Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Remove RemoteSerializer and related code/types.

Browse source 
Also removes broccoli from the source tree.
This commit is contained in:
Johanna Amann 2019-05-03 13:07:21 -07:00
parent ca1b1dd6bb
commit dcd6454530
55 changed files with 79 additions and 5834 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitmodules vendored
View file

@ -4,9 +4,6 @@
[submodule "aux/binpac"]
path = aux/binpac
url = https://github.com/zeek/binpac
[submodule "aux/broccoli"]
path = aux/broccoli
url = https://github.com/zeek/broccoli
[submodule "aux/broctl"]
path = aux/broctl
url = https://github.com/zeek/broctl

2
CMakeLists.txt
View file

@ -326,7 +326,6 @@ include(CheckOptionalBuildSources)
CheckOptionalBuildSources(aux/broctl Broctl INSTALL_BROCTL)
CheckOptionalBuildSources(aux/bro-aux Bro-Aux INSTALL_AUX_TOOLS)
CheckOptionalBuildSources(aux/broccoli Broccoli INSTALL_BROCCOLI)
########################################################################
## Packaging Setup
@ -366,7 +365,6 @@ message(
"\nCXXFLAGS: ${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_${BuildType}}"
"\nCPP: ${CMAKE_CXX_COMPILER}"
"\n"
"\nBroccoli: ${INSTALL_BROCCOLI}"
"\nBroctl: ${INSTALL_BROCTL}"
"\nAux. Tools: ${INSTALL_AUX_TOOLS}"
"\n"

6
NEWS
View file

@ -241,6 +241,12 @@ Removed Functionality
- ``dhcp_offer``
- ``dhcp_release``
- ``dhcp_request``
- ``remote_state_access_performed``
- ``remote_state_inconsistency``
- ``remote_log_peer``
- ``remote_log``
- ``finished_send_state``
- ``remote_pong``
Deprecated Functionality
------------------------

1
aux/broccoli

@ -1 +0,0 @@
Subproject commit 8668422406cb74f4f0c574a0c9b6365a21f3e81a

6
configure vendored
View file

@ -51,7 +51,6 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
(automatically on when perftools is present on Linux)
--enable-perftools-debug use Google's perftools for debugging
--enable-jemalloc link against jemalloc
--enable-broccoli build or install the Broccoli library (deprecated)
--enable-static-broker build broker statically (ignored if --with-broker is specified)
--enable-static-binpac build binpac statically (ignored if --with-binpac is specified)
--disable-broctl don't install Broctl
@ -140,7 +139,6 @@ append_cache_entry ENABLE_PERFTOOLS BOOL false
append_cache_entry ENABLE_PERFTOOLS_DEBUG BOOL false
append_cache_entry ENABLE_JEMALLOC BOOL false
append_cache_entry BUILD_SHARED_LIBS BOOL true
append_cache_entry INSTALL_BROCCOLI BOOL false
append_cache_entry INSTALL_AUX_TOOLS BOOL true
append_cache_entry INSTALL_BROCTL BOOL true
append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING
@ -221,10 +219,6 @@ while [ $# -ne 0 ]; do
--enable-jemalloc)
append_cache_entry ENABLE_JEMALLOC BOOL true
;;
--enable-broccoli)
append_cache_entry DISABLE_RUBY_BINDINGS BOOL true
append_cache_entry INSTALL_BROCCOLI BOOL yes
;;
--enable-static-broker)
append_cache_entry BUILD_STATIC_BROKER BOOL true
;;

3
scripts/base/frameworks/cluster/nodes/logger.zeek
View file

@ -24,6 +24,3 @@ redef Log::default_mail_alarms_interval = 24 hrs;
## Use the cluster's archive logging script.
redef Log::default_rotation_postprocessor_cmd = "archive-log";
## We're processing essentially *only* remote events.
redef max_remote_events_processed = 10000;

3
scripts/base/frameworks/cluster/nodes/manager.zeek
View file

@ -21,6 +21,3 @@ redef Log::default_rotation_interval = 24 hrs;
## Use the cluster's delete-log script.
redef Log::default_rotation_postprocessor_cmd = "delete-log";
## We're processing essentially *only* remote events.
redef max_remote_events_processed = 10000;

4
scripts/base/frameworks/cluster/nodes/proxy.zeek
View file

@ -5,10 +5,6 @@
@prefixes += cluster-proxy
## The proxy only syncs state; does not forward events.
redef forward_remote_events = F;
redef forward_remote_state_changes = T;
## Don't do any local logging.
redef Log::enable_local_logging = F;

6
scripts/base/frameworks/packet-filter/cluster.zeek
View file

@ -4,11 +4,11 @@
module PacketFilter;
event remote_connection_handshake_done(p: event_peer) &priority=3
event Cluster::hello(name: string, id: string) &priority=-3
{
if ( Cluster::local_node_type() == Cluster::WORKER &&
p$descr in Cluster::nodes &&
Cluster::nodes[p$descr]$node_type == Cluster::MANAGER )
name in Cluster::nodes &&
Cluster::nodes[name]$node_type == Cluster::MANAGER )
{
# This ensures that a packet filter is installed and logged
# after the manager connects to us.

87
scripts/base/init-bare.zeek
View file

@ -775,32 +775,6 @@ type IPAddrAnonymizationClass: enum {
OTHER_ADDR,
};
## A locally unique ID identifying a communication peer. The ID is returned by
## :zeek:id:`connect`.
##
## .. zeek:see:: connect
type peer_id: count;
## A communication peer.
##
## .. zeek:see:: finished_send_state remote_capture_filter
## remote_connection_closed remote_connection_error
## remote_connection_established remote_connection_handshake_done
## remote_event_registered remote_log_peer remote_pong
## send_state
##
## .. todo::The type's name is too narrow these days, should rename.
type event_peer: record {
id: peer_id; ##< Locally unique ID of peer (returned by :zeek:id:`connect`).
host: addr; ##< The IP address of the peer.
## Either the port we connected to at the peer; or our port the peer
## connected to if the session is remotely initiated.
p: port;
is_local: bool; ##< True if this record describes the local process.
descr: string; ##< The peer's :zeek:see:`peer_description`.
class: string &optional; ##< The self-assigned *class* of the peer.
};
## Deprecated.
##
## .. zeek:see:: rotate_file rotate_file_by_name rotate_interval
@ -1970,10 +1944,6 @@ const watchdog_interval = 10 sec &redef;
## "process all expired timers with each new packet".
const max_timer_expires = 300 &redef;
## With a similar trade-off, this gives the number of remote events
## to process in a batch before interleaving other activity.
const max_remote_events_processed = 10 &redef;
# These need to match the definitions in Login.h.
#
# .. zeek:see:: get_login_state
@ -4740,71 +4710,14 @@ const packet_filter_default = F &redef;
## Maximum size of regular expression groups for signature matching.
const sig_max_group_size = 50 &redef;
## Deprecated. No longer functional.
const enable_syslog = F &redef;
## Description transmitted to remote communication peers for identification.
const peer_description = "bro" &redef;
## If true, broadcast events received from one peer to all other peers.
##
## .. zeek:see:: forward_remote_state_changes
##
## .. note:: This option is only temporary and will disappear once we get a
## more sophisticated script-level communication framework.
const forward_remote_events = F &redef;
## If true, broadcast state updates received from one peer to all other peers.
##
## .. zeek:see:: forward_remote_events
##
## .. note:: This option is only temporary and will disappear once we get a
## more sophisticated script-level communication framework.
const forward_remote_state_changes = F &redef;
## The number of IO chunks allowed to be buffered between the child
## and parent process of remote communication before Bro starts dropping
## connections to remote peers in an attempt to catch up.
const chunked_io_buffer_soft_cap = 800000 &redef;
## Place-holder constant indicating "no peer".
const PEER_ID_NONE = 0;
# Signature payload pattern types.
# todo:: use enum to help autodoc
# todo:: Still used?
#const SIG_PATTERN_PAYLOAD = 0;
#const SIG_PATTERN_HTTP = 1;
#const SIG_PATTERN_FTP = 2;
#const SIG_PATTERN_FINGER = 3;
# Deprecated.
# todo::Should use the new logging framework directly.
const REMOTE_LOG_INFO = 1; ##< Deprecated.
const REMOTE_LOG_ERROR = 2; ##< Deprecated.
# Source of logging messages from the communication framework.
# todo:: these should go into an enum to make them autodoc'able.
const REMOTE_SRC_CHILD = 1; ##< Message from the child process.
const REMOTE_SRC_PARENT = 2; ##< Message from the parent process.
const REMOTE_SRC_SCRIPT = 3; ##< Message from a policy script.
## Synchronize trace processing at a regular basis in pseudo-realtime mode.
##
## .. zeek:see:: remote_trace_sync_peers
const remote_trace_sync_interval = 0 secs &redef;
## Number of peers across which to synchronize trace processing in
## pseudo-realtime mode.
##
## .. zeek:see:: remote_trace_sync_interval
const remote_trace_sync_peers = 0 &redef;
## Whether for :zeek:attr:`&synchronized` state to send the old value as a
## consistency check.
const remote_check_sync_consistency = F &redef;
## Reassemble the beginning of all TCP connections before doing
## signature matching. Enabling this provides more accurate matching at the
## expense of CPU cycles.
##

