Merge remote-tracking branch 'ynadji/topic/yacin/2319-add-change-handler-to-site'

* ynadji/topic/yacin/2319-add-change-handler-to-site:
  update plugins.hooks baseline
  lower priority for change handlers
  split update_zones_regex into two functions
  GH-2319: Add change handlers to Site

CHANGES

@@ -1,3 +1,9 @@
+5.1.0-dev.349 | 2022-08-08 11:09:04 -0700
+
+  * lower priority for change handlers (Yacin Nadji, Corelight)
+
+  * split update_zones_regex into two functions (Yacin Nadji, Corelight)
+
 5.1.0-dev.344 | 2022-08-08 11:03:24 -0700
 
   * Squelch the zeekygen warnings for command line (AmazingPP)

VERSION

@@ -1 +1 @@
-5.1.0-dev.344
+5.1.0-dev.349

scripts/base/utils/site.zeek

@@ -234,13 +234,38 @@ function get_emails(a: addr): string
 	return fmt_email_string(find_all_emails(a));
 	}
 
-event zeek_init() &priority=10
+function update_local_nets_table(id: string, new_value: set[subnet]): set[subnet]
+	{
+	# Create the local_nets mapping table.
+	for ( cidr in new_value )
+		local_nets_table[cidr] = cidr;
+	return new_value;
+	}
+
+function update_local_zones_regex(id: string, new_value: set[string]): set[string]
 	{
 	# Double backslashes are needed due to string parsing.
-	local_dns_suffix_regex = set_to_regex(local_zones, "(^\\.?|\\.)(~~)$");
+	local_dns_suffix_regex = set_to_regex(new_value, "(^\\.?|\\.)(~~)$");
-	local_dns_neighbor_suffix_regex = set_to_regex(neighbor_zones, "(^\\.?|\\.)(~~)$");
+	return new_value;
-
+	}
-	# Create the local_nets mapping table.
+
-	for ( cidr in Site::local_nets )
+function update_neighbor_zones_regex(id: string, new_value: set[string]): set[string]
-		local_nets_table[cidr] = cidr;
+	{
+	local_dns_neighbor_suffix_regex = set_to_regex(new_value, "(^\\.?|\\.)(~~)$");
+	return new_value;
+	}
+
+event zeek_init() &priority=10
+	{
+	# Have these run with a lower priority so we account for additions/removals
+	# from user created change handlers.
+	Option::set_change_handler("Site::local_nets", update_local_nets_table, -5);
+	Option::set_change_handler("Site::local_zones", update_local_zones_regex, -5);
+	Option::set_change_handler("Site::neighbor_zones", update_neighbor_zones_regex, -5);
+
+	# Use change handler to initialize local_nets mapping table and zones
+	# regexes.
+	update_local_nets_table("Site::local_nets", Site::local_nets);
+	update_local_zones_regex("Site::local_zones", Site::local_zones);
+	update_neighbor_zones_regex("Site::neighbor_zones", Site::neighbor_zones);
 	}

