;
+	print "Broker peer added", endpoint$network;
+	have_peer = T;
+
+	if ( did_init && have_peer )
+		continue_processing();
 	}
 
-event Broker::outgoing_connection_broken(peer_address: string,
-                                       peer_port: port)
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	terminate();
 	}
@@ -75,19 +83,22 @@ event NetControl::rule_timeout(r: NetControl::Rule, i: NetControl::FlowInfo, p:
 @load base/frameworks/netcontrol
 @load base/frameworks/broker
 
-const broker_port: port &redef;
 redef exit_only_after_terminate = T;
 
+event die()
+	{
+	terminate();
+	}
+
 event bro_init()
 	{
-	Broker::enable();
-	Broker::subscribe_to_events("bro/event/netcontroltest");
-	Broker::listen(broker_port, "127.0.0.1");
+	Broker::subscribe("bro/event/netcontroltest");
+	Broker::listen("127.0.0.1");
 	}
 
-event Broker::incoming_connection_established(peer_name: string)
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
-	print "Broker::incoming_connection_established";
+	print "Broker peer added";
 	}
 
 event NetControl::broker_add_rule(id: count, r: NetControl::Rule)
@@ -95,22 +106,24 @@ event NetControl::broker_add_rule(id: count, r: NetControl::Rule)
 	print "add_rule", id, r$entity, r$ty;
 
 	if ( r$cid == 3 )
-		Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_added, id, r, ""));
+		Broker::publish("bro/event/netcontroltest", NetControl::broker_rule_added, id, r, "");
 	if ( r$cid == 2 )
-		Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_exists, id, r, ""));
+		Broker::publish("bro/event/netcontroltest", NetControl::broker_rule_exists, id, r, "");
 
 	if ( r$cid == 2 )
-		Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo()));
+		Broker::publish("bro/event/netcontroltest", NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo());
 	}
 
 event NetControl::broker_remove_rule(id: count, r: NetControl::Rule, reason: string)
 	{
 	print "remove_rule", id, r$entity, r$ty, reason;
 
-	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::broker_rule_removed, id, r, ""));
+	Broker::publish("bro/event/netcontroltest", NetControl::broker_rule_removed, id, r, "");
 
 	if ( r$cid == 3 )
-		terminate();
+		{
+		schedule 2sec { die() };
+		}
 	}
 
 @TEST-END-FILE

testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-cluster.bro

@@ -1,132 +0,0 @@
-# @TEST-SERIALIZE: comm
-#
-# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
-# @TEST-EXEC: sleep 1
-# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
-# @TEST-EXEC: btest-bg-run worker-2  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
-# @TEST-EXEC: btest-bg-wait 20
-# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff manager-1/netcontrol.log
-# @TEST-EXEC: btest-diff manager-1/netcontrol_catch_release.log
-# @TEST-EXEC: btest-diff worker-2/.stdout
-
-@TEST-START-FILE cluster-layout.bro
-redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
-	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
-	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth0"],
-};
-@TEST-END-FILE
-
-redef exit_only_after_terminate = T;
-
-redef Log::default_rotation_interval = 0secs;
-
-@load base/frameworks/netcontrol
-redef NetControl::catch_release_warn_blocked_ip_encountered = T;
-
-global ready_for_data_1: event();
-global ready_for_data_2: event();
-redef Cluster::manager2worker_events += /^ready_for_data_(1|2)$/;
-
-@if ( Cluster::local_node_type() == Cluster::MANAGER )
-
-global peer_count = 0;
-event remote_connection_handshake_done(p: event_peer) &priority=-5
-	{
-	++peer_count;
-	print "remote_connection_handshake_done", peer_count;
-	if ( peer_count == 2 )
-		{
-		event ready_for_data_1();
-		schedule 1.5sec { ready_for_data_2() };
-		}
-	}
-
-@endif
-
-@if ( Cluster::local_node_type() == Cluster::WORKER )
-event bro_init()
-	{
-	print "Suspend", Cluster::node;
-	suspend_processing();
-	}
-
-event remote_connection_closed(p: event_peer) {
-	print "remote connection closed";
-	terminate();
-}
-@endif
-
-@if ( Cluster::node == "worker-1" )
-event ready_for_data_1()
-	{
-	print "Resume", Cluster::node;
-	continue_processing();
-	}
-@endif
-
-@if ( Cluster::node == "worker-2" )
-event ready_for_data_2()
-	{
-	print "Resume", Cluster::node;
-	continue_processing();
-	}
-@endif
-
-event NetControl::init()
-	{
-	local netcontrol_debug = NetControl::create_debug(T);
-	NetControl::activate(netcontrol_debug, 0);
-	}
-
-global i: count = 0;
-
-event connection_established(c: connection)
-	{
-	print "Connection established";
-	local id = c$id;
-	local info = NetControl::get_catch_release_info(id$orig_h);
-	print "Info", info;
-	NetControl::drop_address_catch_release(id$orig_h, cat("connection drop ", Cluster::node));
-	if ( info$current_block_id != "" )
-		{
-		NetControl::unblock_address_catch_release(id$orig_h, Cluster::node);
-		}
-	}
-
-@if ( Cluster::node == "worker-1" )
-event connection_established(c: connection)
-	{
-	NetControl::drop_address(8.8.8.8, 0.1secs, cat("direct drop ", Cluster::node));
-	NetControl::drop_address_catch_release(8.8.8.8, cat("direct cr ", Cluster::node));
-	}
-@endif
-
-@if ( Cluster::node == "worker-2" )
-event connection_established(c: connection)
-	{
-	NetControl::catch_release_seen(8.8.8.8);
-	}
-@endif
-
-event NetControl::catch_release_block_new(a: addr, b: NetControl::BlockInfo)
-	{
-	print "New block", a, b;
-	}
-
-event NetControl::catch_release_block_delete(a: addr)
-	{
-	print "Delete block", a;
-	}
-
-event terminate_me() {
-	terminate();
-}
-
-@if ( Cluster::local_node_type() == Cluster::MANAGER )
-event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
-	{
-	print "Scheduling terminate";
-	schedule 3sec { terminate_me() };
-	}
-@endif

testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro

@@ -1,5 +1,5 @@
 # @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
-# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log
 # @TEST-EXEC: btest-diff netcontrol_catch_release.log
 
 @load base/frameworks/netcontrol

testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.bro

@@ -43,10 +43,10 @@ event dump_info()
 event connection_established(c: connection)
 	{
 	local id = c$id;
-	rules[|rules|] = NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 0secs);
-	rules[|rules|] = NetControl::drop_address(id$orig_h, 0secs);
-	rules[|rules|] = NetControl::whitelist_address(id$orig_h, 0secs);
-	rules[|rules|] = NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 0secs);
+	rules += NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 0secs);
+	rules += NetControl::drop_address(id$orig_h, 0secs);
+	rules += NetControl::whitelist_address(id$orig_h, 0secs);
+	rules += NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 0secs);
 
 	schedule 1sec { remove_all() };
 	schedule 2sec { dump_info() };

testing/btest/scripts/base/frameworks/netcontrol/multiple.bro

@@ -27,10 +27,10 @@ event remove_all()
 event connection_established(c: connection)
 	{
 	local id = c$id;
-	rules[|rules|] = NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 0secs);
-	rules[|rules|] = NetControl::drop_address(id$orig_h, 0secs);
-	rules[|rules|] = NetControl::whitelist_address(id$orig_h, 0secs);
-	rules[|rules|] = NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 0secs);
+	rules += NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 0secs);
+	rules += NetControl::drop_address(id$orig_h, 0secs);
+	rules += NetControl::whitelist_address(id$orig_h, 0secs);
+	rules += NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 0secs);
 
 	schedule 1sec { remove_all() };
 	}

testing/btest/scripts/base/frameworks/notice/cluster.bro

@@ -2,16 +2,15 @@
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
-# @TEST-EXEC: sleep 2
 # @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
 # @TEST-EXEC: btest-bg-wait 20
 # @TEST-EXEC: btest-diff manager-1/notice.log
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=27757/tcp, $workers=set("worker-1")],
-	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=27758/tcp, $manager="manager-1", $workers=set("worker-1")],
-	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=27760/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth0"],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=27757/tcp],
+	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=27758/tcp, $manager="manager-1"],
+	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=27760/tcp, $manager="manager-1", $interface="eth0"],
 };
 @TEST-END-FILE
 
@@ -21,44 +20,37 @@ redef enum Notice::Type += {
 	Test_Notice,
 };
 
-event remote_connection_closed(p: event_peer)
+event Cluster::node_down(name: string, id: string)
 	{
 	terminate();
 	}
 
-global ready: event();
-
-redef Cluster::manager2worker_events += /ready/;
-
 event delayed_notice()
 	{
 	if ( Cluster::node == "worker-1" )
 		NOTICE([$note=Test_Notice, $msg="test notice!"]);
 	}
 
-@if ( Cluster::local_node_type() == Cluster::WORKER )
-
 event ready()
 	{
 	schedule 1secs { delayed_notice() };
 	}
 
-@endif
-
 @if ( Cluster::local_node_type() == Cluster::MANAGER )
 
 global peer_count = 0;
 
-event remote_connection_handshake_done(p: event_peer)
+event Cluster::node_up(name: string, id: string)
 	{
 	peer_count = peer_count + 1;
+
 	if ( peer_count == 2 )
-		event ready();
+		Broker::publish(Cluster::worker_topic, ready);
 	}
 
 event Notice::log_notice(rec: Notice::Info)
 	{
-	terminate_communication();
+	terminate();
 	}
 
 @endif

testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro

@@ -2,7 +2,6 @@
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT
-# @TEST-EXEC: sleep 2
 # @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
 # @TEST-EXEC: btest-bg-wait 20
@@ -10,10 +9,10 @@
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=27757/tcp, $workers=set("worker-1", "worker-2")],
-	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=27758/tcp, $manager="manager-1", $workers=set("worker-1", "worker-2")],
-	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=27760/tcp, $manager="manager-1", $proxy="proxy-1"],
-	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=27761/tcp, $manager="manager-1", $proxy="proxy-1"],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=27757/tcp],
+	["proxy-1"] = [$node_type=Cluster::PROXY,     $ip=127.0.0.1, $p=27758/tcp, $manager="manager-1"],
+	["worker-1"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=27760/tcp, $manager="manager-1"],
+	["worker-2"] = [$node_type=Cluster::WORKER,   $ip=127.0.0.1, $p=27761/tcp, $manager="manager-1"],
 };
 @TEST-END-FILE
 
@@ -23,15 +22,11 @@ redef enum Notice::Type += {
 	Test_Notice,
 };
 
-event remote_connection_closed(p: event_peer)
+event Cluster::node_down(name: string, id: string)
 	{
 	terminate();
 	}
 
-global ready: event();
-
-redef Cluster::manager2worker_events += /ready/;
-
 event delayed_notice()
 	{
 	NOTICE([$note=Test_Notice,
@@ -39,8 +34,6 @@ event delayed_notice()
 	        $identifier="this identifier is static"]);
 	}
 
-@if ( Cluster::local_node_type() == Cluster::WORKER )
-
 event ready()
     {
 	if ( Cluster::node == "worker-1" )
@@ -52,20 +45,19 @@ event ready()
 event Notice::suppressed(n: Notice::Info)
 	{
 	if ( Cluster::node == "worker-1" )
-		terminate_communication();
+		terminate();
 	}
 
-@endif
-
 @if ( Cluster::local_node_type() == Cluster::MANAGER )
 
 global peer_count = 0;
 
-event remote_connection_handshake_done(p: event_peer)
+event Cluster::node_up(name: string, id: string)
 	{
 	peer_count = peer_count + 1;
+
 	if ( peer_count == 3 )
-		event ready();
+		Broker::publish(Cluster::worker_topic, ready);
 	}
 
 @endif

testing/btest/scripts/base/frameworks/openflow/broker-basic.bro

@@ -1,7 +1,6 @@
-# @TEST-SERIALIZE: brokercomm
-# @TEST-REQUIRES: grep -q ENABLE_BROKER:BOOL=true $BUILD/CMakeCache.txt
-# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
-# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.bro broker_port=$BROKER_PORT >send.out"
+# @TEST-SERIALIZE: comm
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.bro >send.out"
 
 # @TEST-EXEC: btest-bg-wait 20
 # @TEST-EXEC: btest-diff recv/recv.out
@@ -12,7 +11,6 @@
 @load base/protocols/conn
 @load base/frameworks/openflow
 
-const broker_port: port &redef;
 redef exit_only_after_terminate = T;
 
 global of_controller: OpenFlow::Controller;
@@ -20,14 +18,17 @@ global of_controller: OpenFlow::Controller;
 event bro_init()
 	{
 	suspend_processing();
-	of_controller = OpenFlow::broker_new("broker1", 127.0.0.1, broker_port, "bro/event/openflow", 42);
+	of_controller = OpenFlow::broker_new("broker1", 127.0.0.1, Broker::default_port, "bro/openflow", 42);
 	}
 
