diff --git a/scripts/base/frameworks/cluster/__load__.bro b/scripts/base/frameworks/cluster/__load__.bro index 5aa39f94b2..3334164866 100644 --- a/scripts/base/frameworks/cluster/__load__.bro +++ b/scripts/base/frameworks/cluster/__load__.bro @@ -21,10 +21,10 @@ redef peer_description = Cluster::node; # Don't load the listening script until we're a bit more sure that the # cluster framework is actually being enabled. -@load frameworks/communication/listen-clear +@load frameworks/communication/listen ## Set the port that this node is supposed to listen on. -redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p; +redef Communication::listen_port = Cluster::nodes[Cluster::node]$p; @if ( Cluster::local_node_type() == Cluster::MANAGER ) @load ./nodes/manager diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro index 2e7c9487ca..44d6ace1db 100644 --- a/scripts/base/frameworks/communication/main.bro +++ b/scripts/base/frameworks/communication/main.bro @@ -8,12 +8,18 @@ module Communication; export { redef enum Log::ID += { LOG }; - const default_port_ssl = 47756/tcp &redef; - const default_port_clear = 47757/tcp &redef; + ## Which interface to listen on (0.0.0.0 for any interface). + const listen_interface = 0.0.0.0 &redef; + + ## Which port to listen on. + const listen_port = 47757/tcp &redef; + + ## This defines if a listening socket should use encryption. + const listen_encrypted = F &redef; ## Default compression level. Compression level is 0-9, with 0 = no ## compression. - global default_compression = 0 &redef; + global compression_level = 0 &redef; type Info: record { ts: time &log; @@ -77,11 +83,8 @@ export { ## Whether to use SSL-based communication. ssl: bool &default = F; - ## Take-over state from this host (activated by loading hand-over.bro) - hand_over: bool &default = F; - ## Compression level is 0-9, with 0 = no compression. - compression: count &default = default_compression; + compression: count &default = compression_level; ## The remote peer. peer: event_peer &optional; @@ -135,7 +138,7 @@ function do_script_log(p: event_peer, msg: string) function connect_peer(peer: string) { local node = nodes[peer]; - local p = node$ssl ? default_port_ssl : default_port_clear; + local p = listen_port; if ( node?$p ) p = node$p; @@ -238,7 +241,7 @@ event remote_connection_established(p: event_peer) } if ( ! found ) - set_compression_level(p, default_compression); + set_compression_level(p, compression_level); } complete_handshake(p); diff --git a/scripts/policy/frameworks/communication/listen-clear.bro b/scripts/policy/frameworks/communication/listen-clear.bro deleted file mode 100644 index ea94fe262a..0000000000 --- a/scripts/policy/frameworks/communication/listen-clear.bro +++ /dev/null @@ -1,20 +0,0 @@ -##! Listen for other Bro instances to make unencrypted connections. - -@load base/frameworks/communication - -module Communication; - -export { - ## Which port to listen on for clear connections. - const listen_port_clear = Communication::default_port_clear &redef; - - ## Which IP address to bind to (0.0.0.0 for any interface). - const listen_if_clear = 0.0.0.0 &redef; - -} - -event bro_init() &priority=-10 - { - enable_communication(); - listen(listen_if_clear, listen_port_clear, F); - } diff --git a/scripts/policy/frameworks/communication/listen-ssl.bro b/scripts/policy/frameworks/communication/listen-ssl.bro deleted file mode 100644 index b228289be2..0000000000 --- a/scripts/policy/frameworks/communication/listen-ssl.bro +++ /dev/null @@ -1,21 +0,0 @@ -##! Listen for other Bro instances and encrypt the connection with SSL. - -@load base/frameworks/communication - -module Communication; - -export { - ## Which port to listen on for SSL encrypted connections. - const listen_port_ssl = Communication::default_port_ssl &redef; - - ## Which IP address to bind to for SSL encrypted connections - ## (0.0.0.0 for any interface). - const listen_if_ssl = 0.0.0.0 &redef; - -} - -event bro_init() &priority=-10 - { - enable_communication(); - listen(listen_if_ssl, listen_port_ssl, T); - } diff --git a/scripts/policy/frameworks/communication/listen.bro b/scripts/policy/frameworks/communication/listen.bro new file mode 100644 index 0000000000..b42271bced --- /dev/null +++ b/scripts/policy/frameworks/communication/listen.bro @@ -0,0 +1,12 @@ +##! Loading this script will make the Bro instance listen for remote +##! Bro instances to connect. + +@load base/frameworks/communication + +module Communication; + +event bro_init() &priority=-10 + { + enable_communication(); + listen(listen_interface, listen_port, listen_encrypted); + } diff --git a/scripts/policy/frameworks/control/controllee.bro b/scripts/policy/frameworks/control/controllee.bro index e055b8c8e4..798ab8814a 100644 --- a/scripts/policy/frameworks/control/controllee.bro +++ b/scripts/policy/frameworks/control/controllee.bro @@ -1,7 +1,7 @@ @load base/frameworks/control # If an instance is a controllee, it implicitly needs to listen for remote # connections. -@load frameworks/communication/listen-clear +@load frameworks/communication/listen module