testing/btest/Baseline/plugins.hooks/output

@@ -542,9 +542,12 @@
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Signatures::summary_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::local_admins, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::local_nets, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::local_nets, Site::update_local_nets_table{ <init> Site::cidr{ for ([Site::cidr] in Site::new_value) Site::local_nets_table[Site::cidr] = Site::cidrreturn (Site::new_value)}}, -5)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::local_zones, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::local_zones, Site::update_local_zones_regex{ Site::local_dns_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_nets, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_zones, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_zones, Site::update_neighbor_zones_regex{ Site::local_dns_neighbor_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Site::private_address_space, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Software::asset_tracking, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Option::set_change_handler, <frame>, (Telemetry::sync_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)) -> <no result>
@@ -660,6 +663,9 @@
 0.000000   MetaHookPost  CallFunction(PacketFilter::log_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Pcap::install_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Pcap::precompile_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter, ip or not ip)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Site::update_local_nets_table, <frame>, (Site::local_nets, {})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Site::update_local_zones_regex, <frame>, (Site::local_zones, {})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Site::update_neighbor_zones_regex, <frame>, (Site::neighbor_zones, {})) -> <no result>
 0.000000   MetaHookPost  CallFunction(SumStats::add_observe_plugin_dependency, <frame>, (SumStats::STD_DEV, SumStats::VARIANCE)) -> <no result>
 0.000000   MetaHookPost  CallFunction(SumStats::add_observe_plugin_dependency, <frame>, (SumStats::VARIANCE, SumStats::AVERAGE)) -> <no result>
 0.000000   MetaHookPost  CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::AVERAGE, lambda_<3452231521688988155>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)})) -> <no result>
@@ -2043,9 +2049,12 @@
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Signatures::summary_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::local_admins, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::local_nets, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::local_nets, Site::update_local_nets_table{ <init> Site::cidr{ for ([Site::cidr] in Site::new_value) Site::local_nets_table[Site::cidr] = Site::cidrreturn (Site::new_value)}}, -5))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::local_zones, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::local_zones, Site::update_local_zones_regex{ Site::local_dns_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_nets, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_zones, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
+0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::neighbor_zones, Site::update_neighbor_zones_regex{ Site::local_dns_neighbor_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Site::private_address_space, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Software::asset_tracking, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
 0.000000   MetaHookPre   CallFunction(Option::set_change_handler, <frame>, (Telemetry::sync_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100))
@@ -2161,6 +2170,9 @@
 0.000000   MetaHookPre   CallFunction(PacketFilter::log_policy, <null>, ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>]))
 0.000000   MetaHookPre   CallFunction(Pcap::install_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter))
 0.000000   MetaHookPre   CallFunction(Pcap::precompile_pcap_filter, <frame>, (PacketFilter::DefaultPcapFilter, ip or not ip))
+0.000000   MetaHookPre   CallFunction(Site::update_local_nets_table, <frame>, (Site::local_nets, {}))
+0.000000   MetaHookPre   CallFunction(Site::update_local_zones_regex, <frame>, (Site::local_zones, {}))
+0.000000   MetaHookPre   CallFunction(Site::update_neighbor_zones_regex, <frame>, (Site::neighbor_zones, {}))
 0.000000   MetaHookPre   CallFunction(SumStats::add_observe_plugin_dependency, <frame>, (SumStats::STD_DEV, SumStats::VARIANCE))
 0.000000   MetaHookPre   CallFunction(SumStats::add_observe_plugin_dependency, <frame>, (SumStats::VARIANCE, SumStats::AVERAGE))
 0.000000   MetaHookPre   CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::AVERAGE, lambda_<3452231521688988155>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)}))
@@ -3543,9 +3555,12 @@
 0.000000 | HookCallFunction Option::set_change_handler(Signatures::summary_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Site::local_admins, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Site::local_nets, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Site::local_nets, Site::update_local_nets_table{ <init> Site::cidr{ for ([Site::cidr] in Site::new_value) Site::local_nets_table[Site::cidr] = Site::cidrreturn (Site::new_value)}}, -5)
 0.000000 | HookCallFunction Option::set_change_handler(Site::local_zones, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Site::local_zones, Site::update_local_zones_regex{ Site::local_dns_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5)
 0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_nets, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_zones, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
+0.000000 | HookCallFunction Option::set_change_handler(Site::neighbor_zones, Site::update_neighbor_zones_regex{ Site::local_dns_neighbor_suffix_regex = set_to_regex(Site::new_value, (^\.?|\.)(~~)$)return (Site::new_value)}, -5)
 0.000000 | HookCallFunction Option::set_change_handler(Site::private_address_space, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Software::asset_tracking, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
 0.000000 | HookCallFunction Option::set_change_handler(Telemetry::sync_interval, Config::config_option_changed{ Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerceConfig::log)return (Config::new_value)}, -100)
@@ -3661,6 +3676,9 @@
 0.000000 | HookCallFunction PacketFilter::log_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=<uninitialized>, config={}, policy=<uninitialized>])
 0.000000 | HookCallFunction Pcap::install_pcap_filter(PacketFilter::DefaultPcapFilter)
 0.000000 | HookCallFunction Pcap::precompile_pcap_filter(PacketFilter::DefaultPcapFilter, ip or not ip)
+0.000000 | HookCallFunction Site::update_local_nets_table(Site::local_nets, {})
+0.000000 | HookCallFunction Site::update_local_zones_regex(Site::local_zones, {})
+0.000000 | HookCallFunction Site::update_neighbor_zones_regex(Site::neighbor_zones, {})
 0.000000 | HookCallFunction SumStats::add_observe_plugin_dependency(SumStats::STD_DEV, SumStats::VARIANCE)
 0.000000 | HookCallFunction SumStats::add_observe_plugin_dependency(SumStats::VARIANCE, SumStats::AVERAGE)
 0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::AVERAGE, lambda_<3452231521688988155>{ if (!SumStats::rv?$average) SumStats::rv$average = SumStats::valelseSumStats::rv$average += (SumStats::val - SumStats::rv$average) / (coerce SumStats::rv$num to double)})

testing/btest/Baseline/scripts.base.utils.site/output

@@ -1,3 +1,19 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 site-admin@example.com, other-site-admin@example.com
 site-admin@example.com, net-admin@example.com, other-site-admin@example.com
+T
+T
+T
+T
+T
+T
+T
+T
+T
+T
+T
+T
+T
+T
+T
+T

testing/btest/scripts/base/utils/site.test

@@ -2,6 +2,7 @@
 # @TEST-EXEC: btest-diff output
 
 @load base/utils/site
+@load base/frameworks/config
 
 global a = { "site-admin@example.com", "other-site-admin@example.com" };
 global b = { "net-admin@example.com" };
@@ -10,9 +11,34 @@ redef Site::local_admins += {
     [141.142.0.0/16] = a,
     [141.142.100.0/24] = b,
 };
+redef Site::local_nets = set();
+redef Site::local_zones = set();
+redef Site::neighbor_zones = set();
 
 event zeek_init()
     {
     print Site::get_emails(141.142.1.1);
     print Site::get_emails(141.142.100.100);
+
+    print Site::is_local_name("foo.wutang.com") == F;
+    print Site::is_neighbor_name("baz.shaolin.com") == F;
+    print Site::is_local_addr(141.142.1.1) == F;
+    print Site::is_local_addr(141.142.100.100) == F;
+    print 141.142.0.0 in Site::local_nets_table == F;
+    print 141.142.100.100 in Site::local_nets_table == F;
+
+    Config::set_value("Site::local_nets", set(141.142.0.0/16, 141.142.100.0/24));
+    Config::set_value("Site::local_zones", set("wutang.com"));
+    Config::set_value("Site::neighbor_zones", set("shaolin.com"));
+
+    print Site::is_local_name("foo.wutang.com") == T;
+    print Site::is_neighbor_name("baz.shaolin.com") == T;
+    print Site::is_neighbor_name("foo.wutang.com") == F;
+    print Site::is_local_name("baz.shaolin.com") == F;
+    print Site::is_local_addr(141.142.1.1) == T;
+    print Site::is_local_addr(141.142.100.100) == T;
+    print 141.142.1.1 in Site::local_nets_table == T;
+    print 141.142.100.100 in Site::local_nets_table == T;
+    print Site::local_nets_table[141.142.1.1] == 141.142.0.0/16;
+    print Site::local_nets_table[141.142.100.100] == 141.142.100.0/24;
     }