Please merge topic/johanna/netcontrol

Description

Please merge topic/johanna/netcontrol, which contains the NetControl framework and some small core changes necessary for it.

The core changes are:

  • add support for the PrefixTable and patricia tree to dump lists of covered IP addresses

  • add a number of bifs

  • add tracking of recursive types to prevent crash when a function contains a record as an argument in which the function is a member of

The framework will get a few small updates in the future. However, these mostly should be small missing features and either not affect the API at all, or only contain minor changes.

Environment

None

Activity

Show:
Jan Grashoefer
March 12, 2016, 10:22 PM

That framework looks awesome! It's a pity, but last week I realized that the subnet-functionality would be nice to have to extend the intel-framework, so I did something similar to your changes in patricia tree and PrefixTable (see https://github.com/J-Gras/bro/compare/master...J-Gras:topic/jgras/subnet). My approach was different in the way that I did not return a list of subnets. I returned a table including only the subnets that contain the queried one, so you would not need to query each item again based on the list of matching subnets. Would you mind to have a look and tell me your opinion on this approach (excluding the function names... yours are much better )?

Johanna Amann
March 13, 2016, 4:47 AM

I think both approaches are valid - it just depends on your use-case which is more appropriate. For what I am using them for, I really only needed the list of subnets (and not constructing the whole table has a lower overhead).

I will try to just fold that into my current patch sometime end-of-next-week-ish. I will probably do it a bit different, but that mostly is a style thing (and on a first glance, your code has a few gotchas - I think constructing the table as having the type table[subnet] of any can lead to a few interesting issues, e.g.).

Jan Grashoefer
March 14, 2016, 2:08 PM

My idea was to keep it generic so you could call it with any table, which will fall back to normal lookup for everything except subnet-indexed tables. Therefore the result tables should copy the type of the input tables. Probably I am doing it wrong, as it was a hack without full knowledge about how the typesystem really works. In case you think it's really worth to keep both approaches, I am happy to help.

Johanna Amann
March 16, 2016, 10:59 PM

I added the feature of just filtering tables to my current implementation in the topic/johanna/filter_subnet_table branch. Could you perhaps take a look at that and see if that works for you?

The implementation is quite a bit different from how you did it. I also opted to keep the bif specific to table/set[subnet] - my reasoning was that if we ever have other types that support that kind of matching, we will probably want to convert that into a language feature instead of having a bif that works for all types.

Johanna Amann
March 17, 2016, 6:14 PM

FYI - merge request for this is in

Assignee

Robin Sommer

Reporter

Johanna Amann

Labels

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal
Configure