1
src/CMakeLists.txt
View file

@ -295,7 +295,6 @@ set(bro_SRCS
RandTest.cc
RE.cc
Reassem.cc
RemoteSerializer.cc
Rule.cc
RuleAction.cc
RuleCondition.cc

3
src/ChunkedIO.cc
View file

@ -14,7 +14,6 @@
#include "bro-config.h"
#include "ChunkedIO.h"
#include "NetVar.h"
#include "RemoteSerializer.h"
ChunkedIO::ChunkedIO() : stats(), tag(), pure()
{
@ -377,7 +376,7 @@ ChunkedIO::Chunk* ChunkedIOFd::ConcatChunks(Chunk* c1, Chunk* c2)
void ChunkedIO::Log(const char* str)
{
RemoteSerializer::Log(RemoteSerializer::LogError, str);
//RemoteSerializer::Log(RemoteSerializer::LogError, str);
}
bool ChunkedIOFd::Read(Chunk** chunk, bool may_block)

18
src/Event.cc
View file

@ -189,21 +189,3 @@ void EventMgr::Describe(ODesc* d) const
d->NL();
}
}
RecordVal* EventMgr::GetLocalPeerVal()
{
if ( ! src_val )
{
src_val = new RecordVal(peer);
src_val->Assign(0, val_mgr->GetCount(0));
src_val->Assign(1, new AddrVal("127.0.0.1"));
src_val->Assign(2, val_mgr->GetPort(0));
src_val->Assign(3, val_mgr->GetTrue());
Ref(peer_description);
src_val->Assign(4, peer_description);
src_val->Assign(5, 0); // class (optional).
}
return src_val;
}

3
src/Event.h
View file

@ -129,9 +129,6 @@ public:
int Size() const
{ return num_events_queued - num_events_dispatched; }
// Returns a peer record describing the local Bro.
RecordVal* GetLocalPeerVal();
void Describe(ODesc* d) const override;
protected:

18
src/EventHandler.cc
View file

@ -2,7 +2,6 @@
#include "EventHandler.h"
#include "Func.h"
#include "Scope.h"
#include "RemoteSerializer.h"
#include "NetVar.h"
#include "broker/Manager.h"
@ -28,7 +27,6 @@ EventHandler::~EventHandler()
EventHandler::operator bool() const
{
return enabled && ((local && local->HasBodies())
|| receivers.length()
|| generate_always
|| ! auto_publish.empty());
}
@ -73,12 +71,6 @@ void EventHandler::Call(val_list* vl, bool no_remote)
if ( ! no_remote )
{
loop_over_list(receivers, i)
{
SerialInfo info(remote_serializer);
remote_serializer->SendCall(&info, receivers[i], name, vl);
}
if ( ! auto_publish.empty() )
{
// Send event in form [name, xs...] where xs represent the arguments.
@ -179,16 +171,6 @@ void EventHandler::NewEvent(val_list* vl)
mgr.Dispatch(ev);
}
void EventHandler::AddRemoteHandler(SourceID peer)
{
receivers.append(peer);
}
void EventHandler::RemoveRemoteHandler(SourceID peer)
{
receivers.remove(peer);
}
bool EventHandler::Serialize(SerialInfo* info) const
{
return SERIALIZE(name);

7
src/EventHandler.h
View file

@ -26,9 +26,6 @@ public:
void SetLocalHandler(Func* f);
void AddRemoteHandler(SourceID peer);
void RemoveRemoteHandler(SourceID peer);
void AutoPublish(std::string topic)
{
auto_publish.insert(std::move(topic));
@ -75,10 +72,6 @@ private:
bool error_handler; // this handler reports error messages.
bool generate_always;
declare(List, SourceID);
typedef List(SourceID) receiver_list;
receiver_list receivers;
std::unordered_set<std::string> auto_publish;
};

2
src/EventRegistry.cc
View file

@ -1,6 +1,6 @@
#include "EventRegistry.h"
#include "RE.h"
#include "RemoteSerializer.h"
#include "Reporter.h"
void EventRegistry::Register(EventHandlerPtr handler)
{

1
src/Expr.cc
View file

@ -10,7 +10,6 @@
#include "Scope.h"
#include "Stmt.h"
#include "EventRegistry.h"
#include "RemoteSerializer.h"
#include "Net.h"
#include "Traverse.h"
#include "Trigger.h"

1
src/Func.cc
View file

@ -42,7 +42,6 @@
#include "Sessions.h"
#include "RE.h"
#include "Serializer.h"
#include "RemoteSerializer.h"
#include "Event.h"
#include "Traverse.h"
#include "Reporter.h"

6
src/ID.cc
View file

@ -10,7 +10,6 @@
#include "Scope.h"
#include "File.h"
#include "Serializer.h"
#include "RemoteSerializer.h"
#include "Scope.h"
#include "Traverse.h"
#include "zeexygen/Manager.h"
@ -361,11 +360,6 @@ ID* ID::Unserialize(UnserialInfo* info)
else
{
if ( info->id_policy != UnserialInfo::InstantiateNew )
{
remote_serializer->Unregister(current);
}
switch ( info->id_policy ) {
case UnserialInfo::Keep:

9
src/Net.cc
View file

@ -49,8 +49,6 @@ int reading_live = 0;
int reading_traces = 0;
int have_pending_timers = 0;
double pseudo_realtime = 0.0;
bool using_communication = false;
double network_time = 0.0; // time according to last packet timestamp
// (or current time)
double processing_start_time = 0.0; // time started working on current pkt
@ -309,7 +307,7 @@ void net_run()
}
#endif
current_iosrc = src;
auto communication_enabled = using_communication || broker_mgr->Active();
auto communication_enabled = broker_mgr->Active();
if ( src )
src->Process(); // which will call net_packet_dispatch()
@ -372,11 +370,6 @@ void net_run()
// current packet and its related events.
termination_signal();
#ifdef DEBUG_COMMUNICATION
if ( signal_val == SIGPROF && remote_serializer )
remote_serializer->DumpDebugData();
#endif
if ( ! reading_traces )
// Check whether we have timers scheduled for
// the future on which we need to wait.

