Commit graph

10 commits

Author SHA1 Message Date
Daniel Thayer
9f5c820c7b Rename the BrokerComm namespace to Broker 2016-03-30 14:31:25 -05:00
Robin Sommer
2233521de7 Merge remote-tracking branch 'origin/topic/johanna/netcontrol'
BIT-1550 #merged

* origin/topic/johanna/netcontrol: (72 commits)
  Update baselines and news
  Move prefixtable back to all IPv6 internal handling.
  NetControl: Add functions to search for rules affecting IPs/subnets
  Add check_subnet bif that allows exact membership test for subnet tables.
  Rewrite internal handling of rules.
  Add bif that allows searching for all matching subnets in table.
  Add signaling of succesful initialization of plugins to NetControl.
  Add rule hooks to the acld plugin.
  Add new logfiles for shunting and drops to netcontrol
  Extend NetControl logging and fix bugs.
  Update OpenFlow API and events.
  small acld plugin fix
  Revert "introduce &weaken attribute"
  Fix crash when printing type of recursive structures.
  Testcase for crash when a record contains a function referencing a record.
  Rename Pacf to NetControl
  fix acld plugin to use address instead of subnet (and add functions for conversion)
  implement quarantine
  miscelaneous missing bits and pieces
  Acld implementation for Pacf - Bro side.
  ...
2016-03-11 14:29:23 -08:00
Johanna Amann
7ef431808d Rewrite internal handling of rules.
This has no user-facing changes. It makes the internal handling of rules
much easier (no crazy duplicate rules in case our rules are added to
several backends).

It also fixes several open ends and small bugs in the process.
2016-03-09 15:43:47 -08:00
Johanna Amann
42e4072673 Add signaling of succesful initialization of plugins to NetControl.
This does not really have many user-facing changes. The one big change
is that users now should initialize plugins in the

NetControl::init()

event instead of bro_init.

Once all plugins finished initializing and the NetControl framework
starts operations, the NetControl::init_done() event is raised.

Rules that are sent to NetControl before the plugins have finished
initializing are ignored - this is important when several plugins that
require external connections have to be initialized at the beginning.
Without this delay, rules could end up at the wrong plugin.
2016-03-08 14:49:22 -08:00
Johanna Amann
d9459fc59a Add rule hooks to the acld plugin.
The hook name is NetControl::acld_rule_policy and allows the
modification of acld rules before they are sent out to the network.

This allows, e.g. network policies to use nullzero instead of drop in
certain circumstances.
2016-03-08 11:25:15 -08:00
Johanna Amann
8f60974bc0 Add new logfiles for shunting and drops to netcontrol
Also fix small bugs and update baselines.
2016-02-17 12:48:16 -08:00
Johanna Amann
a38327bd08 Extend NetControl logging and fix bugs.
Netcontrol log now includes more information; before that, it had not
quite caught up to the new capabilities (like flow modifying and
redirection, as well as mac addresses).

Furthermore, this fixes a number of bugs with cluster mode (like
duplicate events), test failures due to updates in Bro, etc.
2016-02-11 19:47:29 -08:00
Johanna Amann
9f3c0c9bb4 Update OpenFlow API and events.
Events now generally carry the unique ID of the backend that is given
during initialization; there are a few more functions and other
bugfixes.

A few netcontrol tests are still broken (mostly due to a pcap update in
msater).
2016-02-11 13:10:40 -08:00
Johanna Amann
5e2ec25a38 small acld plugin fix 2016-02-11 11:31:44 -08:00
Johanna Amann
0e213352d7 Rename Pacf to NetControl 2015-07-08 12:34:42 -07:00