-event Broker::outgoing_connection_established(peer_address: string,
-                                            peer_port: port,
-                                            peer_name: string)
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
-	print "Broker::outgoing_connection_established", peer_address, peer_port;
+	print "Broker peer added", endpoint$network;
+	}
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	terminate();
 	}
 
 event OpenFlow::controller_activated(name: string, controller: OpenFlow::Controller)
@@ -37,12 +38,6 @@ event OpenFlow::controller_activated(name: string, controller: OpenFlow::Control
 	OpenFlow::flow_mod(of_controller, [], [$cookie=OpenFlow::generate_cookie(1), $command=OpenFlow::OFPFC_ADD, $actions=[$out_ports=vector(3, 7)]]);
 	}
 
-event Broker::outgoing_connection_broken(peer_address: string,
-                                       peer_port: port)
-	{
-	terminate();
-	}
-
 event connection_established(c: connection)
 	{
 	print "connection established";
@@ -76,21 +71,29 @@ event OpenFlow::flow_mod_failure(name: string, match: OpenFlow::ofp_match, flow_
 
 @load base/frameworks/openflow
 
-const broker_port: port &redef;
 redef exit_only_after_terminate = T;
 
 global msg_count: count = 0;
 
-event bro_init()
+event die()
 	{
-	Broker::enable();
-	Broker::subscribe_to_events("bro/event/openflow");
-	Broker::listen(broker_port, "127.0.0.1");
+	terminate();
 	}
 
-event Broker::incoming_connection_established(peer_name: string)
+event bro_init()
 	{
-	print "Broker::incoming_connection_established";
+	Broker::subscribe("bro/openflow");
+	Broker::listen("127.0.0.1");
+	}
+
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	print "Broker peer added";
+	}
+
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	terminate();
 	}
 
 function got_message()
@@ -98,14 +101,16 @@ function got_message()
 	++msg_count;
 
 	if ( msg_count >= 4 )
-		terminate();
+		{
+		schedule 2sec { die() };
+		}
 	}
 
 event OpenFlow::broker_flow_mod(name: string, dpid: count, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod)
 	{
 	print "got flow_mod", dpid, match, flow_mod;
-	Broker::send_event("bro/event/openflow", Broker::event_args(OpenFlow::flow_mod_success, name, match, flow_mod, ""));
-	Broker::send_event("bro/event/openflow", Broker::event_args(OpenFlow::flow_mod_failure, name, match, flow_mod, ""));
+	Broker::publish("bro/openflow", OpenFlow::flow_mod_success, name, match, flow_mod, "");
+	Broker::publish("bro/openflow", OpenFlow::flow_mod_failure, name, match, flow_mod, "");
 	got_message();
 	}
 
@@ -115,6 +120,5 @@ event OpenFlow::broker_flow_clear(name: string, dpid: count)
 	got_message();
 	}
 
-
 @TEST-END-FILE
 

testing/btest/scripts/base/frameworks/openflow/log-cluster.bro

@@ -1,14 +1,13 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
-# @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT"
 # @TEST-EXEC: btest-bg-wait 20
 # @TEST-EXEC: btest-diff manager-1/openflow.log
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
 };
 @TEST-END-FILE
@@ -21,14 +20,39 @@ redef Log::default_rotation_interval = 0secs;
 
 global of_controller: OpenFlow::Controller;
 
+@if ( Cluster::local_node_type() == Cluster::WORKER )
+event bro_init()
+	{
+	suspend_processing();
+	}
+
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	continue_processing();
+	}
+@endif
+
 event bro_init()
 	{
 	of_controller = OpenFlow::log_new(42);
 	}
 
+event terminate_me()
+	{
+	terminate();
+	}
+
+global done = F;
+
 event connection_established(c: connection)
 	{
+	if ( done )
+		return;
+
+	done = T;
+
 	print "conn established";
+
 	local match = OpenFlow::match_conn(c$id);
 	local match_rev = OpenFlow::match_conn(c$id, T);
 
@@ -42,14 +66,11 @@ event connection_established(c: connection)
 	OpenFlow::flow_mod(of_controller, match, flow_mod);
 	OpenFlow::flow_mod(of_controller, match_rev, flow_mod);
 