4
src/Net.h
View file

@ -7,7 +7,6 @@
#include "util.h"
#include "List.h"
#include "Func.h"
#include "RemoteSerializer.h"
#include "iosource/IOSource.h"
#include "iosource/PktSrc.h"
#include "iosource/PktDumper.h"
@ -67,9 +66,6 @@ extern double bro_start_network_time;
// True if we're a in the process of cleaning-up just before termination.
extern bool terminating;
// True if the remote serializer is to be activated.
extern bool using_communication;
// True if Bro is currently parsing scripts.
extern bool is_parsing;

21
src/NetVar.cc
View file

@ -30,7 +30,6 @@ RecordType* mime_match;
int watchdog_interval;
int max_timer_expires;
int max_remote_events_processed;
int ignore_checksums;
int partial_connection_ok;
@ -173,10 +172,6 @@ StringVal* log_encryption_key;
StringVal* log_rotate_base_time;
StringVal* peer_description;
RecordType* peer;
int forward_remote_state_changes;
int forward_remote_events;
int remote_check_sync_consistency;
bro_uint_t chunked_io_buffer_soft_cap;
StringVal* ssl_ca_certificate;
@ -212,9 +207,6 @@ int dpd_ignore_ports;
TableVal* likely_server_ports;
double remote_trace_sync_interval;
int remote_trace_sync_peers;
int check_for_unused_event_handlers;
int dump_used_event_handlers;
@ -267,12 +259,6 @@ void init_general_global_var()
peer_description =
internal_val("peer_description")->AsStringVal();
peer = internal_type("event_peer")->AsRecordType();
forward_remote_state_changes =
opt_internal_int("forward_remote_state_changes");
forward_remote_events = opt_internal_int("forward_remote_events");
remote_check_sync_consistency =
opt_internal_int("remote_check_sync_consistency");
chunked_io_buffer_soft_cap = opt_internal_unsigned("chunked_io_buffer_soft_cap");
ssl_ca_certificate = internal_val("ssl_ca_certificate")->AsStringVal();
@ -282,7 +268,6 @@ void init_general_global_var()
packet_filter_default = opt_internal_int("packet_filter_default");
sig_max_group_size = opt_internal_int("sig_max_group_size");
enable_syslog = opt_internal_int("enable_syslog");
check_for_unused_event_handlers =
opt_internal_int("check_for_unused_event_handlers");
@ -395,8 +380,6 @@ void init_net_var()
watchdog_interval = int(opt_internal_double("watchdog_interval"));
max_timer_expires = opt_internal_int("max_timer_expires");
max_remote_events_processed =
opt_internal_int("max_remote_events_processed");
skip_authentication = internal_list_val("skip_authentication");
direct_login_prompts = internal_list_val("direct_login_prompts");
@ -498,10 +481,6 @@ void init_net_var()
irc_join_list = internal_type("irc_join_list")->AsTableType();
irc_servers = internal_val("irc_servers")->AsTableVal();
remote_trace_sync_interval =
opt_internal_double("remote_trace_sync_interval");
remote_trace_sync_peers = opt_internal_int("remote_trace_sync_peers");
dpd_reassemble_first_packets =
opt_internal_int("dpd_reassemble_first_packets");
dpd_buffer_size = opt_internal_int("dpd_buffer_size");

10
src/NetVar.h
View file

@ -33,7 +33,6 @@ extern RecordType* mime_match;
extern int watchdog_interval;
extern int max_timer_expires;
extern int max_remote_events_processed;
extern int ignore_checksums;
extern int partial_connection_ok;
@ -176,10 +175,6 @@ extern StringVal* log_encryption_key;
extern StringVal* log_rotate_base_time;
extern StringVal* peer_description;
extern RecordType* peer;
extern int forward_remote_state_changes;
extern int forward_remote_events;
extern int remote_check_sync_consistency;
extern bro_uint_t chunked_io_buffer_soft_cap;
extern StringVal* ssl_ca_certificate;
@ -201,8 +196,6 @@ extern int packet_filter_default;
extern int sig_max_group_size;
extern int enable_syslog;
extern TableType* irc_join_list;
extern RecordType* irc_join_info;
extern TableVal* irc_servers;
@ -214,9 +207,6 @@ extern int dpd_ignore_ports;
extern TableVal* likely_server_ports;
extern double remote_trace_sync_interval;
extern int remote_trace_sync_peers;
extern int check_for_unused_event_handlers;
extern int dump_used_event_handlers;