Control; diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro index 37b1679a6f..75f7b1e38c 100644 --- a/scripts/test-all-policy.bro +++ b/scripts/test-all-policy.bro @@ -9,8 +9,7 @@ # The base/ scripts are all loaded by default and not included here. -# @load frameworks/communication/listen-clear.bro -# @load frameworks/communication/listen-ssl.bro +# @load frameworks/communication/listen.bro # @load frameworks/control/controllee.bro # @load frameworks/control/controller.bro @load frameworks/dpd/detect-protocols.bro diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test index 3e23a738e2..9fd18308ce 100644 --- a/testing/btest/coverage/bare-mode-errors.test +++ b/testing/btest/coverage/bare-mode-errors.test @@ -6,6 +6,6 @@ # when writing a new bro scripts. # # @TEST-EXEC: test -d $DIST/scripts -# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'listen-clear|listen-ssl|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0 +# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'communication/listen|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0 # @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors # @TEST-EXEC: btest-diff unique_errors diff --git a/testing/btest/istate/events-ssl.bro b/testing/btest/istate/events-ssl.bro index cfacae9da8..9110648be9 100644 --- a/testing/btest/istate/events-ssl.bro +++ b/testing/btest/istate/events-ssl.bro @@ -16,7 +16,8 @@ @TEST-START-FILE sender.bro -@load frameworks/communication/listen-ssl +@load frameworks/communication/listen +redef Communication::listen_encrypted=T; event bro_init() { diff --git a/testing/btest/istate/events.bro b/testing/btest/istate/events.bro index ecf2f2e2ad..a0dc494ced 100644 --- a/testing/btest/istate/events.bro +++ b/testing/btest/istate/events.bro @@ -16,7 +16,7 @@ @TEST-START-FILE sender.bro -@load frameworks/communication/listen-clear +@load frameworks/communication/listen event bro_init() { diff --git a/testing/btest/istate/sync.bro b/testing/btest/istate/sync.bro index 567bbf2af1..1ccdc5538c 100644 --- a/testing/btest/istate/sync.bro +++ b/testing/btest/istate/sync.bro @@ -129,7 +129,7 @@ function modify() foo2 = 1234567; } -@load frameworks/communication/listen-clear +@load frameworks/communication/listen event remote_connection_handshake_done(p: event_peer) { diff --git a/testing/btest/scripts/base/frameworks/control/configuration_update.bro b/testing/btest/scripts/base/frameworks/control/configuration_update.bro index 23b4998a1b..eb86ec58e8 100644 --- a/testing/btest/scripts/base/frameworks/control/configuration_update.bro +++ b/testing/btest/scripts/base/frameworks/control/configuration_update.bro @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port_clear=65531/tcp +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65531/tcp # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=configuration_update # @TEST-EXEC: btest-bg-run controller2 BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=shutdown # @TEST-EXEC: btest-bg-wait 1 diff --git a/testing/btest/scripts/base/frameworks/control/id_value.bro b/testing/btest/scripts/base/frameworks/control/id_value.bro index 9f0cb76861..90a5367f76 100644 --- a/testing/btest/scripts/base/frameworks/control/id_value.bro +++ b/testing/btest/scripts/base/frameworks/control/id_value.bro @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port_clear=65532/tcp +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port=65532/tcp # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65532/tcp Control::cmd=id_value Control::arg=test_var # @TEST-EXEC: btest-bg-wait -k 1 # @TEST-EXEC: btest-diff controller/.stdout diff --git a/testing/btest/scripts/base/frameworks/control/shutdown.bro b/testing/btest/scripts/base/frameworks/control/shutdown.bro index 55af973faa..73319a7c4a 100644 --- a/testing/btest/scripts/base/frameworks/control/shutdown.bro +++ b/testing/btest/scripts/base/frameworks/control/shutdown.bro @@ -1,4 +1,4 @@ -# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port_clear=65530/tcp +# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65530/tcp # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65530/tcp Control::cmd=shutdown # @TEST-EXEC: btest-bg-wait 1 diff --git a/testing/btest/scripts/base/frameworks/logging/remote-types.bro b/testing/btest/scripts/base/frameworks/logging/remote-types.bro index 60c00e5bce..9af45cf991 100644 --- a/testing/btest/scripts/base/frameworks/logging/remote-types.bro +++ b/testing/btest/scripts/base/frameworks/logging/remote-types.bro @@ -48,7 +48,7 @@ event bro_init() module Test; -@load frameworks/communication/listen-clear +@load frameworks/communication/listen event remote_connection_handshake_done(p: event_peer) { diff --git a/testing/btest/scripts/base/frameworks/logging/remote.bro b/testing/btest/scripts/base/frameworks/logging/remote.bro index 0b31153ec4..b244c72cdf 100644 --- a/testing/btest/scripts/base/frameworks/logging/remote.bro +++ b/testing/btest/scripts/base/frameworks/logging/remote.bro @@ -40,7 +40,7 @@ event bro_init() module Test; -@load frameworks/communication/listen-clear +@load frameworks/communication/listen function fail(rec: Log): bool {