mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
979d43eac0
Catch-and-release logs now include the plugin that is responsible for an action. Furthermore, the catch-and-release log also includes instances where a rule already existed, and where an error occurred during an operation.
77 lines
2.2 KiB
Text
77 lines
2.2 KiB
Text
# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
|
|
# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log
|
|
# @TEST-EXEC: btest-diff netcontrol_catch_release.log
|
|
|
|
@load base/frameworks/netcontrol
|
|
@load policy/frameworks/netcontrol/catch-and-release
|
|
|
|
event NetControl::init()
|
|
{
|
|
local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
|
|
local netcontrol_debug_two = NetControl::create_debug(T, "plugin-2");
|
|
NetControl::activate(netcontrol_debug, 0);
|
|
NetControl::activate(netcontrol_debug_two, 0);
|
|
}
|
|
|
|
global i: count = 0;
|
|
|
|
event connection_established(c: connection)
|
|
{
|
|
local id = c$id;
|
|
NetControl::drop_address_catch_release(id$orig_h);
|
|
# second one should be ignored because duplicate
|
|
NetControl::drop_address_catch_release(id$orig_h);
|
|
}
|
|
|
|
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
|
|
{
|
|
if ( p$plugin$name(p) == "plugin-1" )
|
|
return;
|
|
|
|
if ( ++i >= 6 )
|
|
return;
|
|
|
|
# delete directly, without notifying anything.
|
|
NetControl::delete_rule(r$id, "testing");
|
|
NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
|
|
}
|
|
|
|
|
|
@TEST-START-NEXT
|
|
|
|
@load base/frameworks/netcontrol
|
|
@load policy/frameworks/netcontrol/catch-and-release
|
|
|
|
event NetControl::init()
|
|
{
|
|
local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
|
|
local netcontrol_debug_two = NetControl::create_debug_exists("exists");
|
|
local netcontrol_debug_error = NetControl::create_debug_error("error");
|
|
NetControl::activate(netcontrol_debug_two, 0);
|
|
NetControl::activate(netcontrol_debug_error, 0);
|
|
NetControl::activate(netcontrol_debug, 0);
|
|
}
|
|
|
|
global i: count = 0;
|
|
|
|
event connection_established(c: connection)
|
|
{
|
|
local id = c$id;
|
|
NetControl::drop_address_catch_release(id$orig_h);
|
|
# second one should be ignored because duplicate
|
|
NetControl::drop_address_catch_release(id$orig_h);
|
|
}
|
|
|
|
event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
|
|
{
|
|
if ( p$plugin$name(p) != "plugin-1" )
|
|
return;
|
|
|
|
if ( ++i >= 6 )
|
|
return;
|
|
|
|
# delete directly, without notifying anything.
|
|
NetControl::delete_rule(r$id, "testing");
|
|
NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
|
|
}
|
|
|