4586
src/RemoteSerializer.cc
View file

File diff suppressed because it is too large Load diff

524
src/RemoteSerializer.h
View file

@ -1,524 +0,0 @@
// Communication between two Bro's.
#ifndef REMOTE_SERIALIZER
#define REMOTE_SERIALIZER
#include "Dict.h"
#include "List.h"
#include "Serializer.h"
#include "iosource/IOSource.h"
#include "Stats.h"
#include "File.h"
#include "logging/WriterBackend.h"
#include <vector>
#include <string>
class IncrementalSendTimer;
namespace threading {
struct Field;
struct Value;
}
// This class handles the communication done in Bro's main loop.
class RemoteSerializer : public Serializer, public iosource::IOSource {
public:
RemoteSerializer();
~RemoteSerializer() override;
// Initialize the remote serializer (calling this will fork).
void Enable();
// FIXME: Use SourceID directly (or rename everything to Peer*).
typedef SourceID PeerID;
static const PeerID PEER_LOCAL = SOURCE_LOCAL;
static const PeerID PEER_NONE = SOURCE_LOCAL;
// Connect to host (returns PEER_NONE on error).
PeerID Connect(const IPAddr& ip, const string& zone_id, uint16 port,
const char* our_class, double retry, bool use_ssl);
// Close connection to host.
bool CloseConnection(PeerID peer);
// Request all events matching pattern from remote side.
bool RequestEvents(PeerID peer, RE_Matcher* pattern);
// Request synchronization of IDs with remote side. If auth is true,
// we consider our current state to authoritative and send it to
// the peer right after the handshake.
bool RequestSync(PeerID peer, bool auth);
// Requests logs from the remote side.
bool RequestLogs(PeerID id);
// Sets flag whether we're accepting state from this peer
// (default: yes).
bool SetAcceptState(PeerID peer, bool accept);
// Sets compression level (0-9, 0 is defaults and means no compression)
bool SetCompressionLevel(PeerID peer, int level);
// Signal the other side that we have finished our part of
// the initial handshake.
bool CompleteHandshake(PeerID peer);
// Start to listen.
bool Listen(const IPAddr& ip, uint16 port, bool expect_ssl, bool ipv6,
const string& zone_id, double retry);
// Stop it.
bool StopListening();
// Broadcast the event/function call.
bool SendCall(SerialInfo* info, const char* name, val_list* vl);
// Send the event/function call (only if handshake completed).
bool SendCall(SerialInfo* info, PeerID peer, const char* name, val_list* vl);
// Broadcasts the access (only if handshake completed).
bool SendAccess(SerialInfo* info, const StateAccess& access);
// Send the access.
bool SendAccess(SerialInfo* info, PeerID pid, const StateAccess& access);
// Sends ID.
bool SendID(SerialInfo* info, PeerID peer, const ID& id);
// Sends the internal connection state.
bool SendConnection(SerialInfo* info, PeerID peer, const Connection& c);
// Send capture filter.
bool SendCaptureFilter(PeerID peer, const char* filter);
// Send packet.
bool SendPacket(SerialInfo* info, PeerID peer, const Packet& p);
// Broadcast packet.
bool SendPacket(SerialInfo* info, const Packet& p);
// Broadcast ping.
bool SendPing(PeerID peer, uint32 seq);
// Broadcast remote print.
bool SendPrintHookEvent(BroFile* f, const char* txt, size_t len);
// Send a request to create a writer on a remote side.
bool SendLogCreateWriter(PeerID peer, EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields);
// Broadcasts a request to create a writer.
bool SendLogCreateWriter(EnumVal* id, EnumVal* writer, const logging::WriterBackend::WriterInfo& info, int num_fields, const threading::Field* const * fields);
// Broadcast a log entry to everybody interested.
bool SendLogWrite(EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals);
// Synchronzizes time with all connected peers. Returns number of
// current sync-point, or -1 on error.
uint32 SendSyncPoint();
void SendFinalSyncPoint();
// Registers the ID to be &synchronized.
void Register(ID* id);
void Unregister(ID* id);
// Stop/restart propagating state updates.
void SuspendStateUpdates() { --propagate_accesses; }
void ResumeStateUpdates() { ++propagate_accesses; }
// Check for incoming events and queue them.
bool Poll(bool may_block);
// Returns the corresponding record (already ref'ed).
RecordVal* GetPeerVal(PeerID id);
// Log some statistics.
void LogStats();
// Tries to sent out all remaining data.
// FIXME: Do we still need this?
void Finish();
// Overidden from IOSource:
void GetFds(iosource::FD_Set* read, iosource::FD_Set* write,
iosource::FD_Set* except) override;
double NextTimestamp(double* local_network_time) override;
void Process() override;
TimerMgr::Tag* GetCurrentTag() override;
const char* Tag() override { return "RemoteSerializer"; }
// Gracefully finishes communication by first making sure that all
// remaining data (parent & child) has been sent out.
virtual bool Terminate();
#ifdef DEBUG_COMMUNICATION
// Dump data recently read/written into files.
void DumpDebugData();
// Read dump file and interpret as message block.
void ReadDumpAsMessageType(const char* file);
// Read dump file and interpret as serialization.
void ReadDumpAsSerialization(const char* file);
#endif
enum LogLevel { LogInfo = 1, LogError = 2, };
static void Log(LogLevel level, const char* msg);
protected:
friend class IncrementalSendTimer;
// Maximum size of serialization caches.
static const unsigned int MAX_CACHE_SIZE = 3000;
// When syncing traces in pseudo-realtime mode, we wait this many
// seconds after the final sync-point to make sure that all
// remaining I/O gets propagated.
static const unsigned int FINAL_SYNC_POINT_DELAY = 5;
declare(PList, EventHandler);
typedef PList(EventHandler) handler_list;
struct Peer {
PeerID id; // Unique ID (non-zero) per peer.
IPAddr ip;
uint16 port;
handler_list handlers;
RecordVal* val; // Record of type event_source.
SerializationCache* cache_in; // One cache for each direction.
SerializationCache* cache_out;
// TCP-level state of the connection to the peer.
// State of the connection to the peer.
enum { INIT, PENDING, CONNECTED, CLOSING, CLOSED } state;
// Current protocol phase of the connection (see RemoteSerializer.cc)
enum { UNKNOWN, SETUP, HANDSHAKE, SYNC, RUNNING } phase;
// Capabilities.
static const int COMPRESSION = 1;
static const int NO_CACHING = 2;
static const int PID_64BIT = 4;
static const int NEW_CACHE_STRATEGY = 8;
static const int BROCCOLI_PEER = 16;
// Constants to remember to who did something.
static const int NONE = 0;
static const int WE = 1;
static const int PEER = 2;
static const int BOTH = WE | PEER;
static const int AUTH_WE = 4;
static const int AUTH_PEER = 8;
int sent_version; // Who has sent the VERSION.
int handshake_done; // Who finished its handshake phase.
int sync_requested; // Who requested sync'ed state.
bool orig; // True if we connected to the peer.
bool accept_state; // True if we accept state from peer.
bool send_state; // True if we're supposed to initially sent our state.
int comp_level; // Compression level.
bool logs_requested; // True if the peer has requested logs.
// True if this peer triggered a net_suspend_processing().
bool suspended_processing;
uint32 caps; // Capabilities announced by peer.
int runtime; // Runtime we got from the peer.
int our_runtime; // Our runtime as we told it to this peer.
string peer_class; // Class from peer ("" = no class).
string our_class; // Class we send the peer.
uint32 sync_point; // Highest sync-point received so far
char* print_buffer; // Buffer for remote print or null.
int print_buffer_used; // Number of bytes used in buffer.
char* log_buffer; // Buffer for remote log or null.
int log_buffer_used; // Number of bytes used in buffer.
};
// Shuts down remote serializer.
void FatalError(const char* msg);
enum LogSrc { LogChild = 1, LogParent = 2, LogScript = 3, };
static void Log(LogLevel level, const char* msg, Peer* peer, LogSrc src = LogParent);
void ReportError(const char* msg) override;
void GotEvent(const char* name, double time,
EventHandlerPtr event, val_list* args) override;
void GotFunctionCall(const char* name, double time,
Func* func, val_list* args) override;
void GotID(ID* id, Val* val) override;
void GotStateAccess(StateAccess* s) override;
void GotTimer(Timer* t) override;
void GotConnection(Connection* c) override;
void GotPacket(Packet* packet) override;
void Fork();
bool DoMessage();
bool ProcessConnected();
bool ProcessSerialization();
bool ProcessRequestEventsMsg();
bool ProcessRequestSyncMsg();
bool ProcessVersionMsg();
bool ProcessLogMsg(bool is_error);
bool ProcessStatsMsg();
bool ProcessCaptureFilterMsg();
bool ProcessPhaseDone();
bool ProcessPingMsg();
bool ProcessPongMsg();
bool ProcessCapsMsg();
bool ProcessSyncPointMsg();
bool ProcessRemotePrint();
bool ProcessLogCreateWriter();
bool ProcessLogWrite();
bool ProcessRequestLogs();
Peer* AddPeer(const IPAddr& ip, uint16 port, PeerID id = PEER_NONE);
Peer* LookupPeer(PeerID id, bool only_if_connected);
void RemovePeer(Peer* peer);
bool IsConnectedPeer(PeerID id);
void PeerDisconnected(Peer* peer);
void PeerConnected(Peer* peer);
RecordVal* MakePeerVal(Peer* peer);
bool HandshakeDone(Peer* peer);
bool IsActive();
void SetupSerialInfo(SerialInfo* info, Peer* peer);
bool CheckSyncPoints();
void SendSyncPoint(uint32 syncpoint);
bool PropagateAccesses()
{
return ignore_accesses ?
propagate_accesses > 1 : propagate_accesses > 0;
}
bool CloseConnection(Peer* peer);
bool SendAllSynchronized(Peer* peer, SerialInfo* info);
bool SendCall(SerialInfo* info, Peer* peer, const char* name, val_list* vl);
bool SendAccess(SerialInfo* info, Peer* peer, const StateAccess& access);
bool SendID(SerialInfo* info, Peer* peer, const ID& id);
bool SendCapabilities(Peer* peer);
bool SendPacket(SerialInfo* info, Peer* peer, const Packet& p);
bool SendLogWrite(Peer* peer, EnumVal* id, EnumVal* writer, string path, int num_fields, const threading::Value* const * vals);
void UnregisterHandlers(Peer* peer);
void RaiseEvent(EventHandlerPtr event, Peer* peer, const char* arg = 0);
bool EnterPhaseRunning(Peer* peer);
bool FlushPrintBuffer(Peer* p);
bool FlushLogBuffer(Peer* p);
void ChildDied();
void InternalCommError(const char* msg);
// Communication helpers
bool SendCMsgToChild(char msg_type, Peer* peer);
bool SendToChild(char type, Peer* peer, char* str, int len = -1,
bool delete_with_free = false);
bool SendToChild(char type, Peer* peer, int nargs, ...); // can send uints32 only
bool SendToChild(ChunkedIO::Chunk* c);
void SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose);
private:
enum { TYPE, ARGS } msgstate; // current state of reading comm.
Peer* current_peer;
PeerID current_id;
char current_msgtype;
ChunkedIO::Chunk* current_args;
double last_flush;
id_list sync_ids;
// FIXME: Check which of these are necessary...
bool initialized;
bool listening;
int propagate_accesses;
bool ignore_accesses;
bool terminating;
int received_logs;
Peer* source_peer;
PeerID id_counter; // Keeps track of assigned IDs.
uint32 current_sync_point;
bool syncing_times;
declare(PList, Peer);
typedef PList(Peer) peer_list;
peer_list peers;
Peer* in_sync; // Peer we're currently syncing state with.
peer_list sync_pending; // List of peers waiting to sync state.
// Event buffer
struct BufferedEvent {
time_t time;
PeerID src;
EventHandlerPtr handler;
val_list* args;
};
declare(PList, BufferedEvent);
typedef PList(BufferedEvent) EventQueue;
EventQueue events;
// Packet buffer
struct BufferedPacket {
time_t time;
Packet* p;
};
declare(PList, BufferedPacket);
typedef PList(BufferedPacket) PacketQueue;
PacketQueue packets;
// Some stats
struct Statistics {
struct Pair {
Pair() : in(0), out(0) {}
unsigned long in;
unsigned long out;
};
Pair events; // actually events and function calls
Pair accesses;
Pair conns;
Pair packets;
Pair ids;
} stats;
};
// This class handles the communication done in the forked child.
class SocketComm {
public:
SocketComm();
~SocketComm();
void SetParentIO(ChunkedIO* arg_io) { io = arg_io; }
void Run(); // does not return
// Log some statistics (via pipe to parent).
bool LogStats();
// Log CPU usage (again via pipe to parent).
bool LogProf();
protected:
struct Peer {
Peer()
{
id = 0;
io = 0;
port = 0;
state = 0;
connected = false;
ssl = false;
retry = 0;
next_try = 0;
compressor = false;
}
RemoteSerializer::PeerID id;
ChunkedIO* io;
IPAddr ip;
string zone_id;
uint16 port;
char state;
bool connected;
bool ssl;
// If we get disconnected, reconnect after this many seconds.
int retry;
// Time of next connection attempt (0 if none).
time_t next_try;
// True if io is a CompressedChunkedIO.
bool compressor;
};
bool Listen();
bool AcceptConnection(int listen_fd);
bool Connect(Peer* peer);
bool CloseConnection(Peer* peer, bool reconnect);
Peer* LookupPeer(RemoteSerializer::PeerID id, bool only_if_connected);
bool ProcessRemoteMessage(Peer* peer);
bool ProcessParentMessage();
bool DoParentMessage();
bool ProcessListen();
bool ProcessConnectTo();
bool ProcessCompress();
void Log(const char* msg, Peer* peer = 0);
// The connection to the peer will be closed.
bool Error(const char* msg, Peer* peer);
// If kill is true, this is a fatal error and we kill ourselves.
void Error(const char* msg, bool kill = false);
// Kill the current process.
void Kill();
// Check whether everything has been sent out.
void CheckFinished();
// Reports the error and terminates the process.
void InternalError(const char* msg);
// Communication helpers.
bool SendToParent(char type, Peer* peer, const char* str, int len = -1);
bool SendToParent(char type, Peer* peer, int nargs, ...); // can send uints32 only
bool SendToParent(ChunkedIO::Chunk* c);
bool SendToPeer(Peer* peer, char type, const char* str, int len = -1);
bool SendToPeer(Peer* peer, char type, int nargs, ...); // can send uints32 only
bool SendToPeer(Peer* peer, ChunkedIO::Chunk* c);
bool ProcessParentCompress();
bool ProcessPeerCompress(Peer* peer);
bool ForwardChunkToParent(Peer* p, ChunkedIO::Chunk* c);
bool ForwardChunkToPeer();
const char* MakeLogString(const char* msg, Peer *peer);
// Closes all file descriptors associated with listening sockets.
void CloseListenFDs();
// Peers we are communicating with:
declare(PList, Peer);
typedef PList(Peer) peer_list;
RemoteSerializer::PeerID id_counter;
peer_list peers;
ChunkedIO* io; // I/O to parent
// Current state of reading from parent.
enum { TYPE, ARGS } parent_msgstate;
Peer* parent_peer;
RemoteSerializer::PeerID parent_id;
char parent_msgtype;
ChunkedIO::Chunk* parent_args;
vector<int> listen_fds;
// If the port we're trying to bind to is already in use, we will retry
// it regularly.
string listen_if;
string listen_zone_id; // RFC 4007 IPv6 zone_id
uint16 listen_port;
bool listen_ssl; // use SSL for IO
bool enable_ipv6; // allow IPv6 listen sockets
uint32 bind_retry_interval; // retry interval for already-in-use sockets
time_t listen_next_try; // time at which to try another bind
bool shutting_conns_down;
bool terminating;
bool killing;
};
extern RemoteSerializer* remote_serializer;
#endif

