Modification to the Communication framework API.

- Simplified the communication API and made it easier to change to encrypted connections by not having separate variables to define encrypted and unencrypted ports. - Now, to enable listening without configuring nodes just load the frameworks/communication/listen script. - If encrypted listening is desired set the following: redef Communication::listen_encrypted=T; - Accompanying test updates.
2025-10-02 14:48:21 +00:00 · 2011-10-07 13:29:26 -04:00 · 2011-10-07 13:29:26 -04:00 · da9b8cc283
commit da9b8cc283
parent 250fb3c352
16 changed files with 38 additions and 64 deletions
--- a/scripts/base/frameworks/cluster/load.bro
+++ b/scripts/base/frameworks/cluster/load.bro
@ -21,10 +21,10 @@ redef peer_description = Cluster::node;
 # Don't load the listening script until we're a bit more sure that the
 # cluster framework is actually being enabled.
-@load frameworks/communication/listen-clear
+@load frameworks/communication/listen
 ## Set the port that this node is supposed to listen on.
-redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p;
+redef Communication::listen_port = Cluster::nodes[Cluster::node]$p;
@if ( Cluster::local_node_type() == Cluster::MANAGER )
@load ./nodes/manager
--- a/scripts/base/frameworks/communication/main.bro
+++ b/scripts/base/frameworks/communication/main.bro
@ -8,12 +8,18 @@ module Communication;
 export {
 	redef enum Log::ID += { LOG };
-	const default_port_ssl = 47756/tcp &redef;
+	## Which interface to listen on (0.0.0.0 for any interface).
-	const default_port_clear = 47757/tcp &redef;
+	const listen_interface = 0.0.0.0 &redef;
 	## Which port to listen on.
 	const listen_port = 47757/tcp &redef;
 	## This defines if a listening socket should use encryption.
 	const listen_encrypted = F &redef;
 	## Default compression level.  Compression level is 0-9, with 0 = no 
 	## compression.
-	global default_compression = 0 &redef;
+	global compression_level = 0 &redef;
 	type Info: record {
 		ts:                  time   &log;
@ -77,11 +83,8 @@ export {
 		## Whether to use SSL-based communication.
 		ssl: bool &default = F;
 		## Take-over state from this host (activated by loading hand-over.bro)
 		hand_over: bool &default = F;
 		## Compression level is 0-9, with 0 = no compression.
-		compression: count &default = default_compression;
+		compression: count &default = compression_level;
 		## The remote peer.
 		peer: event_peer &optional;
@ -135,7 +138,7 @@ function do_script_log(p: event_peer, msg: string)
 function connect_peer(peer: string)
 	{
 	local node = nodes[peer];
-	local p = node$ssl ? default_port_ssl : default_port_clear;
+	local p = listen_port;
 	if ( node?$p )
 		p = node$p;
@ -238,7 +241,7 @@ event remote_connection_established(p: event_peer)
 			}
 		if ( ! found )
-			set_compression_level(p, default_compression);
+			set_compression_level(p, compression_level);
 		}
 	complete_handshake(p);
--- a/scripts/policy/frameworks/communication/listen-clear.bro
+++ b/scripts/policy/frameworks/communication/listen-clear.bro
@ -1,20 +0,0 @@
 ##! Listen for other Bro instances to make unencrypted connections.
@load base/frameworks/communication
 module Communication;
 export {
 	## Which port to listen on for clear connections.
 	const listen_port_clear = Communication::default_port_clear &redef;
 	## Which IP address to bind to (0.0.0.0 for any interface).
 	const listen_if_clear = 0.0.0.0 &redef;
 }
 event bro_init() &priority=-10
 	{
 	enable_communication();
 	listen(listen_if_clear, listen_port_clear, F);
 	}
--- a/scripts/policy/frameworks/communication/listen-ssl.bro
+++ b/scripts/policy/frameworks/communication/listen-ssl.bro
@ -1,21 +0,0 @@
 ##! Listen for other Bro instances and encrypt the connection with SSL.
@load base/frameworks/communication
 module Communication;
 export {
 	## Which port to listen on for SSL encrypted connections.
 	const listen_port_ssl = Communication::default_port_ssl &redef;
 	## Which IP address to bind to for SSL encrypted connections
 	## (0.0.0.0 for any interface).
 	const listen_if_ssl = 0.0.0.0 &redef;
 }
 event bro_init() &priority=-10
 	{
 	enable_communication();
 	listen(listen_if_ssl, listen_port_ssl, T);
 	}
--- a/scripts/policy/frameworks/communication/listen.bro
+++ b/scripts/policy/frameworks/communication/listen.bro
@ -0,0 +1,12 @@
 ##! Loading this script will make the Bro instance listen for remote 
 ##! Bro instances to connect.
