This adds the capability for the user to attach a reason when removing
or destroying a rule. The message will both be logged in netcontrol.log
and forwarded to the responsible plugins.
Addresses BIT-1655
Great work, and great documentation!
I'm getting one test failure with
scripts.base.frameworks.netcontrol.catch-and-release-cluster Going
ahead and commiting, Jenkins will show the details I assume.
BIT-1584 #merged
* origin/topic/johanna/netcontrol-improvements:
SMTP does not need to pull in the notice framework.
Write NetControl framework documentation.
Use NetControl for ACTION_DROP of notice framework.
NetControl: slightly update catch and release logging
NetControl: fix several small logging issues
NetControl: more catch and release logging and cluster fix
NetControl: rewrite catch and release and small fixes.
NetControl: find_rules_subnet works in cluster mode
NetControl: fix acld whitelist command
NetControl: add rule exists as state besides added and failure.
NetControl: Suppress duplicate "plugin activated" messages.
NetControl: make new broker plugin options accessible
NetControl: add predicates to broker plugin
This commit rewrites catch and release, fixing issues with it and making
it fully cluster capable. A dedicated netcontrol_catch_release.log is
also added.
This is not quite done yet; a few more log messages are missing. There
should hopefully not be many big issues left.
This introduces two new events, NetControl::rule_new and
NetControl::rule_destroyed, which are raised when rules are first added
and then deleted from the internal state tracking.
BIT-1550 #merged
* origin/topic/johanna/netcontrol: (72 commits)
Update baselines and news
Move prefixtable back to all IPv6 internal handling.
NetControl: Add functions to search for rules affecting IPs/subnets
Add check_subnet bif that allows exact membership test for subnet tables.
Rewrite internal handling of rules.
Add bif that allows searching for all matching subnets in table.
Add signaling of succesful initialization of plugins to NetControl.
Add rule hooks to the acld plugin.
Add new logfiles for shunting and drops to netcontrol
Extend NetControl logging and fix bugs.
Update OpenFlow API and events.
small acld plugin fix
Revert "introduce &weaken attribute"
Fix crash when printing type of recursive structures.
Testcase for crash when a record contains a function referencing a record.
Rename Pacf to NetControl
fix acld plugin to use address instead of subnet (and add functions for conversion)
implement quarantine
miscelaneous missing bits and pieces
Acld implementation for Pacf - Bro side.
...
Adds the functions
NetControl::find_rules_addr and NetControl::fund_rules_subnet
which return a vector containing all rules affecting a certain IP or
subnet.
This has no user-facing changes. It makes the internal handling of rules
much easier (no crazy duplicate rules in case our rules are added to
several backends).
It also fixes several open ends and small bugs in the process.
This does not really have many user-facing changes. The one big change
is that users now should initialize plugins in the
NetControl::init()
event instead of bro_init.
Once all plugins finished initializing and the NetControl framework
starts operations, the NetControl::init_done() event is raised.
Rules that are sent to NetControl before the plugins have finished
initializing are ignored - this is important when several plugins that
require external connections have to be initialized at the beginning.
Without this delay, rules could end up at the wrong plugin.
Netcontrol log now includes more information; before that, it had not
quite caught up to the new capabilities (like flow modifying and
redirection, as well as mac addresses).
Furthermore, this fixes a number of bugs with cluster mode (like
duplicate events), test failures due to updates in Bro, etc.