2
src/SerialInfo.h
View file

@ -3,6 +3,8 @@
#ifndef serialinfo_h
#define serialinfo_h
#include "ChunkedIO.h"
class SerialInfo {
public:
SerialInfo(Serializer* arg_s)

1
src/Serializer.cc
View file

@ -18,7 +18,6 @@
#include "NetVar.h"
#include "Conn.h"
#include "Timer.h"
#include "RemoteSerializer.h"
#include "iosource/Manager.h"
Serializer::Serializer(SerializationFormat* arg_format)

1
src/Sessions.h
View file

@ -180,7 +180,6 @@ public:
analyzer::tcp::TCPStateStats tcp_stats; // keeps statistics on TCP states
protected:
friend class RemoteSerializer;
friend class ConnCompressor;
friend class TimerMgrExpireTimer;
friend class IPTunnelTimer;

150
src/StateAccess.cc
View file

@ -4,7 +4,6 @@
#include "Event.h"
#include "NetVar.h"
#include "DebugLogger.h"
#include "RemoteSerializer.h"
int StateAccess::replaying = 0;
@ -134,100 +133,6 @@ void StateAccess::RefThem()
Ref(op3);
}
bool StateAccess::CheckOld(const char* op, ID* id, Val* index,
Val* should, Val* is)
{
if ( ! remote_check_sync_consistency )
return true;
if ( ! should && ! is )
return true;
// 'should == index' means that 'is' should be non-nil.
if ( should == index && is )
return true;
if ( should && is )
{
// There's no general comparison for non-atomic vals currently.
if ( ! (is_atomic_val(is) && is_atomic_val(should)) )
return true;
if ( same_atomic_val(should, is) )
return true;
}
Val* arg1;
Val* arg2;
Val* arg3;
if ( index )
{
ODesc d;
d.SetShort();
index->Describe(&d);
arg1 = new StringVal(fmt("%s[%s]", id->Name(), d.Description()));
}
else
arg1 = new StringVal(id->Name());
if ( should )
{
ODesc d;
d.SetShort();
should->Describe(&d);
arg2 = new StringVal(d.Description());
}
else
arg2 = new StringVal("<none>");
if ( is )
{
ODesc d;
d.SetShort();
is->Describe(&d);
arg3 = new StringVal(d.Description());
}
else
arg3 = new StringVal("<none>");
mgr.QueueEvent(remote_state_inconsistency, {
new StringVal(op),
arg1,
arg2,
arg3,
});
return false;
}
bool StateAccess::CheckOldSet(const char* op, ID* id, Val* index,
bool should, bool is)
{
if ( ! remote_check_sync_consistency )
return true;
if ( should == is )
return true;
ODesc d;
d.SetShort();
index->Describe(&d);
Val* arg1 = new StringVal(fmt("%s[%s]", id->Name(), d.Description()));
Val* arg2 = new StringVal(should ? "set" : "not set");
Val* arg3 = new StringVal(is ? "set" : "not set");
mgr.QueueEvent(remote_state_inconsistency, {
new StringVal(op),
arg1,
arg2,
arg3,
});
return false;
}
bool StateAccess::MergeTables(TableVal* dst, Val* src)
{
if ( src->Type()->Tag() != TYPE_TABLE )
@ -286,7 +191,6 @@ void StateAccess::Replay()
assert(op1.val);
// There mustn't be a direct assignment to a unique ID.
assert(target.id->Name()[0] != '#');
CheckOld("assign", target.id, 0, op2, v);
if ( t == TYPE_TABLE && v &&
v->AsTableVal()->FindAttr(ATTR_MERGEABLE) )
@ -328,9 +232,6 @@ void StateAccess::Replay()
break;
}
CheckOld("index assign", target.id, op1.val, op3,
v->AsTableVal()->Lookup(op1.val));
v->AsTableVal()->Assign(op1.val, op2 ? op2->Ref() : 0);
}
@ -352,8 +253,6 @@ void StateAccess::Replay()
break;
}
CheckOld("index assign", target.id, op1.val, op3,
v->AsRecordVal()->Lookup(idx));
v->AsRecordVal()->Assign(idx, op2 ? op2->Ref() : 0);
}
else
@ -376,8 +275,6 @@ void StateAccess::Replay()
break;
}
CheckOld("index assign", target.id, op1.val, op3,
v->AsVectorVal()->Lookup(index));
v->AsVectorVal()->Assign(index, op2 ? op2->Ref() : 0);
}
@ -441,8 +338,6 @@ void StateAccess::Replay()
assert(op1.val);
if ( t == TYPE_TABLE )
{
CheckOldSet("add", target.id, op1.val, op2 != 0,
v->AsTableVal()->Lookup(op1.val) != 0);
v->AsTableVal()->Assign(op1.val, 0);
}
break;
@ -451,13 +346,6 @@ void StateAccess::Replay()
assert(op1.val);
if ( t == TYPE_TABLE )
{
if ( v->Type()->AsTableType()->IsSet() )
CheckOldSet("delete", target.id, op1.val, op2 != 0,
v->AsTableVal()->Lookup(op1.val) != 0);
else
CheckOld("delete", target.id, op1.val, op2,
v->AsTableVal()->Lookup(op1.val));
Unref(v->AsTableVal()->Delete(op1.val));
}
break;
@ -476,14 +364,8 @@ void StateAccess::Replay()
// are performed in the expire_func.
StateAccess::ResumeReplay();
if ( remote_serializer )
remote_serializer->ResumeStateUpdates();
tv->CallExpireFunc(op1.val->Ref());
if ( remote_serializer )
remote_serializer->SuspendStateUpdates();
StateAccess::SuspendReplay();
Unref(tv->AsTableVal()->Delete(op1.val));
@ -506,20 +388,7 @@ void StateAccess::Replay()
// Update the timestamp if we have a read_expire.
if ( tv->FindAttr(ATTR_EXPIRE_READ) )
{
if ( ! tv->UpdateTimestamp(op1.val) &&
remote_check_sync_consistency )
{
ODesc d;
d.SetShort();
op1.val->Describe(&d);
mgr.QueueEvent(remote_state_inconsistency, {
new StringVal("read"),
new StringVal(fmt("%s[%s]", target.id->Name(), d.Description())),
new StringVal("existent"),
new StringVal("not existent"),
});
}
tv->UpdateTimestamp(op1.val);
}
}
else
@ -532,14 +401,6 @@ void StateAccess::Replay()
}
--replaying;
if ( remote_state_access_performed )
{
mgr.QueueEventFast(remote_state_access_performed, {
new StringVal(target.id->Name()),
target.id->ID_Val()->Ref(),
});
}
}
ID* StateAccess::Target() const
@ -596,14 +457,6 @@ bool StateAccess::DoSerialize(SerialInfo* info) const
const Val* null = 0;
if ( remote_check_sync_consistency )
{
SERIALIZE_OPTIONAL(op2);
SERIALIZE_OPTIONAL(op3);
}
else
{
switch ( opcode ) {
case OP_PRINT:
case OP_EXPIRE:
@ -637,7 +490,6 @@ bool StateAccess::DoSerialize(SerialInfo* info) const
default:
reporter->InternalError("StateAccess::DoSerialize: unknown opcode");
}
}
return true;
}

