firewalla
diff --git a/‎buildraw
+1-1 b/‎buildraw
+1-1
diff --git a/‎buildraw4
+1-1 b/‎buildraw4
+1-1
diff --git a/‎buildraw_aarch64.sh
+1-1 b/‎buildraw_aarch64.sh
+1-1
diff --git a/‎etc/bro-bro-check
+5-16 b/‎etc/bro-bro-check
+5-16
diff --git a/‎etc/bro-cron2
+3-18 b/‎etc/bro-cron2
+3-18
diff --git a/‎etc/brotab
+1 b/‎etc/brotab
+1
diff --git a/‎etc/crontab
+15 b/‎etc/crontab
+15
diff --git a/‎etc/node.cluster.cfg
+26 b/‎etc/node.cluster.cfg
+26
diff --git a/‎etc/redis-check
+15 b/‎etc/redis-check
+15
diff --git a/‎net2/BroControl.js
+62 b/‎net2/BroControl.js
+62
@@ -89,7 +89,7 @@ function install_walla()
 
     sudo cp $basedir/etc/sysctl.conf /etc/sysctl.conf || perr_and_exit "Failed to replace system sysctl.conf."
     sudo cp $basedir/etc/bro-cron /etc/cron.hourly/. || perr_and_exit "Failed to install root bron cronjobs."
-    crontab $basedir/etc/brotab || perr_and_exit "Failed to install user bro cronjobs."
+    crontab $basedir/etc/crontab || perr_and_exit "Failed to install user bro cronjobs."
 
     echo "Setting up encipher..."
     sudo mkdir -p /encipher.config || perr_and_exit "Failed to create /encipher.config/"
 
@@ -125,7 +125,7 @@ function install_walla()
     fi
     sudo cp $basedir/etc/sysctl.conf /etc/sysctl.conf || perr_and_exit "Failed to replace system sysctl.conf."
     sudo cp $basedir/etc/bro-cron /etc/cron.hourly/. || perr_and_exit "Failed to install root bron cronjobs."
-    crontab $basedir/etc/brotab || perr_and_exit "Failed to install user bro cronjobs."
+    crontab $basedir/etc/crontab || perr_and_exit "Failed to install user bro cronjobs."
 
     # Enable BBR TCP congestion control
     grep "tcp_bbr" /etc/modules-load.d/modules.conf >/dev/null 2>&1
 
@@ -126,7 +126,7 @@ function install_walla() {
 	fi
 	sudo cp $basedir/etc/sysctl.conf /etc/sysctl.conf || perr_and_exit "Failed to replace system sysctl.conf."
 	sudo cp $basedir/etc/bro-cron /etc/cron.hourly/. || perr_and_exit "Failed to install root bron cronjobs."
-	crontab $basedir/etc/brotab || perr_and_exit "Failed to install user bro cronjobs."
+	crontab $basedir/etc/crontab || perr_and_exit "Failed to install user bro cronjobs."
 
 	# Enable BBR TCP congestion control
 	grep "tcp_bbr" /etc/modules-load.d/modules.conf >/dev/null 2>&1
 
@@ -1,23 +1,12 @@
 #!/bin/bash
 sync
 
-bro_process_cnt=`ps -ef |grep "broctl/standalone broctl/auto" | grep -v grep | wc -l`
-if [[ $bro_process_cnt < 3 ]]; then
+: ${FIREWALLA_HOME:=/home/pi/firewalla}
+source ${FIREWALLA_HOME}/platform/platform.sh
+
+bro_process_cnt=`ps -ef |grep "$(bro_proc_name)ctl/auto" | grep -v grep | wc -l`
+if [[ $bro_process_cnt -lt 3 ]]; then
     logger 'FIREWALLA: bro-quick-cron: bro restart due to bro vanished'
     sudo service brofish stop
     sudo service brofish start
 fi
-
-redis_process_cnt=`sudo systemctl status redis-server |grep 'active (running)' | wc -l`
-
-if [[ $redis_process_cnt = 0 ]]; then
-   /usr/bin/logger "FIREWALLA PING: REDIS GOING DOWN"
-   sleep 10
-   redis_process_cnt=`sudo systemctl status redis-server |grep 'active (running)' | wc -l`
-   if [[ $redis_process_cnt = 0 ]]; then
-       sudo rm -r -f /var/log/redis/*
-       /usr/bin/logger "REBOOT: FIREWALLA PING NO REDIS"
-       /home/pi/firewalla/scripts/fire-reboot
-       exit 0
-   fi
-fi
@@ -5,27 +5,12 @@ sync
 /usr/bin/sudo /bin/rm -r -f /bspool/tmp/*
 #node /home/pi/firewalla/scripts/clean-redis.js &
 
