Merge remote-tracking branch 'origin/topic/seth/fix-packetfilter-log'

* origin/topic/seth/fix-packetfilter-log: Hack to make sure that the starting BPF filter is logged on clusters.
2025-10-06 08:38:20 +00:00 · 2013-10-24 15:36:17 -04:00 · 2013-10-24 15:36:17 -04:00 · ccc7b7669d
commit ccc7b7669d
parent 1cfb3a38e0 af6e44589f
4 changed files with 29 additions and 9 deletions
--- a/scripts/base/frameworks/packet-filter/load.bro
+++ b/scripts/base/frameworks/packet-filter/load.bro
@ -1,3 +1,8 @@
@load ./utils
@load ./main
@load ./netstats
+
+@load base/frameworks/cluster
+@if ( Cluster::is_enabled() )
+@load ./cluster
+@endif
--- a/scripts/base/frameworks/packet-filter/cluster.bro
+++ b/scripts/base/frameworks/packet-filter/cluster.bro
@ -0,0 +1,14 @@
+
+module PacketFilter;
+
+event remote_connection_handshake_done(p: event_peer) &priority=3
+	{
+	if ( Cluster::local_node_type() == Cluster::WORKER && 
+	     p$descr in Cluster::nodes && 
+	     Cluster::nodes[p$descr]$node_type == Cluster::MANAGER )
+		{
+		# This ensures that a packet filter is installed and logged
+		# after the manager connects to us.
+		install();
+		}
+	}
--- a/scripts/base/frameworks/packet-filter/main.bro
+++ b/scripts/base/frameworks/packet-filter/main.bro
@ -294,6 +294,7 @@ function install(): bool
 	# Do an audit log for the packet filter.
 	local info: Info;
 	info$ts = network_time();
+	info$node = peer_description;
 	# If network_time() is 0.0 we're at init time so use the wall clock.
 	if ( info$ts == 0.0 )
 		{
--- a/testing/btest/Baseline/core.print-bpf-filters/output
+++ b/testing/btest/Baseline/core.print-bpf-filters/output
@ -3,28 +3,28 @@
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2013-08-12-18-24-49
+#open	2013-10-24-18-53-49
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1376331889.617206	-	ip or not ip	T	T
-#close	2013-08-12-18-24-49
+1382640829.338079	bro	ip or not ip	T	T
+#close	2013-10-24-18-53-49
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2013-08-12-18-24-49
+#open	2013-10-24-18-53-49
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1376331889.904944	-	port 42	T	T
-#close	2013-08-12-18-24-49
+1382640829.495639	bro	port 42	T	T
+#close	2013-10-24-18-53-49
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2013-08-12-18-24-50
+#open	2013-10-24-18-53-49
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1376331890.192875	-	(vlan) and (ip or not ip)	T	T
-#close	2013-08-12-18-24-50
+1382640829.653368	bro	(vlan) and (ip or not ip)	T	T
+#close	2013-10-24-18-53-49