2
src/StateAccess.h
View file

@ -74,8 +74,6 @@ private:
StateAccess() { target.id = 0; op1.val = op2 = op3 = 0; }
void RefThem();
bool CheckOld(const char* op, ID* id, Val* index, Val* should, Val* is);
bool CheckOldSet(const char* op, ID* id, Val* index, bool should, bool is);
bool MergeTables(TableVal* dst, Val* src);
DECLARE_SERIAL(StateAccess);

4
src/Stmt.cc
View file

@ -14,7 +14,6 @@
#include "Debug.h"
#include "Traverse.h"
#include "Trigger.h"
#include "RemoteSerializer.h"
const char* stmt_name(BroStmtTag t)
{
@ -301,9 +300,6 @@ Val* PrintStmt::DoExec(val_list* vals, stmt_flow_type& /* flow */) const
{new Val(f), new StringVal(d.Len(), d.Description())}),
true);
}
if ( remote_serializer )
remote_serializer->SendPrintHookEvent(f, d.Description(), d.Len());
}
return 0;

1
src/Timer.cc
View file

@ -20,7 +20,6 @@ const char* TimerNames[] = {
"FileAnalysisInactivityTimer",
"FlowWeirdTimer",
"FragTimer",
"IncrementalSendTimer",
"InterconnTimer",
"IPTunnelInactivityTimer",
"NetbiosExpireTimer",

1
src/Timer.h
View file

@ -25,7 +25,6 @@ enum TimerType {
TIMER_FILE_ANALYSIS_INACTIVITY,
TIMER_FLOW_WEIRD_EXPIRE,
TIMER_FRAG,
TIMER_INCREMENTAL_SEND,
TIMER_INTERCONN,
TIMER_IP_TUNNEL_INACTIVITY,
TIMER_NB_EXPIRE,

18
src/Val.cc
View file

@ -21,7 +21,6 @@
#include "NetVar.h"
#include "Expr.h"
#include "Serializer.h"
#include "RemoteSerializer.h"
#include "PrefixTable.h"
#include "Conn.h"
#include "Reporter.h"
@ -1562,15 +1561,6 @@ int TableVal::Assign(Val* index, HashKey* k, Val* new_val, Opcode op)
else
{
// A set.
if ( old_entry_val && remote_check_sync_consistency )
{
Val* has_old_val = val_mgr->GetInt(1);
StateAccess::Log(
new StateAccess(OP_ADD, this, index,
has_old_val));
Unref(has_old_val);
}
else
StateAccess::Log(
new StateAccess(OP_ADD, this,
index, 0, 0));
@ -2056,13 +2046,6 @@ Val* TableVal::Delete(const Val* index)
if ( LoggingAccess() )
{
if ( v )
{
if ( v->Value() && remote_check_sync_consistency )
// A table.
StateAccess::Log(
new StateAccess(OP_DEL, this,
index, v->Value()));
else
{
// A set.
Val* has_old_val = val_mgr->GetInt(1);
@ -2071,7 +2054,6 @@ Val* TableVal::Delete(const Val* index)
has_old_val));
Unref(has_old_val);
}
}
else
StateAccess::Log(
new StateAccess(OP_DEL, this, index, 0));

1
src/Var.cc
View file

@ -7,7 +7,6 @@
#include "Stmt.h"
#include "Scope.h"
#include "Serializer.h"
#include "RemoteSerializer.h"
#include "EventRegistry.h"
#include "Traverse.h"

1
src/analyzer/protocol/tcp/TCP_Reassembler.cc
View file

@ -1,5 +1,6 @@
#include <algorithm>
#include "File.h"
#include "analyzer/Analyzer.h"
#include "TCP_Reassembler.h"
#include "analyzer/protocol/tcp/TCP.h"

1
src/analyzer/protocol/tcp/functions.bif
View file

@ -1,5 +1,6 @@
%%{
#include "File.h"
#include "analyzer/protocol/tcp/TCP.h"
%%}

6
src/bro.bif
View file

@ -4527,7 +4527,7 @@ function get_file_name%(f: file%): string
## after the rotation, and the time when *f* was opened/closed.
##
## .. zeek:see:: rotate_file_by_name calc_next_rotate
function rotate_file%(f: file%): rotate_info
function rotate_file%(f: file%): rotate_info &deprecated
%{
RecordVal* info = f->Rotate();
if ( info )
@ -4551,7 +4551,7 @@ function rotate_file%(f: file%): rotate_info
## after the rotation, and the time when *f* was opened/closed.
##
## .. zeek:see:: rotate_file calc_next_rotate
function rotate_file_by_name%(f: string%): rotate_info
function rotate_file_by_name%(f: string%): rotate_info &deprecated
%{
RecordVal* info = new RecordVal(rotate_info);
@ -4605,7 +4605,7 @@ function rotate_file_by_name%(f: string%): rotate_info
## Returns: The duration until the next file rotation time.
##
## .. zeek:see:: rotate_file rotate_file_by_name
function calc_next_rotate%(i: interval%) : interval
function calc_next_rotate%(i: interval%) : interval &deprecated
%{
const char* base_time = log_rotate_base_time ?
log_rotate_base_time->AsString()->CheckString() : 0;

1
src/broker/Data.cc
View file

@ -1,4 +1,5 @@
#include "Data.h"
#include "File.h"
#include "broker/data.bif.h"
#include <caf/stream_serializer.hpp>
#include <caf/stream_deserializer.hpp>

1
src/broker/Manager.h
View file

@ -13,6 +13,7 @@
#include "Reporter.h"
#include "iosource/IOSource.h"
#include "Val.h"
#include "logging/WriterBackend.h"
namespace bro_broker {

