diff --git a/CHANGES b/CHANGES index 8e3547000a..e1dbc6bfcf 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.5-668 | 2018-06-15 17:14:33 -0500 + + * Make old comm. system usages an error unless old_comm_usage_is_ok is set + (Corelight) + 2.5-667 | 2018-06-15 15:30:11 -0500 * Add --disable-broker-tests configure option (Corelight) diff --git a/VERSION b/VERSION index fe9e42523c..483a2c482b 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.5-667 +2.5-668 diff --git a/doc/frameworks/broker.rst b/doc/frameworks/broker.rst index 807ce9a07a..6943a0a698 100644 --- a/doc/frameworks/broker.rst +++ b/doc/frameworks/broker.rst @@ -50,6 +50,13 @@ General Porting Tips - The ``&synchronized`` and ``&persistent`` attributes are deprecated, consider using `Data Stores`_ instead. +- Usages of the old communications system features are all deprecated, + however, they also do not work in the default Bro configuration unless + you manually take action to set up the old communication system. + To aid in porting, such usages will default to raising a fatal error + unless you explicitly acknowledge that such usages of the old system + are ok. Set the :bro:see:`old_comm_usage_is_ok`` flag in this case. + - Instead of using e.g. ``Cluster::manager2worker_events`` (and all permutations for every node type), what you'd now use is either :bro:see:`Broker::publish` or :bro:see:`Broker::auto_publish` with diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index cd9302ce25..c502607cbd 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -4834,3 +4834,10 @@ const global_hash_seed: string = "" &redef; ## files. The larger the value, the more confidence in UID uniqueness. ## The maximum is currently 128 bits. const bits_per_uid: count = 96 &redef; + +## Whether usage of the old communication system is considered an error or +## not. The default Bro configuration no longer works with the non-Broker +## communication system unless you have manually taken action to initialize +## and set up the old comm. system. Deprecation warnings are still emitted +## when setting this flag, but they will not result in a fatal error. +const old_comm_usage_is_ok: bool = F &redef; diff --git a/src/Net.h b/src/Net.h index caea61c436..bdc84ec74f 100644 --- a/src/Net.h +++ b/src/Net.h @@ -83,6 +83,8 @@ extern iosource::PktDumper* pkt_dumper; // where to save packets extern char* writefile; +extern int old_comm_usage_count; + // Script file we have already scanned (or are in the process of scanning). // They are identified by inode number. struct ScannedFile { diff --git a/src/main.cc b/src/main.cc index 2a61c753b8..2e9a89ddd1 100644 --- a/src/main.cc +++ b/src/main.cc @@ -44,6 +44,7 @@ extern "C" { #include "EventRegistry.h" #include "Stats.h" #include "Brofiler.h" +#include "Traverse.h" #include "threading/Manager.h" #include "input/Manager.h" @@ -114,6 +115,7 @@ char* command_line_policy = 0; vector params; set requested_plugins; char* proc_status_file = 0; +int old_comm_usage_count = 0; OpaqueType* md5_type = 0; OpaqueType* sha1_type = 0; @@ -424,6 +426,70 @@ static void bro_new_handler() out_of_memory("new"); } +static auto old_comm_ids = std::set{ + "connect", + "disconnect", + "request_remote_events", + "request_remote_sync", + "request_remote_logs", + "set_accept_state", + "set_compression_level", + "listen", + "send_id", + "terminate_communication", + "complete_handshake", + "send_ping", + "send_current_packet", + "get_event_peer", + "send_capture_filter", + "suspend_state_updates", + "resume_state_updates", +}; + +static bool is_old_comm_usage(const ID* id) + { + auto name = id->Name(); + + if ( old_comm_ids.find(name) == old_comm_ids.end() ) + return false; + + return true; + } + +class OldCommUsageTraversalCallback : public TraversalCallback { +public: + virtual TraversalCode PreExpr(const Expr* expr) override + { + switch ( expr->Tag() ) { + case EXPR_CALL: + { + const CallExpr* call = static_cast(expr); + auto func = call->Func(); + + if ( func->Tag() == EXPR_NAME ) + { + const NameExpr* ne = static_cast(func); + auto id = ne->Id(); + + if ( is_old_comm_usage(id) ) + ++old_comm_usage_count; + } + } + break; + default: + break; + } + + return TC_CONTINUE; + } +}; + +static void find_old_comm_usages() + { + OldCommUsageTraversalCallback cb; + traverse_all(&cb); + } + int main(int argc, char** argv) { std::set_new_handler(bro_new_handler); @@ -854,6 +920,22 @@ int main(int argc, char** argv) yyparse(); is_parsing = false; + find_old_comm_usages(); + + if ( old_comm_usage_count ) + { + auto old_comm_ack_id = global_scope()->Lookup("old_comm_usage_is_ok"); + + if ( ! old_comm_ack_id->ID_Val()->AsBool() ) + reporter->FatalError("Detected old, deprecated communication " + "system usages that will not work unless " + "you explicitly take action to initizialize " + "and set up the old comm. system. " + "Set the 'old_comm_usage_is_ok' flag " + "to bypass this error if you've taken such " + "actions."); + } + RecordVal::ResizeParseTimeRecords(); init_general_global_var(); diff --git a/src/scan.l b/src/scan.l index 27490c13ad..ed307a79da 100644 --- a/src/scan.l +++ b/src/scan.l @@ -310,6 +310,7 @@ when return TOK_WHEN; } &synchronized { + ++old_comm_usage_count; deprecated_attr(yytext); return TOK_ATTR_SYNCHRONIZED; } diff --git a/testing/btest/Baseline/core.old_comm_usage/out b/testing/btest/Baseline/core.old_comm_usage/out new file mode 100644 index 0000000000..28585d78ba --- /dev/null +++ b/testing/btest/Baseline/core.old_comm_usage/out @@ -0,0 +1,2 @@ +warning in /Users/jon/projects/bro/bro/testing/btest/.tmp/core.old_comm_usage/old_comm_usage.bro, line 6: deprecated (terminate_communication) +fatal error: Detected old, deprecated communication system usages that will not work unless you explicitly take action to initizialize and set up the old comm. system. Set the 'old_comm_usage_is_ok' flag to bypass this error if you've taken such actions. diff --git a/testing/btest/core/old_comm_usage.bro b/testing/btest/core/old_comm_usage.bro new file mode 100644 index 0000000000..0e9ae2f1f6 --- /dev/null +++ b/testing/btest/core/old_comm_usage.bro @@ -0,0 +1,7 @@ +# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out + +event bro_init() + { + terminate_communication(); + }