-	terminate();
+	schedule 2sec { terminate_me() };
 	}
 
-event terminate_me() {
-	terminate();
-}
-
-event remote_connection_closed(p: event_peer) {
-	schedule 1sec { terminate_me() };
-}
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
+	{
+	schedule 2sec { terminate_me() };
+	}
 

testing/btest/scripts/base/frameworks/software/version-parsing.bro

@@ -40,6 +40,9 @@ global matched_software: table[string] of Software::Description = {
 		[$name="The Bat!", $version=[$major=2,$minor=0,$minor2=9,$addl="Personal"], $unparsed_version=""],
 	["Flash/10,2,153,1"] =
 		[$name="Flash", $version=[$major=10,$minor=2,$minor2=153,$minor3=1], $unparsed_version=""],
+	# The addl on the following entry isn't so great, but it'll do.
+	["Flash%20Player/26.0.0.137 CFNetwork/811.5.4 Darwin/16.6.0 (x86_64)"] =
+		[$name="Flash", $version=[$major=26,$minor=0,$minor2=0,$minor3=137,$addl="CFNetwork/811"], $unparsed_version=""],
 	["mt2/1.2.3.967 Oct 13 2010-13:40:24 ord-pixel-x2 pid 0x35a3 13731"] = 
 		[$name="mt2", $version=[$major=1,$minor=2,$minor2=3,$minor3=967,$addl="Oct"], $unparsed_version=""],
 	["CacheFlyServe v26b"] =
@@ -110,6 +113,14 @@ global matched_software: table[string] of Software::Description = {
 		[$name="AdobeAIR", $version=[$major=1,$minor=0], $unparsed_version=""],
 	["Mozilla/5.0 (Windows; U; en) AppleWebKit/420+ (KHTML, like Gecko) AdobeAIR/1.0"] = 
 		[$name="AdobeAIR", $version=[$major=1,$minor=0], $unparsed_version=""],
+	["\\xe6\\xbc\\xab\\xe7\\x94\\xbb\\xe4\\xba\\xba 2.6.2 rv:1.2 (iPhone; iOS 10.3.2; en_US)"] =
+		[$name="\xe6\xbc\xab\xe7\x94\xbb\xe4\xba\xba", $version=[$major=2,$minor=6,$minor2=2,$addl="rv:1"], $unparsed_version=""],
+	["%E6%9C%89%E9%81%93%E8%AF%8D%E5%85%B8/128 CFNetwork/760.2.6 Darwin/15.3.0 (x86_64)"] =
+		[$name="\xe6\x9c\x89\xe9\x81\x93\xe8\xaf\x8d\xe5\x85\xb8", $version=[$major=128,$addl="CFNetwork/760"], $unparsed_version=""],
+	["QQ%E9%82%AE%E7%AE%B1/5.3.2.8 CFNetwork/811.5.4 Darwin/16.6.0"] =
+		[$name="QQ\xe9\x82\xae\xe7\xae\xb1", $version=[$major=5,$minor=3,$minor2=2,$minor3=8,$addl="CFNetwork/811"], $unparsed_version=""],
+	["Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Mobile Safari/537.36 Edge/15.15063"] =
+		[$name="Edge", $version=[$major=15,$minor=15063], $unparsed_version=""],
 };
 
 event bro_init()

testing/btest/scripts/base/frameworks/sumstats/basic-cluster.bro

@@ -1,7 +1,6 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
-# @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
 # @TEST-EXEC: btest-bg-wait 15
@@ -10,7 +9,7 @@
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
 	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
 };
@@ -37,13 +36,12 @@ event bro_init() &priority=5
 	                  	}]);
 	}
 
-event remote_connection_closed(p: event_peer)
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	terminate();
 	}
 
 global ready_for_data: event();
-redef Cluster::manager2worker_events += /^ready_for_data$/;
 
 event ready_for_data()
 	{
@@ -71,10 +69,17 @@ event ready_for_data()
 
 @if ( Cluster::local_node_type() == Cluster::MANAGER )
 
+event bro_init() &priority=100
+	{
+	Broker::auto_publish(Cluster::worker_topic, ready_for_data);
+	}
+
 global peer_count = 0;
-event remote_connection_handshake_done(p: event_peer) &priority=-5
+
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	++peer_count;
+
 	if ( peer_count == 2 )
 		event ready_for_data();
 	}

testing/btest/scripts/base/frameworks/sumstats/basic.bro

@@ -1,5 +1,5 @@
 # @TEST-EXEC: btest-bg-run standalone bro %INPUT
-# @TEST-EXEC: btest-bg-wait 5
+# @TEST-EXEC: btest-bg-wait 10
 # @TEST-EXEC: btest-diff standalone/.stdout
 
 redef exit_only_after_terminate=T;

testing/btest/scripts/base/frameworks/sumstats/cluster-intermediate-update.bro

@@ -1,7 +1,6 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
-# @TEST-EXEC: sleep 3
 # @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT 
 # @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
 # @TEST-EXEC: btest-bg-wait 20
@@ -9,7 +8,7 @@
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
 	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
 };
@@ -43,7 +42,7 @@ event bro_init() &priority=5
 	                  	}]);
 	}
 