195
src/event.bif
View file

@ -600,201 +600,6 @@ event software_unparsed_version_found%(c: connection, host: addr, str: string%);
## generate_OS_version_event
event OS_version_found%(c: connection, host: addr, OS: OS_version%);
## Generated when a connection to a remote Bro has been established. This event
## is intended primarily for use by Bro's communication framework, but it can
## also trigger additional code if helpful.
##
## p: A record describing the peer.
##
## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error
## remote_connection_handshake_done remote_event_registered remote_log remote_pong
## remote_state_access_performed remote_state_inconsistency print_hook
event remote_connection_established%(p: event_peer%);
## Generated when a connection to a remote Bro has been closed. This event is
## intended primarily for use by Bro's communication framework, but it can
## also trigger additional code if helpful.
##
## p: A record describing the peer.
##
## .. zeek:see:: remote_capture_filter remote_connection_error
## remote_connection_established remote_connection_handshake_done
## remote_event_registered remote_log remote_pong remote_state_access_performed
## remote_state_inconsistency print_hook
event remote_connection_closed%(p: event_peer%);
## Generated when a remote connection's initial handshake has been completed.
## This event is intended primarily for use by Bro's communication framework,
## but it can also trigger additional code if helpful.
##
## p: A record describing the peer.
##
## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error
## remote_connection_established remote_event_registered remote_log remote_pong
## remote_state_access_performed remote_state_inconsistency print_hook
event remote_connection_handshake_done%(p: event_peer%);
## Generated for each event registered by a remote peer. This event is intended
## primarily for use by Bro's communication framework, but it can also trigger
## additional code if helpful.
##
## p: A record describing the peer.
##
## name: TODO.
##
## .. zeek:see:: remote_capture_filter remote_connection_closed
## remote_connection_error remote_connection_established
## remote_connection_handshake_done remote_log remote_pong
## remote_state_access_performed remote_state_inconsistency print_hook
event remote_event_registered%(p: event_peer, name: string%);
## Generated when a connection to a remote Bro encountered an error. This event
## is intended primarily for use by Bro's communication framework, but it can
## also trigger additional code if helpful.
##
## p: A record describing the peer.
##
## reason: A textual description of the error.
##
## .. zeek:see:: remote_capture_filter remote_connection_closed
## remote_connection_established remote_connection_handshake_done
## remote_event_registered remote_log remote_pong remote_state_access_performed
## remote_state_inconsistency print_hook
event remote_connection_error%(p: event_peer, reason: string%);
## Generated when a remote peer sent us a capture filter. While this event is
## intended primarily for use by Bro's communication framework, it can also
## trigger additional code if helpful.
##
## p: A record describing the peer.
##
## filter: The filter string sent by the peer.
##
## .. zeek:see:: remote_connection_closed remote_connection_error
## remote_connection_established remote_connection_handshake_done
## remote_event_registered remote_log remote_pong remote_state_access_performed
## remote_state_inconsistency print_hook
event remote_capture_filter%(p: event_peer, filter: string%);
## Generated after a call to :zeek:id:`send_state` when all data has been
## successfully sent to the remote side. While this event is
## intended primarily for use by Bro's communication framework, it can also
## trigger additional code if helpful.
##
## p: A record describing the remote peer.
##
## .. zeek:see:: remote_capture_filter remote_connection_closed
## remote_connection_error remote_connection_established
## remote_connection_handshake_done remote_event_registered remote_log remote_pong
## remote_state_access_performed remote_state_inconsistency print_hook
event finished_send_state%(p: event_peer%);
## Generated if state synchronization detects an inconsistency. While this
## event is intended primarily for use by Bro's communication framework, it can
## also trigger additional code if helpful. This event is only raised if
## :zeek:id:`remote_check_sync_consistency` is false.
##
## operation: The textual description of the state operation performed.
##
## id: The name of the Bro script identifier that was operated on.
##
## expected_old: A textual representation of the value of *id* that was
## expected to be found before the operation was carried out.
##
## real_old: A textual representation of the value of *id* that was actually
## found before the operation was carried out. The difference between
## *real_old* and *expected_old* is the inconsistency being reported.
##
## .. zeek:see:: remote_capture_filter remote_connection_closed
## remote_connection_error remote_connection_established
## remote_connection_handshake_done remote_event_registered remote_log remote_pong
## remote_state_access_performed print_hook remote_check_sync_consistency
event remote_state_inconsistency%(operation: string, id: string,
expected_old: string, real_old: string%);
## Generated for communication log messages. While this event is
## intended primarily for use by Bro's communication framework, it can also
## trigger additional code if helpful.
##
## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or
## :zeek:id:`REMOTE_LOG_ERROR`.
##
## src: The component of the communication system that logged the message.
## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's
## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or
## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level).
##
## msg: The message logged.
##
## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error
## remote_connection_established remote_connection_handshake_done
## remote_event_registered remote_pong remote_state_access_performed
## remote_state_inconsistency print_hook remote_log_peer
event remote_log%(level: count, src: count, msg: string%);
## Generated for communication log messages. While this event is
## intended primarily for use by Bro's communication framework, it can also
## trigger additional code if helpful. This event is equivalent to
## :zeek:see:`remote_log` except the message is with respect to a certain peer.
##
## p: A record describing the remote peer.
##
## level: The log level, which is either :zeek:id:`REMOTE_LOG_INFO` or
## :zeek:id:`REMOTE_LOG_ERROR`.
##
## src: The component of the communication system that logged the message.
## Currently, this will be one of :zeek:id:`REMOTE_SRC_CHILD` (Bro's
## child process), :zeek:id:`REMOTE_SRC_PARENT` (Bro's main process), or
## :zeek:id:`REMOTE_SRC_SCRIPT` (the script level).
##
## msg: The message logged.
##
## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error
## remote_connection_established remote_connection_handshake_done
## remote_event_registered remote_pong remote_state_access_performed
## remote_state_inconsistency print_hook remote_log
event remote_log_peer%(p: event_peer, level: count, src: count, msg: string%);
## Generated when a remote peer has answered to our ping. This event is part of
## Bro's infrastructure for measuring communication latency. One can send a ping
## by calling :zeek:id:`send_ping` and when a corresponding reply is received,
## this event will be raised.
##
## p: The peer sending us the pong.
##
## seq: The sequence number passed to the original :zeek:id:`send_ping` call.
## The number is sent back by the peer in its response.
##
## d1: The time interval between sending the ping and receiving the pong. This
## is the latency of the complete path.
##
## d2: The time interval between sending out the ping to the network and its
## reception at the peer. This is the network latency.
##
## d3: The time interval between when the peer's child process received the
## ping and when its parent process sent the pong. This is the
## processing latency at the peer.
##
## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error
## remote_connection_established remote_connection_handshake_done
## remote_event_registered remote_log remote_state_access_performed
## remote_state_inconsistency print_hook
event remote_pong%(p: event_peer, seq: count,
d1: interval, d2: interval, d3: interval%);
## Generated each time a remote state access has been replayed locally. This
## event is primarily intended for debugging.
##
## id: The name of the Bro script variable that's being operated on.
##
## v: The new value of the variable.
##
## .. zeek:see:: remote_capture_filter remote_connection_closed remote_connection_error
## remote_connection_established remote_connection_handshake_done
## remote_event_registered remote_log remote_pong remote_state_inconsistency
## print_hook
event remote_state_access_performed%(id: string, v: any%);
## Generated each time Bro's internal profiling log is updated. The file is
## defined by :zeek:id:`profiling_file`, and its update frequency by
## :zeek:id:`profiling_interval` and :zeek:id:`expensive_profiling_multiple`.

