[Bro-Dev] [Bro-Commits] [git/bro] master: Modification to the Communication framework API. (da9b8cc)

Daniel Thayer dnthayer at ncsa.illinois.edu
Mon Oct 10 15:06:04 PDT 2011


It seems that this change causes Bro to fail to start (due to 'listen_port_clear'
in aux/broctl/BroControl/install.py)

-Daniel


----- Original Message -----
From: "Seth Hall" <seth at icir.org>
To: bro-commits at bro-ids.org
Sent: Friday, October 7, 2011 2:02:58 PM
Subject: [Bro-Commits] [git/bro] master: Modification to the Communication	framework API. (da9b8cc)

Repository : ssh://git@bro-ids.icir.org/bro

On branch  : master
Link       : http://tracker.bro-ids.org/bro/changeset/da9b8cc2832a79d4ee2597e2b7515ad8a703ca61/bro

>---------------------------------------------------------------

commit da9b8cc2832a79d4ee2597e2b7515ad8a703ca61
Author: Seth Hall <seth at icir.org>
Date:   Fri Oct 7 13:29:26 2011 -0400

    Modification to the Communication framework API.
    
    - Simplified the communication API and made it easier to change
      to encrypted connections by not having separate variables to
      define encrypted and unencrypted ports.
    
    - Now, to enable listening without configuring nodes just
      load the frameworks/communication/listen script.
    
    - If encrypted listening is desired set the following:
    	redef Communication::listen_encrypted=T;
    
    - Accompanying test updates.


>---------------------------------------------------------------

da9b8cc2832a79d4ee2597e2b7515ad8a703ca61
 scripts/base/frameworks/cluster/__load__.bro       |    4 +-
 scripts/base/frameworks/communication/main.bro     |   21 +++++++++++--------
 .../frameworks/communication/listen-clear.bro      |   20 -------------------
 .../policy/frameworks/communication/listen-ssl.bro |   21 --------------------
 scripts/policy/frameworks/communication/listen.bro |   12 +++++++++++
 scripts/policy/frameworks/control/controllee.bro   |    2 +-
 scripts/test-all-policy.bro                        |    3 +-
 testing/btest/coverage/bare-mode-errors.test       |    2 +-
 testing/btest/istate/events-ssl.bro                |    3 +-
 testing/btest/istate/events.bro                    |    2 +-
 testing/btest/istate/sync.bro                      |    2 +-
 .../frameworks/control/configuration_update.bro    |    2 +-
 .../scripts/base/frameworks/control/id_value.bro   |    2 +-
 .../scripts/base/frameworks/control/shutdown.bro   |    2 +-
 .../base/frameworks/logging/remote-types.bro       |    2 +-
 .../scripts/base/frameworks/logging/remote.bro     |    2 +-
 16 files changed, 38 insertions(+), 64 deletions(-)

diff --git a/scripts/base/frameworks/cluster/__load__.bro b/scripts/base/frameworks/cluster/__load__.bro
index 5aa39f9..3334164 100644
--- a/scripts/base/frameworks/cluster/__load__.bro
+++ b/scripts/base/frameworks/cluster/__load__.bro
@@ -21,10 +21,10 @@ redef peer_description = Cluster::node;
 
 # Don't load the listening script until we're a bit more sure that the
 # cluster framework is actually being enabled.
- at load frameworks/communication/listen-clear
+ at load frameworks/communication/listen
 
 ## Set the port that this node is supposed to listen on.
-redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p;
+redef Communication::listen_port = Cluster::nodes[Cluster::node]$p;
 
 @if ( Cluster::local_node_type() == Cluster::MANAGER )
 @load ./nodes/manager
diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro
index 2e7c948..44d6ace 100644
--- a/scripts/base/frameworks/communication/main.bro
+++ b/scripts/base/frameworks/communication/main.bro
@@ -8,12 +8,18 @@ module Communication;
 export {
 	redef enum Log::ID += { LOG };
 	
-	const default_port_ssl = 47756/tcp &redef;
-	const default_port_clear = 47757/tcp &redef;
+	## Which interface to listen on (0.0.0.0 for any interface).
+	const listen_interface = 0.0.0.0 &redef;
+	
+	## Which port to listen on.
+	const listen_port = 47757/tcp &redef;
+	
+	## This defines if a listening socket should use encryption.
+	const listen_encrypted = F &redef;
 
 	## Default compression level.  Compression level is 0-9, with 0 = no 
 	## compression.
-	global default_compression = 0 &redef;
+	global compression_level = 0 &redef;
 
 	type Info: record {
 		ts:                  time   &log;
@@ -77,11 +83,8 @@ export {
 		## Whether to use SSL-based communication.
 		ssl: bool &default = F;
 
-		## Take-over state from this host (activated by loading hand-over.bro)
-		hand_over: bool &default = F;
-
 		## Compression level is 0-9, with 0 = no compression.
-		compression: count &default = default_compression;
+		compression: count &default = compression_level;
 
 		## The remote peer.
 		peer: event_peer &optional;
@@ -135,7 +138,7 @@ function do_script_log(p: event_peer, msg: string)
 function connect_peer(peer: string)
 	{
 	local node = nodes[peer];
-	local p = node$ssl ? default_port_ssl : default_port_clear;
+	local p = listen_port;
 
 	if ( node?$p )
 		p = node$p;
@@ -238,7 +241,7 @@ event remote_connection_established(p: event_peer)
 			}
 
 		if ( ! found )
-			set_compression_level(p, default_compression);
+			set_compression_level(p, compression_level);
 		}
 
 	complete_handshake(p);
diff --git a/scripts/policy/frameworks/communication/listen-clear.bro b/scripts/policy/frameworks/communication/listen-clear.bro
deleted file mode 100644
index ea94fe2..0000000
--- a/scripts/policy/frameworks/communication/listen-clear.bro
+++ /dev/null
@@ -1,20 +0,0 @@
-##! Listen for other Bro instances to make unencrypted connections.
-
- at load base/frameworks/communication
-
-module Communication;
-
-export {
-	## Which port to listen on for clear connections.
-	const listen_port_clear = Communication::default_port_clear &redef;
-	
-	## Which IP address to bind to (0.0.0.0 for any interface).
-	const listen_if_clear = 0.0.0.0 &redef;
-	
-}
-
-event bro_init() &priority=-10
-	{
-	enable_communication();
-	listen(listen_if_clear, listen_port_clear, F);
-	}
diff --git a/scripts/policy/frameworks/communication/listen-ssl.bro b/scripts/policy/frameworks/communication/listen-ssl.bro
deleted file mode 100644
index b228289..0000000
--- a/scripts/policy/frameworks/communication/listen-ssl.bro
+++ /dev/null
@@ -1,21 +0,0 @@
-##! Listen for other Bro instances and encrypt the connection with SSL.
-
- at load base/frameworks/communication
-
-module Communication;
-
-export {
-	## Which port to listen on for SSL encrypted connections.
-	const listen_port_ssl = Communication::default_port_ssl &redef;
-	
-	## Which IP address to bind to for SSL encrypted connections
-	## (0.0.0.0 for any interface).
-	const listen_if_ssl = 0.0.0.0 &redef;
-	
-}
-
-event bro_init() &priority=-10
-	{
-	enable_communication();
-	listen(listen_if_ssl, listen_port_ssl, T);
-	}
diff --git a/scripts/policy/frameworks/communication/listen.bro b/scripts/policy/frameworks/communication/listen.bro
new file mode 100644
index 0000000..b42271b
--- /dev/null
+++ b/scripts/policy/frameworks/communication/listen.bro
@@ -0,0 +1,12 @@
+##! Loading this script will make the Bro instance listen for remote 
+##! Bro instances to connect.
+
+ at load base/frameworks/communication
+
+module Communication;
+
+event bro_init() &priority=-10
+	{
+	enable_communication();
+	listen(listen_interface, listen_port, listen_encrypted);
+	}
diff --git a/scripts/policy/frameworks/control/controllee.bro b/scripts/policy/frameworks/control/controllee.bro
index e055b8c..798ab88 100644
--- a/scripts/policy/frameworks/control/controllee.bro
+++ b/scripts/policy/frameworks/control/controllee.bro
@@ -1,7 +1,7 @@
 @load base/frameworks/control
 # If an instance is a controllee, it implicitly needs to listen for remote
 # connections.
- at load frameworks/communication/listen-clear
+ at load frameworks/communication/listen
 
 module Control;
 
diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
index 37b1679..75f7b1e 100644
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@@ -9,8 +9,7 @@
 
 # The base/ scripts are all loaded by default and not included here.
 
-# @load frameworks/communication/listen-clear.bro
-# @load frameworks/communication/listen-ssl.bro
+# @load frameworks/communication/listen.bro
 # @load frameworks/control/controllee.bro
 # @load frameworks/control/controller.bro
 @load frameworks/dpd/detect-protocols.bro
diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test
index 3e23a73..9fd1830 100644
--- a/testing/btest/coverage/bare-mode-errors.test
+++ b/testing/btest/coverage/bare-mode-errors.test
@@ -6,6 +6,6 @@
 # when writing a new bro scripts.
 #
 # @TEST-EXEC: test -d $DIST/scripts
-# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'listen-clear|listen-ssl|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0
+# @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro -not -path '*/site/*'`; do echo $script; if echo "$script" | egrep -q 'communication/listen|controllee'; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0
 # @TEST-EXEC: cat allerrors | grep -v "received termination signal" | sort | uniq > unique_errors
 # @TEST-EXEC: btest-diff unique_errors
diff --git a/testing/btest/istate/events-ssl.bro b/testing/btest/istate/events-ssl.bro
index cfacae9..9110648 100644
--- a/testing/btest/istate/events-ssl.bro
+++ b/testing/btest/istate/events-ssl.bro
@@ -16,7 +16,8 @@
 
 @TEST-START-FILE sender.bro
 
- at load frameworks/communication/listen-ssl
+ at load frameworks/communication/listen
+redef Communication::listen_encrypted=T;
 
 event bro_init()
     {
diff --git a/testing/btest/istate/events.bro b/testing/btest/istate/events.bro
index ecf2f2e..a0dc494 100644
--- a/testing/btest/istate/events.bro
+++ b/testing/btest/istate/events.bro
@@ -16,7 +16,7 @@
 
 @TEST-START-FILE sender.bro
 
- at load frameworks/communication/listen-clear
+ at load frameworks/communication/listen
 
 event bro_init()
     {
diff --git a/testing/btest/istate/sync.bro b/testing/btest/istate/sync.bro
index 567bbf2..1ccdc55 100644
--- a/testing/btest/istate/sync.bro
+++ b/testing/btest/istate/sync.bro
@@ -129,7 +129,7 @@ function modify()
 	foo2 = 1234567;
 }
 
- at load frameworks/communication/listen-clear
+ at load frameworks/communication/listen
 
 event remote_connection_handshake_done(p: event_peer)
 	{
diff --git a/testing/btest/scripts/base/frameworks/control/configuration_update.bro b/testing/btest/scripts/base/frameworks/control/configuration_update.bro
index 23b4998..eb86ec5 100644
--- a/testing/btest/scripts/base/frameworks/control/configuration_update.bro
+++ b/testing/btest/scripts/base/frameworks/control/configuration_update.bro
@@ -1,4 +1,4 @@
-# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port_clear=65531/tcp 
+# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65531/tcp 
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=configuration_update
 # @TEST-EXEC: btest-bg-run controller2 BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=shutdown
 # @TEST-EXEC: btest-bg-wait 1
diff --git a/testing/btest/scripts/base/frameworks/control/id_value.bro b/testing/btest/scripts/base/frameworks/control/id_value.bro
index 9f0cb76..90a5367 100644
--- a/testing/btest/scripts/base/frameworks/control/id_value.bro
+++ b/testing/btest/scripts/base/frameworks/control/id_value.bro
@@ -1,4 +1,4 @@
-# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port_clear=65532/tcp 
+# @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port=65532/tcp 
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65532/tcp Control::cmd=id_value Control::arg=test_var
 # @TEST-EXEC: btest-bg-wait -k 1
 # @TEST-EXEC: btest-diff controller/.stdout
diff --git a/testing/btest/scripts/base/frameworks/control/shutdown.bro b/testing/btest/scripts/base/frameworks/control/shutdown.bro
index 55af973..73319a7 100644
--- a/testing/btest/scripts/base/frameworks/control/shutdown.bro
+++ b/testing/btest/scripts/base/frameworks/control/shutdown.bro
@@ -1,4 +1,4 @@
-# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port_clear=65530/tcp 
+# @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65530/tcp 
 # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65530/tcp Control::cmd=shutdown
 # @TEST-EXEC: btest-bg-wait 1
 
diff --git a/testing/btest/scripts/base/frameworks/logging/remote-types.bro b/testing/btest/scripts/base/frameworks/logging/remote-types.bro
index 60c00e5..9af45cf 100644
--- a/testing/btest/scripts/base/frameworks/logging/remote-types.bro
+++ b/testing/btest/scripts/base/frameworks/logging/remote-types.bro
@@ -48,7 +48,7 @@ event bro_init()
 
 module Test;
 
- at load frameworks/communication/listen-clear
+ at load frameworks/communication/listen
 
 event remote_connection_handshake_done(p: event_peer)
 	{
diff --git a/testing/btest/scripts/base/frameworks/logging/remote.bro b/testing/btest/scripts/base/frameworks/logging/remote.bro
index 0b31153..b244c72 100644
--- a/testing/btest/scripts/base/frameworks/logging/remote.bro
+++ b/testing/btest/scripts/base/frameworks/logging/remote.bro
@@ -40,7 +40,7 @@ event bro_init()
 
 module Test;
 
- at load frameworks/communication/listen-clear
+ at load frameworks/communication/listen
 
 function fail(rec: Log): bool
 	{

_______________________________________________
bro-commits mailing list
bro-commits at bro-ids.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-commits



More information about the bro-dev mailing list