home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.ee.lbl.gov
/
2014.05.ftp.ee.lbl.gov.tar
/
ftp.ee.lbl.gov
/
acld-1.11.tar.gz
/
acld-1.11.tar
/
acld-1.11
/
acld.bro
< prev
next >
Wrap
Text File
|
2010-05-12
|
3KB
|
138 lines
# @(#) $Id: acld.bro 659 2010-04-19 22:36:26Z leres $ (LBL)
#
# Copyright (c) 2008, 2009, 2010
# The Regents of the University of California. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that: (1) source code distributions
# retain the above copyright notice and this paragraph in its entirety, (2)
# distributions including binary code include the above copyright notice and
# this paragraph in its entirety in the documentation or other materials
# provided with the distribution, and (3) all advertising materials mentioning
# features or use of this software display the following acknowledgement:
# ``This product includes software developed by the University of California,
# Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
# the University nor the names of its contributors may be used to endorse
# or promote products derived from this software without specific prior
# written permission.
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
@load remote
@load notice
# Define new notices
redef enum Notice += {
AcldDebug,
};
module acld;
type acld_request_rec: record {
cmd: string;
cookie: count;
comment: string &optional;
};
type acld_reply_rec: record {
cmd: string;
cookie: count;
timestamp: time;
success: bool;
comment: string &optional;
payload: string &optional;
};
export {
global acld_block: function(h: addr);
global acld_blockhosthost: function(h1: addr, h2: addr);
global acld_reply: event(rep: acld_reply_rec);
global acld_request: event(msg: acld_request_rec);
global acld_restorehosthost: function(h1: addr, h2: addr);
global acld_unblock: function(h: addr);
# Default acld host and port
const acldaddr: addr = 127.0.0.1 &redef;
const acldport: port = 47777/tcp &redef;
}
redef Remote::destinations += {
["acld"] = [
$host = acldaddr,
$p = acldport,
$class = "acld",
$events = /acld::acld_reply/,
$connect = T,
$retry = 10 secs,
$ssl=F
]
};
global cookie: count = 0;
# Hook to re-block hosts at startup
event
bro_init()
{
NOTICE([$note=AcldDebug, $msg=fmt("acld: acldaddr %s @ %s",
acldaddr, acldport) ]);
}
function
acld_block(h: addr)
{
NOTICE([$note=AcldDebug, $msg=fmt("acld_block: %s!", h) ]);
event acld::acld_request([$cmd = fmt("drop %s", h), $cookie = cookie]);
++cookie;
}
function
acld_blockhosthost(h:ddr, h2: addr addr)
{
NOTICE([$note=AcldDebug, $msg=fmt("acld_blockhosthost: %s %s!", h1, h2) ]);
event acld::acld_request([$cmd = fmt("blockhosthost %s %s", h1, h2),
$cookie = cookie]);
++cookie;
}
function
acld_restorehosthost(h1: addr, h2: addr)
{
NOTICE([$note=AcldDebug, $msg=fmt("acld_restorehosthost: %s %s!", h1, h2) ]);
event acld::acld_request([$cmd = fmt("restorehosthost %s %s", h1, h2),
$cookie = cookie]);
++cookie;
}
event
acld_reply(rep: acld_reply_rec)
{
local str: string;
if (rep$success)
str = "success";
else
str = "fail";
NOTICE([$note=AcldDebug, $msg=fmt("acld::reply(): \"%s\" %s (%d)",
rep$cmd, str, rep$cookie) ]);
}
function
acld_unblock(h: addr)
{
NOTICE([$note=AcldDebug, $msg=fmt("acld_unblock: %s!", h) ]);
event acld::acld_request([$cmd = fmt("restore %s", h),
$cookie = cookie]);
++cookie;
}