-bro_process_cnt=`ps -ef |grep "broctl/standalone broctl/auto" | grep -v grep | wc -l`
-logger "detected bro process count:$bro_process_cnt"  
-if [[ $bro_process_cnt < 3 ]]; then
-    logger 'FIREWALLA: bro restart due to bro vanished'
-    sudo service brofish stop
-    sudo service brofish start
-fi
-
-#forever_process_cnt=`forever list | grep "STOPPED" | grep -v grep | wc -l`
-#if [[ $forever_process_cnt > 0 ]]; then
-#    logger 'FIREWALLA: forever process STOPPED'
-#    forever list | logger
-#    forever restartall
-#fi
-
 ui_process_cnt=`sudo systemctl status fireui | grep 'active (running)' | wc -l`
 kickui_process_cnt=`sudo systemctl status firekick |grep 'active (running)' | wc -l`
 api_process_cnt=`sudo systemctl status fireapi |grep 'active (running)' | wc -l`
-if [[ $ui_process_cnt <1 ]]; then
-    if [[ $kickui_process_cnt < 1 ]]; then
-        if [[ $api_process_cnt < 1 ]]; then
+if [[ $ui_process_cnt -lt 1 ]]; then
+    if [[ $kickui_process_cnt -lt 1 ]]; then
+        if [[ $api_process_cnt -lt 1 ]]; then
             logger 'FIREWALLA: no ui process'
         fi
     fi
 
@@ -2,6 +2,7 @@ SHELL=/bin/bash
 */15 * * * * /home/pi/firewalla/etc/bro-cron2  >/dev/null 2>&1
 */1 * * * * /home/pi/firewalla/etc/bro-mem-check  >/dev/null 2>&1
 */3 * * * * /home/pi/firewalla/etc/bro-bro-check  >/dev/null 2>&1
+*/3 * * * * /home/pi/firewalla/etc/redis-check  >/dev/null 2>&1
 0 0 */5 * *  /home/pi/firewalla/scripts/scheduled_reboot.sh &>/dev/null
 0 0 1-31/2 * * /home/pi/firewalla/scripts/clean-log >/dev/null 2>&1
 * * * * * for x in $(seq 0 10 50); do ( sleep $x; flock -n /dev/shm/fire-ping.lock -c "timeout 30 /home/pi/scripts/fire-ping.sh  &>/dev/null") & done
 
