mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
1bd658da8f
This adds a "policy" hook into the logging framework's streams and
filters to replace the existing log filter predicates. The hook
signature is as follows:
hook(rec: any, id: Log::ID, filter: Log::Filter);
The logging manager invokes hooks on each log record. Hooks can veto
log records via a break, and modify them if necessary. Log filters
inherit the stream-level hook, but can override or remove the hook as
needed.
The distribution's existing log streams now come with pre-defined
hooks that users can add handlers to. Their name is standardized as
"log_policy" by convention, with additional suffixes when a module
provides multiple streams. The following adds a handler to the Conn
module's default log policy hook:
hook Conn::log_policy(rec: Conn::Info, id: Log::ID, filter: Log::Filter)
{
if ( some_veto_reason(rec) )
break;
}
By default, this handler will get invoked for any log filter
associated with the Conn::LOG stream.
The existing predicates are deprecated for removal in 4.1 but continue
to work.
78 lines
2.1 KiB
Text
78 lines
2.1 KiB
Text
##! OpenFlow plugin that outputs flow-modification commands
|
|
##! to a Zeek log file.
|
|
|
|
@load base/frameworks/openflow
|
|
@load base/frameworks/logging
|
|
|
|
module OpenFlow;
|
|
|
|
export {
|
|
redef enum Plugin += {
|
|
OFLOG,
|
|
};
|
|
|
|
redef enum Log::ID += { LOG };
|
|
|
|
global log_policy: Log::PolicyHook;
|
|
|
|
## Log controller constructor.
|
|
##
|
|
## dpid: OpenFlow switch datapath id.
|
|
##
|
|
## success_event: If true, flow_mod_success is raised for each logged line.
|
|
##
|
|
## Returns: OpenFlow::Controller record.
|
|
global log_new: function(dpid: count, success_event: bool &default=T): OpenFlow::Controller;
|
|
|
|
redef record ControllerState += {
|
|
## OpenFlow switch datapath id.
|
|
log_dpid: count &optional;
|
|
## Raise or do not raise success event.
|
|
log_success_event: bool &optional;
|
|
};
|
|
|
|
## The record type which contains column fields of the OpenFlow log.
|
|
type Info: record {
|
|
## Network time.
|
|
ts: time &log;
|
|
## OpenFlow switch datapath id.
|
|
dpid: count &log;
|
|
## OpenFlow match fields.
|
|
match: ofp_match &log;
|
|
## OpenFlow modify flow entry message.
|
|
flow_mod: ofp_flow_mod &log;
|
|
};
|
|
|
|
## Event that can be handled to access the :zeek:type:`OpenFlow::Info`
|
|
## record as it is sent on to the logging framework.
|
|
global log_openflow: event(rec: Info);
|
|
}
|
|
|
|
event zeek_init() &priority=5
|
|
{
|
|
Log::create_stream(OpenFlow::LOG, [$columns=Info, $ev=log_openflow, $path="openflow", $policy=log_policy]);
|
|
}
|
|
|
|
function log_flow_mod(state: ControllerState, match: ofp_match, flow_mod: OpenFlow::ofp_flow_mod): bool
|
|
{
|
|
Log::write(OpenFlow::LOG, [$ts=network_time(), $dpid=state$log_dpid, $match=match, $flow_mod=flow_mod]);
|
|
if ( state$log_success_event )
|
|
event OpenFlow::flow_mod_success(state$_name, match, flow_mod);
|
|
|
|
return T;
|
|
}
|
|
|
|
function log_describe(state: ControllerState): string
|
|
{
|
|
return fmt("Log-%d", state$log_dpid);
|
|
}
|
|
|
|
function log_new(dpid: count, success_event: bool &default=T): OpenFlow::Controller
|
|
{
|
|
local c = OpenFlow::Controller($state=OpenFlow::ControllerState($log_dpid=dpid, $log_success_event=success_event),
|
|
$flow_mod=log_flow_mod, $describe=log_describe, $supports_flow_removed=F);
|
|
|
|
register_controller(OpenFlow::OFLOG, cat(dpid), c);
|
|
|
|
return c;
|
|
}
|