-event remote_connection_closed(p: event_peer)
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	terminate();
 	}
@@ -56,9 +55,9 @@ event do_stats(i: count)
 	SumStats::observe("test.metric", [$host=1.2.3.4], [$num=i]);
 	}
 
-event remote_connection_handshake_done(p: event_peer)
+event Cluster::node_up(name: string, id: string)
 	{
-	if ( p$descr == "manager-1" )
+	if ( name == "manager-1" )
 		{
 		if ( Cluster::node == "worker-1" )
 			{
@@ -69,5 +68,3 @@ event remote_connection_handshake_done(p: event_peer)
 			schedule 0.5sec { do_stats(40) };
 		}
 	}
-
-

testing/btest/scripts/base/frameworks/sumstats/on-demand-cluster.bro

@@ -1,7 +1,6 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
-# @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
 # @TEST-EXEC: btest-bg-wait 15
@@ -11,7 +10,7 @@
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
 	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
 };
@@ -29,13 +28,17 @@ event bro_init() &priority=5
 	                  $reducers=set(r1)]);
 	}
 
-event remote_connection_closed(p: event_peer)
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	terminate();
 	}
 
 global ready_for_data: event();
-redef Cluster::manager2worker_events += /^ready_for_data$/;
+
+event bro_init()
+	{
+	Broker::auto_publish(Cluster::worker_topic, ready_for_data);
+	}
 
 event on_demand()
 	{
@@ -72,8 +75,11 @@ event ready_for_data()
 	}
 
 global peer_count = 0;
-event remote_connection_handshake_done(p: event_peer) &priority=-5
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
+	if ( Cluster::node != "manager-1" )
+		return;
+
 	++peer_count;
 	if ( peer_count == 2 )
 		{

testing/btest/scripts/base/frameworks/sumstats/sample-cluster.bro

@@ -1,7 +1,6 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
-# @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
 # @TEST-EXEC: btest-bg-wait 15
@@ -9,7 +8,7 @@
 
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
 	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
 };
@@ -29,7 +28,7 @@ event bro_init() &priority=5
 	                  	print fmt("Host: %s  Sampled observations: %d", key$host, r$sample_elements);
 	                  	local sample_nums: vector of count = vector();
 	                  	for ( sample in r$samples ) 
-	                  		sample_nums[|sample_nums|] =r$samples[sample]$num;
+	                  		sample_nums += r$samples[sample]$num;
 
 	                  	print fmt("    %s", sort(sample_nums));
 	                  	},
@@ -39,13 +38,18 @@ event bro_init() &priority=5
 	                  	}]);
 	}
 
-event remote_connection_closed(p: event_peer)
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	terminate();
 	}
 
 global ready_for_data: event();
-redef Cluster::manager2worker_events += /^ready_for_data$/;
+
+event bro_init()
+	{
+	Broker::auto_publish(Cluster::worker_topic, ready_for_data);
+
+	}
 
 event ready_for_data()
 	{
@@ -101,7 +105,7 @@ event ready_for_data()
 @if ( Cluster::local_node_type() == Cluster::MANAGER )
 
 global peer_count = 0;
-event remote_connection_handshake_done(p: event_peer) &priority=-5
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	++peer_count;
 	if ( peer_count == 2 )

testing/btest/scripts/base/frameworks/sumstats/topk-cluster.bro

@@ -1,7 +1,6 @@
 # @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
-# @TEST-EXEC: sleep 1
 # @TEST-EXEC: btest-bg-run worker-1  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run worker-2  BROPATH=$BROPATH:.. CLUSTER_NODE=worker-2 bro %INPUT
 # @TEST-EXEC: btest-bg-wait 15
@@ -10,7 +9,7 @@
 #
 @TEST-START-FILE cluster-layout.bro
 redef Cluster::nodes = {
-	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp],
 	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
 	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth1"],
 };
@@ -45,13 +44,17 @@ event bro_init() &priority=5
 
 	}
 
-event remote_connection_closed(p: event_peer)
+event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	terminate();
 	}
 
 global ready_for_data: event();
-redef Cluster::manager2worker_events += /^ready_for_data$/;
+
+event bro_init()
+	{
+	Broker::auto_publish(Cluster::worker_topic, ready_for_data);
+	}
 
 event ready_for_data()
 	{
@@ -96,7 +99,7 @@ event ready_for_data()
 @if ( Cluster::local_node_type() == Cluster::MANAGER )
 
 global peer_count = 0;
-event remote_connection_handshake_done(p: event_peer) &priority=-5
+event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
 	{
 	++peer_count;
 	if ( peer_count == 2 )

testing/btest/scripts/base/misc/version.bro

@@ -36,6 +36,6 @@ print "yup";
 print "yup";
 @endif
 
-@if ( Version::at_least("2.4") )
+@if ( Version::at_least("2.9") )
 print "no";
 @endif

testing/btest/scripts/base/protocols/arp/bad.test

@@ -0,0 +1,17 @@
+# @TEST-EXEC: bro -r $TRACES/arp-leak.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string)
+	{
+	print "REQ", mac_src, mac_dst, SPA, SHA, TPA, THA;
+	}
+
+event arp_reply(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string)
+	{
+	print "REP", mac_src, mac_dst, SPA, SHA, TPA, THA;
+	}
+
+event bad_arp(SPA: addr, SHA: string, TPA: addr, THA: string, explanation: string)
+	{
+	print "BAD", SPA, SHA, TPA, THA, explanation;
+	}

testing/btest/scripts/base/protocols/arp/radiotap.test

@@ -0,0 +1,13 @@
+# @TEST-EXEC: bro -r $TRACES/arp-who-has-radiotap.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string)
+	{
+	print mac_src, mac_dst, SPA, SHA, TPA, THA;
+	}
+
+event arp_reply(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string)
+	{
+	print mac_src, mac_dst, SPA, SHA, TPA, THA;
+	}
+

testing/btest/scripts/base/protocols/arp/wlanmon.test

@@ -0,0 +1,13 @@
+# @TEST-EXEC: bro -r $TRACES/arp-who-has-wlanmon.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event arp_request(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string)
+	{
+	print mac_src, mac_dst, SPA, SHA, TPA, THA;
+	}
+
+event arp_reply(mac_src: string, mac_dst: string, SPA: addr, SHA: string, TPA: addr, THA: string)
+	{
+	print mac_src, mac_dst, SPA, SHA, TPA, THA;
+	}
+

testing/btest/scripts/base/protocols/dhcp/dhcp-ack-msg-types.btest

@@ -0,0 +1,6 @@
+# This tests that DHCP leases are logged in dhcp.log
+# The trace has a message of each DHCP message type,
+# but only one lease should show up in the logs.
+
+# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT
+# @TEST-EXEC: btest-diff dhcp.log

testing/btest/scripts/base/protocols/dhcp/dhcp-discover-msg-types.btest

@@ -0,0 +1,6 @@
+# This tests that DHCP leases are logged in dhcp.log
+# The trace has a message of each DHCP message type,
+# but only one lease should show up in the logs.
+
+# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_discover_param_req_and_client_id.trace %INPUT
+# @TEST-EXEC: btest-diff dhcp.log

testing/btest/scripts/base/protocols/dhcp/dhcp-sub-opts.btest

@@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT protocols/dhcp/sub-opts
+# @TEST-EXEC: btest-diff dhcp.log

testing/btest/scripts/base/protocols/dnp3/events.bro

@@ -27,9 +27,9 @@ event dnp3_object_prefix(c: connection, is_orig: bool, prefix_value: count)
 	print "dnp3_object_prefix", is_orig, prefix_value;
 	}
 
-event dnp3_header_block(c: connection, is_orig: bool, start: count, len: count, ctrl: count, dest_addr: count, src_addr: count)
+event dnp3_header_block(c: connection, is_orig: bool, len: count, ctrl: count, dest_addr: count, src_addr: count)
 	{
-	print "dnp3_header_block", is_orig, start, len, ctrl, dest_addr, src_addr;
+	print "dnp3_header_block", is_orig, len, ctrl, dest_addr, src_addr;
 	}
 
 event dnp3_response_data_object(c: connection, is_orig: bool, data_value: count)

testing/btest/scripts/base/protocols/http/101-switching-protocols.bro

@@ -0,0 +1,13 @@
+# This tests that the HTTP analyzer does not generate a dpd error as a
+# result of seeing an upgraded connection.
+#
+# @TEST-EXEC: bro -r $TRACES/http/websocket.pcap %INPUT
+# @TEST-EXEC: test ! -f dpd.log
+# @TEST-EXEC: test ! -f weird.log
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff .stdout
+
+event http_connection_upgrade(c: connection, protocol: string)
+	{
+	print fmt("Connection upgraded to %s", protocol);
+	}

testing/btest/scripts/base/protocols/http/content-range-less-than-len.bro

@@ -0,0 +1,3 @@
+# @TEST-EXEC: bro -r $TRACES/http/content-range-less-than-len.pcap
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff weird.log

testing/btest/scripts/base/protocols/http/fake-content-length.bro

@@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -r $TRACES/http/fake-content-length.pcap
+# @TEST-EXEC: btest-diff http.log

testing/btest/scripts/base/protocols/http/percent-end-of-line.bro

@@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -Cr $TRACES/http/percent-end-of-line.pcap %INPUT
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff weird.log
+

testing/btest/scripts/base/protocols/http/x-gzip.bro

@@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -r $TRACES/http/x-gzip.pcap
+# @TEST-EXEC: btest-diff http.log

testing/btest/scripts/base/protocols/irc/longline.test

@@ -0,0 +1,6 @@
+# This tests that an excessively long line is truncated by the contentline
+# analyzer
+
+# @TEST-EXEC: bro -C -r $TRACES/contentline-irc-5k-line.pcap %INPUT
+# @TEST-EXEC: btest-diff weird.log
+

testing/btest/scripts/base/protocols/krb/smb2_krb.test

@@ -0,0 +1,21 @@
+# This test verifies that given the proper keytab file, the
+# Kerberos analyzer can open the AD ticket in the Negociate
+# Protocol Request and find the user.
+#
+# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h
+#
+# @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab
+# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb2_krb.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+redef KRB::keytab = "smb2_krb.keytab";
+global monitor_ports: set[port] = { 445/tcp, 139/tcp } &redef;
+
+event bro_init() &priority=5{
+	Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, monitor_ports);
+}
+
+event krb_ap_request(c: connection, ticket: KRB::Ticket, opts:  KRB::AP_Options){
+   print ticket$authenticationinfo;
+}
+

testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test

@@ -0,0 +1,20 @@
+# This test verifies that without a keytab file no entries are
+# created and no errors happen.
+#
+# @TEST-REQUIRES: grep -q "#define USE_KRB5" $BUILD/bro-config.h
+#
+# @TEST-COPY-FILE: ${TRACES}/krb/smb2_krb.keytab
+# @TEST-EXEC: bro -C -r $TRACES/krb/smb2_krb.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+# @TEST-EXEC: btest-diff .stderr
+
+global monitor_ports: set[port] = { 445/tcp, 139/tcp } &redef;
+
+event bro_init() &priority=5{
+	Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, monitor_ports);
+}
+
+event krb_ap_request(c: connection, ticket: KRB::Ticket, opts:  KRB::AP_Options){
+   print ticket?$authenticationinfo;
+}
+

testing/btest/scripts/base/protocols/krb/smb_gssapi.test

@@ -0,0 +1,11 @@
+# This test verifies that GSSAPI is correctly passing events to
+#   the Kerberos analyzer.  The specific trace example is a
+#   SMB authentication event and therfore relies on the SMB
+#   analyzer as well.
+
+# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb_gssapi.trace %INPUT
+# @TEST-EXEC: btest-diff kerberos.log
+# @TEST-EXEC: btest-diff-rst scripts.base.protocols.krb
+
+@load base/protocols/krb
+@load base/protocols/smb

testing/btest/scripts/base/protocols/modbus/length_mismatch.bro

@@ -0,0 +1,15 @@
+# The parser generated by BinPAC needs to handle this pcap without crashing
+# or asserting.  Specifically, pasing Function Code 23,
+# ReadWriteMultipleRegistersRequest, has a field:
+#
+#     uint16[write_quantity] &length=write_byte_count;
+#
+# And the pcap has mismatching values for those quantities.
+# The use of &length on arrays previously caused array elements to
+# be treated as already having a bounds check in the parsing-loop, which
+# is problematic in the case where (write_quantity * 2) > write_byte_count
+# as that can cause reading from a location that exceeds the end of the
+# data buffer.
+
+# @TEST-EXEC: bro -r $TRACES/modbus/4SICS-GeekLounge-151022-min.pcap
+# @TEST-EXEC: btest-diff weird.log