Replacing the &synchronized attribute in 2.6

Hey,

do we have any example how to replace the old &synchronized attribute in the new Broker-powered world? I looked at the documentation (it’s extremely verbose) and found nothing that I could relate to.

Here is the pattern I’m trying to port to 2.6. It’s basically a code that uses the Input Framework, reads some lists, stores them in a simple set and keeps this set synchronized.
The problem might be coming from a not obvious behavior of the &synchronized attribute - I had no idea what it did, I knew that it was supposed to be there.

The old 2.5.5 documentation mentions this attribute briefly
https://docs.zeek.org/en/stable/script-reference/attributes.html

&synchronized - synchronize a variable across nodes ← what nodes are we talking about? what’s the communication flow here? Who is the producer, who is the consumer?
It is impossible to move my scripts over to Broker without answering those questions.

type Idx: record {
whitelist_ip: subnet;
};

global whitelist_scan_ip: set[subnet] = {} &synchronized; ← the boo-boo is here

event bro_init()
{
Input::add_table([$source=“scan_ip.txt”,
$name=“whitelist_scan_ip”,
$idx=Idx,
$destination=whitelist_scan_ip,
$mode=Input::REREAD]);
}

https://docs.zeek.org/en/stable/frameworks/broker.html#porting-guide

I guess data stores are the way to go.
Jan

Michal,

For the use case in your email, the best option available to you is the Configuration Framework.

https://docs.zeek.org/en/stable/frameworks/configuration.html

# First file:

module TestModule;

export {

option whitelist_scan_ip: set[subnet] = {};

redef Config::config_files += { "/path/to/my/config.dat" };

}

# /path/to/my/config.dat:

TestModule::whitelist_scan_ip = 10.1.2.0/24,10.1.3.0/24,10.1.4.0/24

Thanks,

Stephen

Thanks, using the configuration framework is easier indeed.

Just for the sake of discussing some broker code - do we have examples how people replace the &synchronized attribute?

Mike Dopheide wrote a blog post (on the Zeek blog) about that exact topic not too long ago. He had spent a lot of time at work fixing a bug with one of our policies and had this deep dive in the process. It’s a good read.

https://blog.zeek.org/2018/07/broker-is-coming-part-2-replacing.html

  • Sam

Thanks - this is exactly what I was Googling for (and could not find).