@load base/frameworks/communication
 module Communication;
 event bro_init() &priority=-10
 	{
 	enable_communication();
 	listen(listen_interface, listen_port, listen_encrypted);
 	}
--- a/scripts/policy/frameworks/control/controllee.bro
+++ b/scripts/policy/frameworks/control/controllee.bro
@ -1,7 +1,7 @@
@load base/frameworks/control
 # If an instance is a controllee, it implicitly needs to listen for remote
 # connections.
-@load frameworks/communication/listen-clear
+@load frameworks/communication/listen
 module Control;
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@ -9,8 +9,7 @@
 # The base/ scripts are all loaded by default and not included here.
-# @load frameworks/communication/listen-clear.bro
+# @load frameworks/communication/listen.bro
 # @load frameworks/communication/listen-ssl.bro
 # @load frameworks/control/controllee.bro
 # @load frameworks/control/controller.bro
@load frameworks/dpd/detect-protocols.bro
--- a/testing/btest/coverage/bare-mode-errors.test
+++ b/testing/btest/coverage/bare-mode-errors.test
@ -6,6 +6,6 @@
 # when writing a new bro scripts.
 #
 # @TEST-EXEC: test -d $DIST/scripts
-# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'listen-clear|listen-ssl|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0
+# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'communication/listen|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0
 # @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors
 # @TEST-EXEC: btest-diff unique_errors
--- a/testing/btest/istate/events-ssl.bro
+++ b/testing/btest/istate/events-ssl.bro
@ -16,7 +16,8 @@
@TEST-START-FILE sender.bro
-@load frameworks/communication/listen-ssl
+@load frameworks/communication/listen
 redef Communication::listen_encrypted=T;
 event bro_init()
    {
--- a/testing/btest/istate/events.bro
+++ b/testing/btest/istate/events.bro
@ -16,7 +16,7 @@
@TEST-START-FILE sender.bro
-@load frameworks/communication/listen-clear
+@load frameworks/communication/listen
 event bro_init()
    {
--- a/testing/btest/istate/sync.bro
+++ b/testing/btest/istate/sync.bro
@ -129,7 +129,7 @@ function modify()
 	foo2 = 1234567;
 }
-@load frameworks/communication/listen-clear
+@load frameworks/communication/listen
 event remote_connection_handshake_done(p: event_peer)
 	{
--- a/testing/btest/scripts/base/frameworks/control/configuration_update.bro
+++ b/testing/btest/scripts/base/frameworks/control/configuration_update.bro
@ -1,4 +1,4 @@
-# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port_clear=65531/tcp 
+# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65531/tcp 
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=configuration_update
 # @TEST-EXEC: btest-bg-run controller2 BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=shutdown
 # @TEST-EXEC: btest-bg-wait 1
--- a/testing/btest/scripts/base/frameworks/control/id_value.bro
+++ b/testing/btest/scripts/base/frameworks/control/id_value.bro
@ -1,4 +1,4 @@
-# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port_clear=65532/tcp 
+# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port=65532/tcp 
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65532/tcp Control::cmd=id_value Control::arg=test_var
 # @TEST-EXEC: btest-bg-wait -k 1
 # @TEST-EXEC: btest-diff controller/.stdout
--- a/testing/btest/scripts/base/frameworks/control/shutdown.bro
+++ b/testing/btest/scripts/base/frameworks/control/shutdown.bro
@ -1,4 +1,4 @@
-# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port_clear=65530/tcp 
+# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65530/tcp 
 # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65530/tcp Control::cmd=shutdown
 # @TEST-EXEC: btest-bg-wait 1
--- a/testing/btest/scripts/base/frameworks/logging/remote-types.bro
+++ b/testing/btest/scripts/base/frameworks/logging/remote-types.bro
@ -48,7 +48,7 @@ event bro_init()
 module Test;
-@load frameworks/communication/listen-clear
+@load frameworks/communication/listen
 event remote_connection_handshake_done(p: event_peer)
 	{
--- a/testing/btest/scripts/base/frameworks/logging/remote.bro
+++ b/testing/btest/scripts/base/frameworks/logging/remote.bro
@ -40,7 +40,7 @@ event bro_init()
 module Test;
-@load frameworks/communication/listen-clear
+@load frameworks/communication/listen
 function fail(rec: Log): bool
 	{