mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 16:48:19 +00:00
Merge remote-tracking branch 'origin/topic/jsiwek/reorg-followup'
This commit is contained in:
Seth Hall
commit
fc5f22cb5d
234 changed files with 295 additions and 104 deletions
|
|
@ -1,7 +1,7 @@
|
|||
# Load the core cluster support.
|
||||
@load ./main
|
||||
|
||||
@if ( Cluster::node != "" )
|
||||
@if ( Cluster::is_enabled() )
|
||||
|
||||
# Give the node being started up it's peer name.
|
||||
redef peer_description = Cluster::node;
|
||||
|
|
@ -26,17 +26,17 @@ redef peer_description = Cluster::node;
|
|||
## Set the port that this node is supposed to listen on.
|
||||
redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p;
|
||||
|
||||
@if ( Cluster::nodes[Cluster::node]$node_type == Cluster::MANAGER )
|
||||
@if ( Cluster::local_node_type() == Cluster::MANAGER )
|
||||
@load ./nodes/manager
|
||||
@endif
|
||||
|
||||
@if ( Cluster::nodes[Cluster::node]$node_type == Cluster::PROXY )
|
||||
@if ( Cluster::local_node_type() == Cluster::PROXY )
|
||||
@load ./nodes/proxy
|
||||
@endif
|
||||
|
||||
@if ( Cluster::nodes[Cluster::node]$node_type == Cluster::WORKER )
|
||||
@if ( Cluster::local_node_type() == Cluster::WORKER )
|
||||
@load ./nodes/worker
|
||||
@endif
|
||||
|
||||
@endif
|
||||
@endif
|
||||
@endif
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
@load base/frameworks/control
|
||||
|
||||
module Cluster;
|
||||
|
||||
|
|
@ -9,6 +10,7 @@ export {
|
|||
} &log;
|
||||
|
||||
type NodeType: enum {
|
||||
NONE,
|
||||
CONTROL,
|
||||
MANAGER,
|
||||
PROXY,
|
||||
|
|
@ -53,8 +55,8 @@ export {
|
|||
|
||||
## This function can be called at any time to determine what type of
|
||||
## cluster node the current Bro instance is going to be acting as.
|
||||
## :bro:id:`is_enabled` should be called first to find out if this is
|
||||
## actually going to be a cluster node.
|
||||
## If :bro:id:`Cluster::is_enabled` returns false, then
|
||||
## :bro:enum:`Cluster::NONE` is returned.
|
||||
global local_node_type: function(): NodeType;
|
||||
|
||||
## This gives the value for the number of workers currently connected to,
|
||||
|
|
@ -80,15 +82,15 @@ function is_enabled(): bool
|
|||
|
||||
function local_node_type(): NodeType
|
||||
{
|
||||
return nodes[node]$node_type;
|
||||
return is_enabled() ? nodes[node]$node_type : NONE;
|
||||
}
|
||||
|
||||
|
||||
event remote_connection_handshake_done(p: event_peer)
|
||||
{
|
||||
if ( nodes[p$descr]$node_type == WORKER )
|
||||
++worker_count;
|
||||
}
|
||||
|
||||
event remote_connection_closed(p: event_peer)
|
||||
{
|
||||
if ( nodes[p$descr]$node_type == WORKER )
|
||||
|
|
@ -100,10 +102,9 @@ event bro_init() &priority=5
|
|||
# If a node is given, but it's an unknown name we need to fail.
|
||||
if ( node != "" && node !in nodes )
|
||||
{
|
||||
local msg = "You didn't supply a valid node in the Cluster::nodes configuration.";
|
||||
event reporter_error(current_time(), msg, "");
|
||||
Reporter::error(fmt("'%s' is not a valid node in the Cluster::nodes configuration", node));
|
||||
terminate();
|
||||
}
|
||||
|
||||
Log::create_stream(CLUSTER, [$columns=Info]);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@
|
|||
##! This is where the cluster manager sets it's specific settings for other
|
||||
##! frameworks and in the core.
|
||||
|
||||
@load base/frameworks/notice
|
||||
|
||||
@prefixes += cluster-manager
|
||||
|
||||
# Load the script for local site configuration for the manager node.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
@load base/frameworks/notice
|
||||
|
||||
@prefixes += cluster-worker
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
@load ./main
|
||||
@load base/frameworks/communication/main
|
||||
@load base/frameworks/communication
|
||||
|
||||
@if ( Cluster::node in Cluster::nodes )
|
||||
|
||||
module Cluster;
|
||||
|
||||
|
|
@ -79,3 +81,5 @@ event bro_init() &priority=9
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
@endif
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
##! Connect to remote Bro or Broccoli instances to share state and/or transfer
|
||||
##! events.
