From cb10852f999e6d7f7dccc94c2cf073cfe7c0bb1a Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Tue, 5 Nov 2024 22:19:09 +0100
Subject: [PATCH] dhcp: Remove Broker::auto_publish()

This isn't prettier, but neither worse IMO. A test would be good.
---
 scripts/base/protocols/dhcp/main.zeek         | 13 ++--
 .../manager-1..stdout                         |  2 +
 .../manager-1.dhcp.log                        | 11 +++
 .../worker-1..stdout                          |  4 ++
 .../scripts/base/protocols/dhcp/cluster.zeek  | 71 +++++++++++++++++++
 5 files changed, 93 insertions(+), 8 deletions(-)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/manager-1..stdout
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/manager-1.dhcp.log
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/worker-1..stdout
 create mode 100644 testing/btest/scripts/base/protocols/dhcp/cluster.zeek

diff --git a/scripts/base/protocols/dhcp/main.zeek b/scripts/base/protocols/dhcp/main.zeek
index 1d53cbfd63..7b60bf410d 100644
--- a/scripts/base/protocols/dhcp/main.zeek
+++ b/scripts/base/protocols/dhcp/main.zeek
@@ -134,13 +134,6 @@ event zeek_init() &priority=5
 	Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, ports);
 	}
 
-@if ( Cluster::is_enabled() )
-event zeek_init()
-	{
-	Broker::auto_publish(Cluster::manager_topic, DHCP::aggregate_msgs);
-	}
-@endif
-
 function join_data_expiration(t: table[count] of Info, idx: count): interval
 	{
 	local info = t[idx];
@@ -307,7 +300,11 @@ event DHCP::aggregate_msgs(ts: time, id: conn_id, uid: string, is_orig: bool, ms
 # Aggregate DHCP messages to the manager.
 event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options) &priority=-5
 	{
-	event DHCP::aggregate_msgs(network_time(), c$id, c$uid, is_orig, msg, options);
+	if ( Cluster::is_enabled() && Cluster::local_node_type() != Cluster::MANAGER )
+		Broker::publish(Cluster::manager_topic, DHCP::aggregate_msgs,
+		                network_time(), c$id, c$uid, is_orig, msg, options);
+	else
+		event DHCP::aggregate_msgs(network_time(), c$id, c$uid, is_orig, msg, options);
 	}
 
 event zeek_done() &priority=-5
diff --git a/testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/manager-1..stdout b/testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/manager-1..stdout
new file mode 100644
index 0000000000..ed1bc7d49d
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/manager-1..stdout
@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+DHCP::aggregate_msgs, XXXXXXXXXX.XXXXXX, CHhAvVGS1DHFjwGM9
diff --git a/testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/manager-1.dhcp.log b/testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/manager-1.dhcp.log
new file mode 100644
index 0000000000..6da1b3dc58
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/manager-1.dhcp.log
@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	dhcp
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uids	client_addr	server_addr	mac	host_name	client_fqdn	domain	requested_addr	assigned_addr	lease_time	client_message	server_message	msg_types	duration
+#types	time	set[string]	addr	addr	string	string	string	string	addr	addr	interval	string	string	vector[string]	interval
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.0.10	10.10.0.1	00:0a:28:00:fa:42	-	-	-	-	192.168.0.10	3600.000000	-	-	ACK	0.000000
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/worker-1..stdout b/testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/worker-1..stdout
new file mode 100644
index 0000000000..0520896388
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dhcp.cluster/worker-1..stdout
@@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+node_up, manager-1
+dhcp_message, CHhAvVGS1DHFjwGM9
+file_done
diff --git a/testing/btest/scripts/base/protocols/dhcp/cluster.zeek b/testing/btest/scripts/base/protocols/dhcp/cluster.zeek
new file mode 100644
index 0000000000..57ce58db5a
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dhcp/cluster.zeek
@@ -0,0 +1,71 @@
+# Test in cluster mode, the manager produces the cluster.log
+#
+# @TEST-PORT: BROKER_PORT1
+# @TEST-PORT: BROKER_PORT2
+#
+# @TEST-EXEC: zeek -b --parse-only %INPUT
+# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.zeek . && CLUSTER_NODE=manager-1 zeek -b %INPUT"
+# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.zeek . && CLUSTER_NODE=worker-1 zeek -b --pseudo-realtime -C -r $TRACES/dhcp/dhcp_ack_subscriber_id_and_agent_remote_id.trace %INPUT"
+
+# @TEST-EXEC: btest-bg-wait 10
+# @TEST-EXEC: btest-diff worker-1/.stdout
+# @TEST-EXEC: btest-diff manager-1/.stdout
+# @TEST-EXEC: btest-diff manager-1/dhcp.log
+
+@TEST-START-FILE cluster-layout.zeek
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT1"))],
+	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=to_port(getenv("BROKER_PORT2")), $manager="manager-1"],
+};
+@TEST-END-FILE
+
+@load base/protocols/dhcp
+@load base/frameworks/broker
+@load base/frameworks/cluster
+@load base/frameworks/logging
+
+redef Log::default_rotation_interval = 0secs;
+redef Log::default_rotation_postprocessor_cmd = "echo";
+redef exit_only_after_terminate = T;
+
+redef Broker::disable_ssl = T;
+redef Cluster::manager_is_logger = T;
+
+event terminate_me() {
+	terminate();
+}
+
+@if ( Cluster::local_node_type() == Cluster::WORKER )
+event zeek_init()
+	{
+	suspend_processing();
+	}
+
+event Cluster::node_up(name: string, id: string)
+	{
+	print "node_up", name;
+	continue_processing();
+	}
+
+event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options)
+	{
+	print "dhcp_message", c$uid;
+	}
+
+event Pcap::file_done(path: string)
+	{
+	print "file_done";
+	terminate();
+	}
+@else
+
+event DHCP::aggregate_msgs(ts: time, id: conn_id, uid: string, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options) &priority=5
+	{
+	print "DHCP::aggregate_msgs", ts, uid;
+	}
+
+event Cluster::node_down(name: string, id: string)
+	{
+	terminate();
+	}
+@endif