1
src/file_analysis/analyzer/extract/Extract.cc
View file

@ -1,6 +1,7 @@
// See the file "COPYING" in the main distribution directory for copyright.
#include <string>
#include <fcntl.h>
#include "Extract.h"
#include "util.h"

1
src/input/Manager.h
View file

@ -7,7 +7,6 @@
#include "BroString.h"
#include "EventHandler.h"
#include "RemoteSerializer.h"
#include "Val.h"
#include "Component.h"

2
src/iosource/Packet.cc
View file

@ -2,6 +2,8 @@
#include "Packet.h"
#include "Sessions.h"
#include "iosource/Manager.h"
#include "SerialInfo.h"
#include "Serializer.h"
extern "C" {
#ifdef HAVE_NET_ETHERNET_H

24
src/iosource/PktSrc.cc
View file

@ -160,21 +160,6 @@ double PktSrc::CheckPseudoTime()
if ( ! ExtractNextPacketInternal() )
return 0;
if ( remote_trace_sync_interval )
{
if ( next_sync_point == 0 || current_packet.time >= next_sync_point )
{
int n = remote_serializer->SendSyncPoint();
next_sync_point = first_timestamp +
n * remote_trace_sync_interval;
remote_serializer->Log(RemoteSerializer::LogInfo,
fmt("stopping at packet %.6f, next sync-point at %.6f",
current_packet.time, next_sync_point));
return 0;
}
}
double pseudo_time = current_packet.time - first_timestamp;
double ct = (current_time(true) - first_wallclock) * pseudo_realtime;
@ -308,15 +293,6 @@ bool PktSrc::ExtractNextPacketInternal()
if ( pseudo_realtime && ! IsOpen() )
{
if ( using_communication )
{
// Source has gone dry, we're done.
if ( remote_trace_sync_interval )
remote_serializer->SendFinalSyncPoint();
else
remote_serializer->Terminate();
}
if ( broker_mgr->Active() )
iosource_mgr->Terminate();
}

41
src/logging/Manager.cc
View file

@ -2,11 +2,12 @@
#include <algorithm>
#include "../Event.h"
#include "../EventHandler.h"
#include "../NetVar.h"
#include "../Net.h"
#include "../Type.h"
#include "Event.h"
#include "EventHandler.h"
#include "NetVar.h"
#include "Net.h"
#include "Type.h"
#include "File.h"
#include "broker/Manager.h"
#include "threading/Manager.h"
@ -16,8 +17,8 @@
#include "WriterFrontend.h"
#include "WriterBackend.h"
#include "logging.bif.h"
#include "../plugin/Plugin.h"
#include "../plugin/Manager.h"
#include "plugin/Plugin.h"
#include "plugin/Manager.h"
using namespace logging;
@ -1300,32 +1301,6 @@ bool Manager::WriteFromRemote(EnumVal* id, EnumVal* writer, string path, int num
return true;
}
void Manager::SendAllWritersTo(RemoteSerializer::PeerID peer)
{
auto et = internal_type("Log::Writer")->AsEnumType();
for ( vector<Stream *>::iterator s = streams.begin(); s != streams.end(); ++s )
{
Stream* stream = (*s);
if ( ! (stream && stream->enable_remote) )
continue;
for ( Stream::WriterMap::iterator i = stream->writers.begin();
i != stream->writers.end(); i++ )
{
WriterFrontend* writer = i->second->writer;
auto writer_val = et->GetVal(i->first.first);
remote_serializer->SendLogCreateWriter(peer, (*s)->id,
writer_val,
*i->second->info,
writer->NumFields(),
writer->Fields());
Unref(writer_val);
}
}
}
void Manager::SendAllWritersTo(const broker::endpoint_info& ei)
{
auto et = internal_type("Log::Writer")->AsEnumType();

6
src/logging/Manager.h
View file

@ -10,14 +10,12 @@
#include "../Val.h"
#include "../Tag.h"
#include "../EventHandler.h"
#include "../RemoteSerializer.h"
#include "../plugin/ComponentManager.h"
#include "Component.h"
#include "WriterBackend.h"
class SerializationFormat;
class RemoteSerializer;
class RotationTimer;
namespace logging {
@ -234,7 +232,6 @@ protected:
friend class WriterFrontend;
friend class RotationFinishedMessage;
friend class RotationFailedMessage;
friend class ::RemoteSerializer;
friend class ::RotationTimer;
// Instantiates a new WriterBackend of the given type (note that
@ -248,9 +245,6 @@ protected:
int num_fields, const threading::Field* const* fields,
bool local, bool remote, bool from_remote, const string& instantiating_filter="");
// Announces all instantiated writers to peer.
void SendAllWritersTo(RemoteSerializer::PeerID peer);
// Signals that a file has been rotated.
bool FinishedRotation(WriterFrontend* writer, const char* new_name, const char* old_name,
double open, double close, bool success, bool terminating);

1
src/logging/WriterBackend.cc
View file

@ -4,6 +4,7 @@
#include "util.h"
#include "threading/SerialTypes.h"
#include "SerializationFormat.h"
#include "Manager.h"
#include "WriterBackend.h"

2
src/logging/WriterBackend.h
View file

@ -9,8 +9,6 @@
#include "Component.h"
class RemoteSerializer;
namespace broker { class data; }
namespace logging {

12
src/logging/WriterFrontend.cc
View file

@ -169,12 +169,6 @@ void WriterFrontend::Init(int arg_num_fields, const Field* const * arg_fields)
if ( remote )
{
remote_serializer->SendLogCreateWriter(stream,
writer,
*info,
arg_num_fields,
arg_fields);
broker_mgr->PublishLogCreate(stream,
writer,
*info,
@ -201,12 +195,6 @@ void WriterFrontend::Write(int arg_num_fields, Value** vals)
if ( remote )
{
remote_serializer->SendLogWrite(stream,
writer,
info->path,
num_fields,
vals);
broker_mgr->PublishLogWrite(stream,
writer,
info->path,

13
src/main.cc
View file

@ -39,7 +39,6 @@ extern "C" {
#include "RuleMatcher.h"
#include "Anon.h"
#include "Serializer.h"
#include "RemoteSerializer.h"
#include "EventRegistry.h"
#include "Stats.h"
#include "Brofiler.h"
@ -102,7 +101,6 @@ EventHandlerPtr net_done = 0;
RuleMatcher* rule_matcher = 0;
FileSerializer* event_serializer = 0;
FileSerializer* state_serializer = 0;
RemoteSerializer* remote_serializer = 0;
EventPlayer* event_player = 0;
EventRegistry* event_registry = 0;
ProfileLogger* profiling_logger = 0;
@ -272,10 +270,6 @@ void done_with_network()
{
set_processing_status("TERMINATING", "done_with_network");
// Release the port, which is important for checkpointing Bro.
if ( remote_serializer )
remote_serializer->StopListening();
// Cancel any pending alarms (watchdog, in particular).
(void) alarm(0);
@ -299,9 +293,6 @@ void done_with_network()
mgr.Drain();
mgr.Drain();
if ( remote_serializer )
remote_serializer->Finish();
net_finish(1);
#ifdef USE_PERFTOOLS_DEBUG
@ -349,9 +340,6 @@ void terminate_bro()
delete profiling_logger;
}
if ( remote_serializer )
remote_serializer->LogStats();
mgr.Drain();
log_mgr->Terminate();
@ -782,7 +770,6 @@ int main(int argc, char** argv)
dns_mgr->SetDir(".state");
iosource_mgr = new iosource::Manager();
remote_serializer = new RemoteSerializer();
event_registry = new EventRegistry();
analyzer_mgr = new analyzer::Manager();
log_mgr = new logging::Manager();

4
src/threading/SerialTypes.cc
View file

@ -2,8 +2,8 @@
#include "SerialTypes.h"
#include "../RemoteSerializer.h"
#include "SerializationFormat.h"
#include "Reporter.h"
using namespace threading;

3
src/threading/SerialTypes.h
View file

@ -13,7 +13,6 @@
using namespace std;
class SerializationFormat;
class RemoteSerializer;
namespace threading {
@ -78,8 +77,6 @@ struct Field {
string TypeName() const;
private:
friend class ::RemoteSerializer;
// Force usage of constructor above.
Field() {}
};

4
testing/btest/Baseline/coverage.bare-mode-errors/errors
View file

@ -1,2 +1,6 @@
warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name)
warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name)
warning in /Users/johanna/bro/master/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/johanna/bro/master/testing/btest/../../scripts//zeexygen/__load__.zeek:9 "Use '@load base/protocols/smb' instead"
warning in /Users/johanna/bro/master/scripts/policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name)
warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/misc/trim-trace-file.zeek, line 25: deprecated (rotate_file_by_name)
warning in /Users/johanna/bro/master/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead"