Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 21:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

GH-379: move catch-and-release and unified2 scripts to policy/

Browse source 
These are no longer loaded by default due to the performance impact they
cause simply by being loaded (they have event handlers for commonly
generated events) and they aren't generally useful enough to justify it.
This commit is contained in:
Jon Siwek 2019-06-05 13:29:57 -07:00
parent 80fe3d5583
commit b5050437fa
52 changed files with 292 additions and 353 deletions
Download patch file Download diff file Expand all files Collapse all files

26
testing/btest/scripts/base/frameworks/netcontrol/catch-and-release-forgotten.zeek
View file

@ -1,26 +0,0 @@
# @TEST-EXEC: zeek -r $TRACES/smtp.trace %INPUT
# @TEST-EXEC: btest-diff netcontrol_catch_release.log
# @TEST-EXEC: btest-diff .stdout
@load base/frameworks/netcontrol
redef NetControl::catch_release_intervals = vector(1sec, 2sec, 2sec);
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T);
NetControl::activate(netcontrol_debug, 0);
}
global pc: count = 0;
event new_packet(c: connection, p: pkt_hdr)
{
if ( ++pc == 1 )
NetControl::drop_address_catch_release(10.0.0.1);
}
event NetControl::catch_release_forgotten(a: addr, bi: NetControl::BlockInfo)
{
print "Forgotten: ", a, bi;
}

61
testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.zeek
View file

@ -1,61 +0,0 @@
# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log
# @TEST-EXEC: btest-diff netcontrol_catch_release.log
@load base/frameworks/netcontrol
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T);
NetControl::activate(netcontrol_debug, 0);
}
global i: count = 0;
event connection_established(c: connection)
{
local id = c$id;
NetControl::drop_address_catch_release(id$orig_h);
# second one should be ignored because duplicate
NetControl::drop_address_catch_release(id$orig_h);
}
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string &default="")
{
if ( ++i == 6 )
return;
# delete directly, without notifying anything.
NetControl::delete_rule(r$id, "testing");
NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
}
@TEST-START-NEXT
@load base/frameworks/netcontrol
event NetControl::init()
{
local netcontrol_debug = NetControl::create_debug(T);
NetControl::activate(netcontrol_debug, 0);
}
global i: count = 0;
event connection_established(c: connection)
{
local id = c$id;
NetControl::drop_address(id$orig_h, 2min);
NetControl::drop_address_catch_release(id$orig_h, "test drop");
}
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string &default="")
{
if ( ++i == 3 )
return;
# delete directly, without notifying anything.
NetControl::delete_rule(r$id);
NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
}