@@ -0,0 +1,15 @@
+SHELL=/bin/bash
+*/3 * * * * /home/pi/firewalla/etc/redis-check  >/dev/null 2>&1
+0 0 */5 * *  /home/pi/firewalla/scripts/scheduled_reboot.sh &>/dev/null
+0 0 1-31/2 * * /home/pi/firewalla/scripts/clean-log >/dev/null 2>&1
+* * * * * for x in $(seq 0 10 50); do ( sleep $x; flock -n /dev/shm/fire-ping.lock -c "timeout 30 /home/pi/scripts/fire-ping.sh  &>/dev/null") & done
+*/5 * * * * ( /home/pi/firewalla/scripts/bitbridge-ping.sh  >/dev/null 2>&1 )
+*/2 * * * * ( /home/pi/firewalla/scripts/fireapi-ping.sh  >/dev/null 2>&1 )
+*/10 * * * * ( /home/pi/firewalla/scripts/firemain-ping.sh  >/dev/null 2>&1 )
+*/5 * * * * ( /home/pi/firewalla/scripts/firemon-ping.sh  >/dev/null 2>&1 )
+*/2 * * * * ( /home/pi/firewalla/scripts/brofish-ping.sh  >/dev/null 2>&1 )
+0 2 * * * ( sleep $(( ${RANDOM} * 120 / 32768 ))m ; /home/pi/firewalla/scripts/fireupgrade_check.sh >/tmp/fireupgrade.log 2>&1 )
+*/5 * * * * logger "Firewalla checkpoint every 5 mins" &>/dev/null
+*/30 * * * * /home/pi/firewalla/scripts/free-memory &>/dev/null
+0 * * * * /home/pi/firewalla/scripts/health_check.sh &> /tmp/health_check.log
+0 0 * * * ( sleep $(( ${RANDOM} * 720 / 32768 ))m ; timeout 30 /home/pi/firewalla/scripts/diag_hello.sh &>/dev/null)
@@ -0,0 +1,26 @@
+# Example ZeekControl node configuration.
+#
+# This example has a standalone node ready to go except for possibly changing
+# the sniffing interface.
+
+# This is a complete standalone configuration.  Most likely you will
+# only need to change the interface.
+#[zeek]
+#type=standalone
+#host=localhost
+#interface=br0
+
+## Below is an example clustered configuration. If you use this,
+## remove the [zeek] node above.
+
+[logger]
+type=logger
+host=localhost
+
+[manager]
+type=manager
+host=localhost
+
+[proxy-1]
+type=proxy
+host=localhost
@@ -0,0 +1,15 @@
+#!/bin/bash
+sync
+
+redis_process_cnt=`sudo systemctl status redis-server |grep 'active (running)' | wc -l`
+if [[ $redis_process_cnt -eq 0 ]]; then
+   /usr/bin/logger "FIREWALLA PING: REDIS GOING DOWN"
+   sleep 10
+   redis_process_cnt=`sudo systemctl status redis-server |grep 'active (running)' | wc -l`
+   if [[ $redis_process_cnt -eq 0 ]]; then
+       sudo rm -r -f /var/log/redis/*
+       /usr/bin/logger "REBOOT: FIREWALLA PING NO REDIS"
+       /home/pi/firewalla/scripts/fire-reboot
+       exit 0
+   fi
+fi
@@ -0,0 +1,62 @@
+/*    Copyright 2019 Firewalla Inc.
+ *
+ *    This program is free software: you can redistribute it and/or  modify
+ *    it under the terms of the GNU Affero General Public License, version 3,
+ *    as published by the Free Software Foundation.
+ *
+ *    This program is distributed in the hope that it will be useful,
+ *    but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *    GNU Affero General Public License for more details.
+ *
+ *    You should have received a copy of the GNU Affero General Public License
+ *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+'use strict';
+
+const log = require("./logger.js")(__filename);
+const f = require('./Firewalla.js')
+
+const exec = require('child-process-promise')
+const util = require('util')
+const fs = require('fs')
+const appendFile = util.promisify(fs.appendFile)
+
+const PATH_NODE_CFG = `/usr/local/bro/etc/node.cfg`
+
+class BroControl {
+
+  async writeClusterConfig(monitoringInterfaces) {
+    // rewrite cluster node.cfg
+    await exec(`sudo cp -f ${f.getFirewallaHome}/etc/node.cluster.cfg ${PATH_NODE_CFG}`)
+
+    let workerCfg = []
+    let index = 1
+    for (const intf of monitoringInterfaces) {
+      workerCfg.push(
+        `\n`,
+        `[worker-${index++}]\n`,
+        `type=worker\n`,
+        `host=localhost\n`,
+        `interface=${intf}\n`,
+      )
+    }
+    await appendFile(PATH_NODE_CFG, workerCfg.join(''))
+  }
+
+  async addCronJobs() {
+    await exec('sudo -u pi crontab -r; sudo -u pi crontab /home/pi/firewalla/etc/crontab')
+  }
+
+  async start() {
+    exec(`sudo systemctl start brofish`)
+  }
+
+  async restart() {
+    exec(`sudo systemctl restart brofish`)
+  }
+
+}
+
+module.exports = new BroControl