|
||||
|
||||
@load base/frameworks/packet-filter
|
||||
|
||||
module Communication;
|
||||
|
||||
export {
|
||||
|
|
|
|||
|
|
@ -20,6 +20,8 @@
|
|||
# canary
|
||||
# friend
|
||||
|
||||
@load base/frameworks/notice
|
||||
|
||||
module Intel;
|
||||
|
||||
export {
|
||||
|
|
|
|||
|
|
@ -159,7 +159,7 @@ export {
|
|||
# We keep a script-level copy of all filters so that we can manipulate them.
|
||||
global filters: table[ID, string] of Filter;
|
||||
|
||||
@load logging.bif.bro # Needs Filter and Stream defined.
|
||||
@load base/logging.bif # Needs Filter and Stream defined.
|
||||
|
||||
module Log;
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
##! to be an internal implementation detail.
|
||||
|
||||
@load base/frameworks/cluster
|
||||
@load ./main
|
||||
|
||||
module Metrics;
|
||||
|
||||
|
|
@ -258,4 +259,4 @@ event Metrics::cluster_filter_response(uid: string, id: ID, filter_name: string,
|
|||
}
|
||||
}
|
||||
|
||||
@endif
|
||||
@endif
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
@load ./main
|
||||
|
||||
module Metrics;
|
||||
|
||||
|
|
@ -17,4 +18,4 @@ function data_added(filter: Filter, index: Index, val: count)
|
|||
{
|
||||
if ( check_notice(filter, index, val) )
|
||||
do_notice(filter, index, val);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,10 @@
|
|||
##! probably a safe assumption to make in most cases. If both addresses
|
||||
##! are remote, it will use the $src address.
|
||||
|
||||
@load ../main
|
||||
@load base/frameworks/notice
|
||||
@load base/utils/site
|
||||
|
||||
module Notice;
|
||||
|
||||
export {
|
||||
|
|
@ -44,4 +48,4 @@ event notice(n: Notice::Info) &priority=10
|
|||
else if ( n?$dst && ! Site::is_local_addr(n$dst) )
|
||||
n$remote_location = lookup_location(n$dst);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
##! This script extends the built in notice code to implement the IP address
|
||||
##! dropping functionality.
|
||||
|
||||
@load ../main
|
||||
|
||||
module Notice;
|
||||
|
||||
export {
|
||||
|
|
@ -31,4 +33,4 @@ event bro_init()
|
|||
};
|
||||
|
||||
add Notice::sync_functions[drop_func];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
@load ../main
|
||||
@load base/utils/site
|
||||
|
||||
module Notice;
|
||||
|
||||
export {
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
@load ../main
|
||||
|
||||
module Notice;
|
||||
|
||||
|
|
@ -16,4 +17,4 @@ event notice(n: Notice::Info) &priority=-5
|
|||
{
|
||||
if ( ACTION_PAGE in n$actions )
|
||||
email_notice_to(n, mail_page_dest, F);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
@load ../main
|
||||
|
||||
module Notice;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
@load base/utils/conn-ids
|
||||
@load base/utils/site
|
||||
@load ./main
|
||||
|
||||
module Weird;
|
||||
|
||||
export {
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@
|
|||
##! open filter and all filters defined in Bro scripts with the
|
||||
##! :bro:id:`capture_filters` and :bro:id:`restrict_filters` variables.
|
||||
|
||||
@load base/frameworks/notice
|
||||
|
||||
module PacketFilter;
|
||||
|
||||
export {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
##! This script reports on packet loss from the various packet sources.
|
||||
|
||||
@load base/frameworks/notice
|
||||
|
||||
module PacketFilter;
|
||||
|
||||
export {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
##! Script level signature support.
|
||||
|
||||
@load base/frameworks/notice
|
||||
|
||||
module Signatures;
|
||||
|
||||
export {
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@
|
|||
##! that they analyze. The entry point for providing new software detections
|
||||
##! to this framework is through the :bro:id:`Software::found` function.
|
||||
|
||||
@load base/utils/directions-and-hosts
|
||||
@load base/utils/numbers
|
||||
|
||||
module Software;
|
||||
|
||||
export {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue