/src/ntopng/include/NetworkInterface.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * |
3 | | * (C) 2013-24 - ntop.org |
4 | | * |
5 | | * |
6 | | * This program is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU General Public License as published by |
8 | | * the Free Software Foundation; either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * This program is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU General Public License |
17 | | * along with this program; if not, write to the Free Software Foundation, |
18 | | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
19 | | * |
20 | | */ |
21 | | |
22 | | #ifndef _NETWORK_INTERFACE_H_ |
23 | | #define _NETWORK_INTERFACE_H_ |
24 | | |
25 | | #include "ntop_includes.h" |
26 | | |
27 | | /** @defgroup NetworkInterface Network Interface |
28 | | * ............ |
29 | | */ |
30 | | |
31 | | class Flow; |
32 | | class FlowHash; |
33 | | class Host; |
34 | | class HostHash; |
35 | | class Mac; |
36 | | class MacHash; |
37 | | class VLAN; |
38 | | class VLANHash; |
39 | | class AutonomousSystem; |
40 | | class AutonomousSystemHash; |
41 | | class ObservationPoint; |
42 | | class ObservationPointHash; |
43 | | class OperatingSystem; |
44 | | class OperatingSystemHash; |
45 | | class Country; |
46 | | class CountriesHash; |
47 | | class DB; |
48 | | class Paginator; |
49 | | class NetworkInterfaceTsPoint; |
50 | | class ViewInterface; |
51 | | class FlowAlert; |
52 | | class HostAlert; |
53 | | class FlowChecksLoader; |
54 | | class FlowChecksExecutor; |
55 | | class HostCheck; |
56 | | class HostChecksLoader; |
57 | | class HostChecksExecutor; |
58 | | |
59 | | #ifdef NTOPNG_PRO |
60 | | class L7Policer; |
61 | | class FlowInterfacesStats; |
62 | | class TrafficShaper; |
63 | | class NetworkInterfacePro; |
64 | | #endif |
65 | | |
66 | | /** @class NetworkInterface |
67 | | * @brief Main class of network interface of ntopng. |
68 | | * @details ....... |
69 | | * |
70 | | * @ingroup NetworkInterface |
71 | | * |
72 | | */ |
73 | | class NetworkInterface : public NetworkInterfaceAlertableEntity { |
74 | | protected: |
75 | | char *ifname, *ifDescription; |
76 | | u_int8_t ifMac[6]; |
77 | | bpf_u_int32 ipv4_network_mask, ipv4_network; |
78 | | const char *customIftype; |
79 | | u_int8_t purgeRuns; |
80 | | #ifdef HAVE_NEDGE |
81 | | std::map<u_int32_t, InterfaceLocation> bridge_interface_id_to_location; |
82 | | #endif |
83 | | u_int32_t num_alerts_engaged_notice[ALERT_ENTITY_MAX_NUM_ENTITIES], |
84 | | num_alerts_engaged_warning[ALERT_ENTITY_MAX_NUM_ENTITIES], |
85 | | num_alerts_engaged_error[ALERT_ENTITY_MAX_NUM_ENTITIES], |
86 | | num_alerts_engaged_critical[ALERT_ENTITY_MAX_NUM_ENTITIES], |
87 | | num_alerts_engaged_emergency[ALERT_ENTITY_MAX_NUM_ENTITIES], flow_serial; |
88 | | /* Counters for active alerts. Changed by multiple concurrent threads */ |
89 | | std::atomic<u_int64_t> |
90 | | num_active_alerted_flows_notice; /* Counts all flow alerts with severity |
91 | | <= notice */ |
92 | | std::atomic<u_int64_t> |
93 | | num_active_alerted_flows_warning; /* Counts all flow alerts with severity |
94 | | == warning */ |
95 | | std::atomic<u_int64_t> |
96 | | num_active_alerted_flows_error; /* Counts all flow alerts with severity >= |
97 | | error */ |
98 | | std::atomic<u_int32_t> num_active_probes; /* Count active ZMQ probes */ |
99 | | u_int32_t num_host_dropped_alerts, num_flow_dropped_alerts, |
100 | | num_other_dropped_alerts, last_purge_idle; |
101 | | u_int64_t num_written_alerts, num_alerts_queries, score_as_cli, score_as_srv; |
102 | | u_int64_t num_new_flows; |
103 | | time_t last_ndpi_reload; |
104 | | bool ndpi_cleanup_needed; |
105 | | struct { |
106 | | u_int32_t local_hosts, remote_hosts; |
107 | | } tot_num_anomalies; |
108 | | AlertsQueue *alertsQueue; |
109 | | #if defined(NTOPNG_PRO) |
110 | | PeriodicityMap *pMap; |
111 | | ServiceMap *sMap; |
112 | | #endif |
113 | | |
114 | | UsedPorts usedPorts; |
115 | | |
116 | | struct ndpi_detection_module_struct *ndpi_struct, *ndpi_struct_shadow; |
117 | | bool ndpiReloadInProgress; |
118 | | |
119 | | /* The executor is per-interfaces, and uses the loader to configure itself and |
120 | | * execute flow checks */ |
121 | | FlowChecksExecutor *flow_checks_executor, *prev_flow_checks_executor; |
122 | | HostChecksExecutor *host_checks_executor, *prev_host_checks_executor; |
123 | | |
124 | | #if defined(NTOPNG_PRO) |
125 | | /* Logic for detecting packet protocol storms */ |
126 | | u_int32_t dhcp_last_sec_pkts, last_sec_epoch; |
127 | | |
128 | | time_t nextMinPeriodicUpdate, next5MinPeriodicUpdate; |
129 | | /* Behavioural analysis regarding the interface */ |
130 | | BehaviorAnalysis *score_behavior, *traffic_tx_behavior, *traffic_rx_behavior; |
131 | | #endif |
132 | | MostVisitedList *top_sites; |
133 | | MostVisitedList *top_os; |
134 | | |
135 | | /* Flows queues waiting to be dumped */ |
136 | | SPSCQueue<Flow *> *idleFlowsToDump, *activeFlowsToDump; |
137 | | Condvar dump_condition; /* Condition variable used to wait when no flows have |
138 | | been enqueued for dump */ |
139 | | |
140 | | /* CustomScript VMs */ |
141 | | LuaEngine *customFlowLuaScript_proto, /* Called when nDPI has detected the protocol */ |
142 | | *customFlowLuaScript_periodic, /* Called periodically on flows */ |
143 | | *customFlowLuaScript_end; /* Called when the flow ends */ |
144 | | LuaEngine *customHostLuaScript; /* Called periodically on hosts */ |
145 | | |
146 | | /* Queues for the execution of flow user scripts */ |
147 | | SPSCQueue<FlowAlert *> *flowAlertsQueue; |
148 | | SPSCQueue<HostAlertReleasedPair> *hostAlertsQueue; |
149 | | |
150 | | /* |
151 | | Flag to indicate whether a flow JSON should be dumped along with the flow. |
152 | | Flow JSON contain additional fields not placed inside database columns. |
153 | | */ |
154 | | bool flows_dump_json; |
155 | | /* |
156 | | Flag to indicate whether JSON labels should be used for flow fields inside |
157 | | the dumped flow JSON. If this flag is false, flow fields are keyed with |
158 | | nProbe integer flow keys. |
159 | | */ |
160 | | bool flows_dump_json_use_labels; |
161 | | |
162 | | /* External alerts contain alertable entities other than |
163 | | * host/interface/network which are dynamically allocated when an alert for |
164 | | * them occurs. A lock is necessary to guard the insert/delete operations from |
165 | | * lookup operations requested from the GUI and to ensure that a delete |
166 | | * operation does generate a use-after-free. */ |
167 | | std::map<std::pair<AlertEntity, std::string>, InterfaceMemberAlertableEntity *> external_alerts; |
168 | | Mutex external_alerts_lock; |
169 | | |
170 | | RoundTripStats *download_stats, *upload_stats; |
171 | | |
172 | | bool is_view; /* Whether this is a view interface */ |
173 | | ViewInterface *viewed_by; /* Whether this interface is 'viewed' by a ViewInterface */ |
174 | | u_int8_t viewed_interface_id; /* When this is a 'viewed' interface, this id |
175 | | represents a unique interface identifier |
176 | | inside the view */ |
177 | | |
178 | | /* Disaggregations */ |
179 | | u_int16_t numSubInterfaces; |
180 | | std::set<u_int32_t> flowHashingIgnoredInterfaces; |
181 | | FlowHashingEnum flowHashingMode; |
182 | | std::map<u_int64_t, NetworkInterface *> flowHashing; |
183 | | |
184 | | /* Network Discovery */ |
185 | | NetworkDiscovery *discovery; |
186 | | MDNS *mdns; |
187 | | |
188 | | /* Broadcast domain */ |
189 | | BroadcastDomains *bcast_domains; |
190 | | bool reload_hosts_bcast_domain, lbd_serialize_by_mac; |
191 | | time_t hosts_bcast_domain_last_update; |
192 | | |
193 | | u_int16_t next_compq_insert_idx; |
194 | | u_int16_t next_compq_remove_idx; |
195 | | ParsedFlow **companionQueue; |
196 | | bool ip_reassignment_alerts_enabled; |
197 | | |
198 | | /* Live Capture */ |
199 | | Mutex active_captures_lock; |
200 | | u_int8_t num_live_captures; |
201 | | NtopngLuaContext *live_captures[MAX_NUM_PCAP_CAPTURES]; |
202 | | static bool matchLiveCapture(NtopngLuaContext *const luactx, |
203 | | const struct pcap_pkthdr *const h, |
204 | | const u_char *const packet, Flow *const f); |
205 | | void deliverLiveCapture(const struct pcap_pkthdr *const h, |
206 | | const u_char *const packet, Flow *const f); |
207 | | |
208 | | string ip_addresses; |
209 | | AddressTree interface_networks; |
210 | | int id; |
211 | | bool bridge_interface; |
212 | | |
213 | | bool is_dynamic_interface; /* Whether this is a dynamic interface */ |
214 | | bool show_dynamic_interface_traffic; /* Show traffic of this dynamic interface |
215 | | */ |
216 | | bool push_host_filters; /* Push alerted hosts to pf_ring via Redis queue */ |
217 | | u_int64_t dynamic_interface_criteria; /* Criteria identifying this dynamic |
218 | | interface */ |
219 | | FlowHashingEnum |
220 | | dynamic_interface_mode; /* Mode (e.g., Probe IP, VLAN ID, etc */ |
221 | | NetworkInterface *dynamic_interface_master; /* Main interface */ |
222 | | |
223 | | bool is_traffic_mirrored, is_loopback; |
224 | | bool discard_probing_traffic; |
225 | | bool flows_only_interface; /* Only allocates flows for the interface (e.g., no |
226 | | hosts, ases, etc) */ |
227 | | bool is_smart_recording_enabled; |
228 | | char *smart_recording_instance_name; |
229 | | ProtoStats discardedProbingStats; |
230 | | #ifdef NTOPNG_PRO |
231 | | L7Policer *policer; |
232 | | |
233 | | #if defined(HAVE_KAFKA) |
234 | | KafkaProducer *kafka; |
235 | | #endif |
236 | | |
237 | | #ifndef HAVE_NEDGE |
238 | | FlowProfiles *flow_profiles, *shadow_flow_profiles; |
239 | | SubInterfaces *sub_interfaces; |
240 | | #endif |
241 | | CustomAppStats *custom_app_stats; |
242 | | FlowInterfacesStats *flow_interfaces_stats; |
243 | | NetworkInterfacePro *network_interface_pro; |
244 | | #endif |
245 | | EthStats ethStats; |
246 | | std::map<u_int32_t, u_int64_t> ip_mac; /* IP (network byte order) <-> MAC |
247 | | association [2 bytes are unused] */ |
248 | | u_int32_t arp_requests, arp_replies; |
249 | | ICMPstats icmp_v4, icmp_v6; |
250 | | LocalTrafficStats localStats; |
251 | | int pcap_datalink_type; /**< Datalink type of pcap. */ |
252 | | pthread_t pollLoop, flowDumpLoop /* Thread for the database dump of flows */, |
253 | | flowChecksLoop /* Thread for the execution of flow user script hooks */, |
254 | | hostChecksLoop /* Thread for the execution of host user script hooks */ |
255 | | ; |
256 | | Condvar flow_checks_condvar, host_checks_condvar; |
257 | | bool pollLoopCreated, flowDumpLoopCreated, flowAlertsDequeueLoopCreated, |
258 | | hostAlertsDequeueLoopCreated; |
259 | | bool has_too_many_hosts, has_too_many_flows, mtuWarningShown; |
260 | | bool flow_dump_disabled; |
261 | | u_int32_t ifSpeed, numL2Devices, totalNumHosts, |
262 | | numTotalRxOnlyHosts /* subset of numTotalRxOnlyHosts that have received |
263 | | but never sent any traffic */ |
264 | | , |
265 | | numLocalHosts, |
266 | | numLocalRxOnlyHosts /* subset of numLocalHosts that have received but |
267 | | never sent any traffic */ |
268 | | , |
269 | | scalingFactor; |
270 | | /* Those will hold counters at checkpoints */ |
271 | | u_int64_t checkpointPktCount, checkpointBytesCount, checkpointPktDropCount, |
272 | | checkpointDroppedAlertsCount; |
273 | | u_int64_t checkpointDiscardedProbingPktCount, |
274 | | checkpointDiscardedProbingBytesCount; |
275 | | u_int16_t ifMTU; |
276 | | int cpu_affinity; /**< Index of physical core where the network interface |
277 | | works. */ |
278 | | nDPIStats *ndpiStats; |
279 | | PacketStats pktStats; |
280 | | DSCPStats *dscpStats; |
281 | | L4Stats l4Stats; |
282 | | SyslogStats syslogStats; |
283 | | FlowHash *flows_hash; /**< Hash used to store flows information. */ |
284 | | u_int32_t last_remote_pps, last_remote_bps; |
285 | | TimeseriesExporter *influxdb_ts_exporter, *rrd_ts_exporter; |
286 | | |
287 | | TcpFlowStats tcpFlowStats; |
288 | | TcpPacketStats tcpPacketStats; |
289 | | ThroughputStats bytes_thpt, pkts_thpt; |
290 | | struct timeval last_periodic_stats_update; |
291 | | |
292 | | MacHash *gw_macs; /**< Hash used to identify traffic direction based on gw MAC. */ |
293 | | bool gw_macs_reload_requested; |
294 | | |
295 | | /* Mac */ |
296 | | MacHash *macs_hash; /**< Hash used to store MAC information. */ |
297 | | |
298 | | /* Autonomous Systems */ |
299 | | AutonomousSystemHash *ases_hash; /**< Hash used to store Autonomous Systems information. */ |
300 | | |
301 | | /* Observation Point */ |
302 | | u_int16_t last_obs_point_id; |
303 | | ObservationPointHash *obs_hash; /**< Hash used to store Observation Point information. */ |
304 | | |
305 | | /* Operating Systems */ |
306 | | OperatingSystemHash *oses_hash; /**< Hash used to store Operating Systems information. */ |
307 | | |
308 | | /* Countries */ |
309 | | CountriesHash *countries_hash; |
310 | | |
311 | | /* VLANs */ |
312 | | VLANHash *vlans_hash; /**< Hash used to store VLAN information. */ |
313 | | |
314 | | /* Hosts */ |
315 | | HostHash *hosts_hash; /**< Hash used to store hosts information. */ |
316 | | bool purge_idle_flows_hosts, inline_interface; |
317 | | DB *db; |
318 | | StatsManager *statsManager; |
319 | | AlertStore *alertStore; |
320 | | HostPools *host_pools; |
321 | | bool has_vlan_packets, has_ebpf_events, has_mac_addresses, |
322 | | has_seen_dhcp_addresses; |
323 | | bool has_seen_pods, has_seen_containers, has_external_alerts; |
324 | | time_t last_pkt_rcvd, |
325 | | last_pkt_rcvd_remote, /* Meaningful only for ZMQ interfaces */ |
326 | | next_idle_flow_purge, next_idle_host_purge, next_idle_other_purge; |
327 | | bool running, shutting_down, is_idle; |
328 | | NetworkStats **networkStats; /* One stats entry per network defined (-m) */ |
329 | | InterfaceStatsHash *interfaceStats; |
330 | | dhcp_range *dhcp_ranges, *dhcp_ranges_shadow; |
331 | | |
332 | | INTERFACE_PROFILING_DECLARE(32); |
333 | | |
334 | | void init(const char *interface_name); |
335 | | void deleteDataStructures(); |
336 | | |
337 | | NetworkInterface *getDynInterface(u_int64_t criteria, bool parser_interface); |
338 | | Flow *getFlow(int32_t if_index, Mac *srcMac, Mac *dstMac, u_int16_t vlan_id, |
339 | | u_int16_t observation_domain_id, u_int32_t private_flow_id, |
340 | | u_int32_t deviceIP, u_int32_t inIndex, u_int32_t outIndex, |
341 | | const ICMPinfo *const icmp_info, IpAddress *src_ip, |
342 | | IpAddress *dst_ip, u_int16_t src_port, u_int16_t dst_port, |
343 | | u_int8_t l4_proto, bool *src2dst_direction, time_t first_seen, |
344 | | time_t last_seen, u_int32_t len_on_wire, bool *new_flow, |
345 | | bool create_if_missing, u_int8_t *view_cli_mac, |
346 | | u_int8_t *view_srv_mac); |
347 | | int sortHosts(u_int32_t *begin_slot, bool walk_all, |
348 | | struct flowHostRetriever *retriever, u_int8_t bridge_iface_idx, |
349 | | AddressTree *allowed_hosts, bool host_details, |
350 | | LocationPolicy location, char *countryFilter, char *mac_filter, |
351 | | u_int16_t vlan_id, OSType osFilter, u_int32_t asnFilter, |
352 | | int16_t networkFilter, u_int16_t pool_filter, |
353 | | bool filtered_hosts, bool blacklisted_hosts, bool anomalousOnly, |
354 | | bool dhcpOnly, const AddressTree *const cidr_filter, |
355 | | u_int8_t ipver_filter, int proto_filter, |
356 | | TrafficType traffic_type_filter, u_int32_t device_ip, |
357 | | char *sortColumn); |
358 | | int sortASes(struct flowHostRetriever *retriever, char *sortColumn); |
359 | | int sortObsPoints(struct flowHostRetriever *retriever, char *sortColumn); |
360 | | int sortOSes(struct flowHostRetriever *retriever, char *sortColumn); |
361 | | int sortCountries(struct flowHostRetriever *retriever, char *sortColumn); |
362 | | int sortVLANs(struct flowHostRetriever *retriever, char *sortColumn); |
363 | | int sortMacs(u_int32_t *begin_slot, bool walk_all, |
364 | | struct flowHostRetriever *retriever, u_int8_t bridge_iface_idx, |
365 | | bool sourceMacsOnly, const char *manufacturer, char *sortColumn, |
366 | | u_int16_t pool_filter, u_int8_t devtype_filter, |
367 | | u_int8_t location_filter, time_t min_first_seen); |
368 | | int sortFlows(u_int32_t *begin_slot, bool walk_all, |
369 | | struct flowHostRetriever *retriever, AddressTree *allowed_hosts, |
370 | | Host *host, Host *client, Host *server, char *flow_info, |
371 | | Paginator *p, const char *sortColumn); |
372 | | |
373 | | void addRedisSitesKey(); |
374 | | void removeRedisSitesKey(); |
375 | | |
376 | | void FillObsHash(); |
377 | | |
378 | | bool isNumber(const char *str); |
379 | | bool checkIdle(); |
380 | | bool checkPeriodicStatsUpdateTime(const struct timeval *tv); |
381 | | void topItemsCommit(const struct timeval *when); |
382 | | void checkMacIPAssociation(bool triggerEvent, u_char *_mac, u_int32_t ipv4, |
383 | | Mac *host_mac); |
384 | | void checkDhcpIPRange(Mac *sender_mac, struct dhcp_packet *dhcp_reply, |
385 | | u_int16_t vlan_id); |
386 | | void pollQueuedeCompanionEvents(); |
387 | | bool getInterfaceBooleanPref(const char *pref_key, |
388 | | bool default_pref_value) const; |
389 | | virtual void incEthStats(bool ingressPacket, u_int16_t proto, |
390 | | u_int32_t num_pkts, u_int32_t num_bytes, |
391 | 146k | u_int pkt_overhead) { |
392 | 146k | ethStats.incStats(ingressPacket, num_pkts, num_bytes, pkt_overhead); |
393 | 146k | ethStats.incProtoStats(proto, num_pkts, num_bytes); |
394 | 146k | }; |
395 | | |
396 | | /* |
397 | | Dequeues alerted flows up to `budget` and executes `flow_lua_check` on each |
398 | | of them. The number of flows dequeued is returned. |
399 | | */ |
400 | | u_int64_t dequeueFlowAlerts(u_int budget); |
401 | | |
402 | | u_int64_t dequeueHostAlerts(u_int budget); /* Same as above but for hosts */ |
403 | | u_int16_t guessEthType(const u_char *p, u_int len, u_int8_t *is_ethernet); |
404 | | void loadProtocolsAssociations(struct ndpi_detection_module_struct *ndpi_str); |
405 | | |
406 | | #ifdef NTOPNG_PRO |
407 | | void checkDHCPStorm(time_t when, u_int32_t num_pkts); |
408 | | #endif |
409 | | void lua_push_ports(lua_State *vm, |
410 | | HostsPorts *count, |
411 | | u_int16_t protocol); |
412 | | void sort_hosts_details(lua_State *vm, |
413 | | HostsPortsAnalysis *count, |
414 | | u_int16_t protocol, |
415 | | bool get_port); |
416 | | void sort_and_filter_flow_stats(lua_State *vm, |
417 | | struct aggregated_stats *stats, |
418 | | AnalysisCriteria filter_type); |
419 | | void build_lua_rsp(lua_State *vm, AggregatedFlowsStats *fs, u_int filter_type, |
420 | | u_int32_t size, u_int *num, bool set_resp); |
421 | | void build_protocol_flow_stats_lua_rsp(lua_State *vm, AggregatedFlowsStats *fs, |
422 | | u_int32_t size, u_int *num); |
423 | | |
424 | | public: |
425 | | /** |
426 | | * @brief A Constructor |
427 | | * @details Creating a new NetworkInterface with all instance variables set to |
428 | | * NULL. |
429 | | * |
430 | | * @return A new instance of NetworkInterface. |
431 | | */ |
432 | | NetworkInterface(); |
433 | | NetworkInterface(const char *name, const char *custom_interface_type = NULL); |
434 | | virtual ~NetworkInterface(); |
435 | | |
436 | | bool initFlowChecksLoop(); /* Initialize the loop to dequeue flows for the |
437 | | execution of user script hooks */ |
438 | | bool initHostChecksLoop(); /* Same as above but for hosts */ |
439 | | bool initFlowDump(u_int8_t num_dump_interfaces); |
440 | | u_int32_t getASesHashSize(); |
441 | | u_int32_t getObsHashSize(); |
442 | | u_int32_t getOSesHashSize(); |
443 | | u_int32_t getCountriesHashSize(); |
444 | | u_int32_t getVLANsHashSize(); |
445 | | u_int32_t getMacsHashSize(); |
446 | | u_int32_t getHostsHashSize(); |
447 | | virtual u_int32_t getFlowsHashSize(); |
448 | | |
449 | | void updateSitesStats(); |
450 | | void updateBroadcastDomains(u_int16_t vlan_id, const u_int8_t *src_mac, |
451 | | const u_int8_t *dst_mac, u_int32_t src, |
452 | | u_int32_t dst); |
453 | | |
454 | | virtual bool walker(u_int32_t *begin_slot, bool walk_all, WalkerType wtype, |
455 | | bool (*walker)(GenericHashEntry *h, void *user_data, |
456 | | bool *entryMatched), |
457 | | void *user_data); |
458 | | |
459 | | void checkDisaggregationMode(); |
460 | | void incrVisitedWebSite(char *hostname); |
461 | | void incrOS(char *hostname); |
462 | 0 | inline void incScoreValue(u_int16_t score_incr, bool as_client) { |
463 | 0 | as_client ? score_as_cli += score_incr : score_as_srv += score_incr; |
464 | 0 | }; |
465 | 0 | inline void decScoreValue(u_int16_t score_incr, bool as_client) { |
466 | 0 | as_client ? score_as_cli -= score_incr : score_as_srv -= score_incr; |
467 | 0 | }; |
468 | 0 | inline void setCPUAffinity(int core_id) { cpu_affinity = core_id; }; |
469 | 0 | inline void getIPv4Address(bpf_u_int32 *a, bpf_u_int32 *m) { |
470 | 0 | *a = ipv4_network, *m = ipv4_network_mask; |
471 | 0 | }; |
472 | 765 | inline bool are_ip_reassignment_alerts_enabled() { |
473 | 765 | return (ip_reassignment_alerts_enabled); |
474 | 765 | }; |
475 | 0 | inline void enable_ip_reassignment_alerts(bool status) { |
476 | 0 | ip_reassignment_alerts_enabled = status; |
477 | 0 | }; |
478 | 0 | inline AddressTree *getInterfaceNetworks() { return (&interface_networks); }; |
479 | | virtual void startPacketPolling(); |
480 | | virtual void startFlowDumping(); |
481 | | virtual void shutdown(); |
482 | | virtual void cleanup(); |
483 | 0 | virtual char *getEndpoint(u_int8_t id) { return NULL; }; |
484 | 0 | virtual bool set_packet_filter(char *filter) { return (false); }; |
485 | 0 | virtual void incrDrops(u_int32_t num) { ; } |
486 | | /* calling virtual in constructors/destructors should be avoided |
487 | | See C++ FAQ Lite covers this in section 23.7 |
488 | | */ |
489 | 31.4k | virtual bool isPacketInterface() const { |
490 | 31.4k | return (getIfType() != interface_type_FLOW && |
491 | 31.4k | getIfType() != interface_type_ZMQ); |
492 | 31.4k | } |
493 | | |
494 | 0 | virtual bool isSyslogInterface() const { |
495 | 0 | return (getIfType() == interface_type_SYSLOG); |
496 | 0 | } |
497 | | void incSyslogStats(u_int32_t num_total_events, u_int32_t num_malformed, |
498 | | u_int32_t num_dispatched, u_int32_t num_unhandled, |
499 | | u_int32_t num_alerts, u_int32_t num_host_correlations, |
500 | 0 | u_int32_t num_collected_flows) { |
501 | 0 | syslogStats.incStats(num_total_events, num_malformed, num_dispatched, |
502 | 0 | num_unhandled, num_alerts, num_host_correlations, |
503 | 0 | num_collected_flows); |
504 | 0 | }; |
505 | | |
506 | | #if defined(__linux__) && !defined(HAVE_LIBCAP) && !defined(HAVE_NEDGE) |
507 | | /* Note: if we miss the capabilities, we block the overriding of this method. |
508 | | */ |
509 | | inline bool |
510 | | #else |
511 | | virtual bool |
512 | | #endif |
513 | 0 | isDiscoverableInterface() { |
514 | 0 | return (false); |
515 | 0 | } |
516 | 0 | inline virtual const char *altDiscoverableName() { return (NULL); } |
517 | 0 | virtual const char *get_type() const { |
518 | 0 | return (customIftype ? customIftype : CONST_INTERFACE_TYPE_UNKNOWN); |
519 | 0 | } |
520 | 240k | virtual InterfaceType getIfType() const { return (interface_type_UNKNOWN); } |
521 | 0 | inline FlowHash *get_flows_hash() { return flows_hash; } |
522 | 7.97k | inline TcpFlowStats *getTcpFlowStats() { return (&tcpFlowStats); } |
523 | 17.8k | virtual bool is_ndpi_enabled() const { return (true); } |
524 | 0 | inline u_int getNumnDPIProtocols() { |
525 | 0 | return (ndpi_get_num_supported_protocols(get_ndpi_struct())); |
526 | 0 | }; |
527 | 0 | inline time_t getTimeLastPktRcvdRemote() { return (last_pkt_rcvd_remote); }; |
528 | 605k | inline time_t getTimeLastPktRcvd() { |
529 | 605k | return (last_pkt_rcvd ? last_pkt_rcvd : last_pkt_rcvd_remote); |
530 | 605k | }; |
531 | 140k | inline void setTimeLastPktRcvd(time_t t) { |
532 | 140k | if (t > last_pkt_rcvd) last_pkt_rcvd = t; |
533 | 140k | }; |
534 | 0 | inline const char *get_ndpi_category_name(ndpi_protocol_category_t category) { |
535 | 0 | return (ndpi_category_get_name(get_ndpi_struct(), category)); |
536 | 0 | }; |
537 | 0 | inline char *get_ndpi_proto_name(u_int id) { |
538 | 0 | return (ndpi_get_proto_name(get_ndpi_struct(), id)); |
539 | 0 | }; |
540 | 0 | inline u_int16_t get_ndpi_proto_id(char *proto) { |
541 | 0 | u_int16_t _proto = ndpi_get_protocol_id(get_ndpi_struct(), proto); |
542 | 0 | return ndpi_map_ndpi_id_to_user_proto_id(get_ndpi_struct(), _proto); |
543 | 0 | }; |
544 | 0 | inline int get_ndpi_category_id(char *cat) { |
545 | 0 | return (ndpi_get_category_id(get_ndpi_struct(), cat)); |
546 | 0 | }; |
547 | 0 | inline char *get_ndpi_proto_breed_name(u_int id) { |
548 | 0 | return (ndpi_get_proto_breed_name( |
549 | 0 | get_ndpi_struct(), ndpi_get_proto_breed(get_ndpi_struct(), id))); |
550 | 0 | }; |
551 | | inline char *get_ndpi_full_proto_name(ndpi_protocol protocol, char *buf, |
552 | 0 | u_int buf_len) const { |
553 | 0 | return (ndpi_protocol2name(get_ndpi_struct(), protocol, buf, buf_len)); |
554 | 0 | } |
555 | 9.91k | inline u_int get_flow_size() { |
556 | 9.91k | return (ndpi_detection_get_sizeof_ndpi_flow_struct()); |
557 | 9.91k | }; |
558 | 1 | inline char *get_name() const { return (ifname); }; |
559 | 3.07k | inline char *get_description() const { return (ifDescription); }; |
560 | 37.9k | inline int get_id() const { return (id); }; |
561 | 0 | inline bool get_inline_interface() { return inline_interface; } |
562 | 0 | virtual bool hasSeenVLANTaggedPackets() const { return (has_vlan_packets); } |
563 | 15.8k | inline void setSeenVLANTaggedPackets() { has_vlan_packets = true; } |
564 | 0 | inline bool hasSeenEBPFEvents() const { return (has_ebpf_events); } |
565 | 0 | inline void setSeenEBPFEvents() { has_ebpf_events = true; } |
566 | 99.1k | inline bool hasSeenMacAddresses() const { return (has_mac_addresses); } |
567 | 3.26k | inline void setSeenMacAddresses() { has_mac_addresses = true; } |
568 | 0 | inline bool hasSeenDHCPAddresses() const { return (has_seen_dhcp_addresses); } |
569 | 9 | inline void setDHCPAddressesSeen() { has_seen_dhcp_addresses = true; } |
570 | 0 | inline bool hasSeenPods() const { return (has_seen_pods); } |
571 | 0 | inline void setSeenPods() { has_seen_pods = true; } |
572 | 0 | inline bool hasSeenContainers() const { return (has_seen_containers); } |
573 | 0 | inline void setSeenContainers() { has_seen_containers = true; } |
574 | 0 | inline bool hasSeenExternalAlerts() const { return (has_external_alerts); } |
575 | 0 | inline void setSeenExternalAlerts() { has_external_alerts = true; } |
576 | 48.4k | inline bool is_purge_idle_interface() { return (purge_idle_flows_hosts); }; |
577 | | int dumpFlow(time_t when, Flow *f); |
578 | | bool getHostMinInfo(lua_State *vm, AddressTree *allowed_hosts, char *host_ip, |
579 | | u_int16_t vlan_id, bool only_ndpi_stats); |
580 | | |
581 | | /* Enqueue alert to a queue for processing and later delivery to recipients */ |
582 | | bool enqueueFlowAlert(FlowAlert *alert); |
583 | | bool enqueueHostAlert(HostAlert *alert); |
584 | | /* |
585 | | Enqueue flows to be processed by the view interfaces. |
586 | | Viewed interface enqueue flows using this method so that the view |
587 | | can periodicall dequeue them and update its statistics; |
588 | | */ |
589 | | bool viewEnqueue(time_t t, Flow *f); |
590 | | #ifdef NTOPNG_PRO |
591 | | void flushFlowDump(); |
592 | | #endif |
593 | | void checkPointHostTalker(lua_State *vm, char *host_ip, u_int16_t vlan_id); |
594 | 552 | inline void incRetransmittedPkts(u_int32_t num) { |
595 | 552 | tcpPacketStats.incRetr(num); |
596 | 552 | }; |
597 | 249 | inline void incOOOPkts(u_int32_t num) { tcpPacketStats.incOOO(num); }; |
598 | 231 | inline void incLostPkts(u_int32_t num) { tcpPacketStats.incLost(num); }; |
599 | 32 | inline void incKeepAlivePkts(u_int32_t num) { |
600 | 32 | tcpPacketStats.incKeepAlive(num); |
601 | 32 | }; |
602 | | |
603 | | virtual void checkPointCounters(bool drops_only); |
604 | | bool registerSubInterface(NetworkInterface *sub_iface, u_int64_t criteria); |
605 | | |
606 | | /* Overridden in ViewInterface.cpp */ |
607 | | virtual u_int64_t getCheckPointNumPackets(); |
608 | | virtual u_int64_t getCheckPointDroppedAlerts(); |
609 | | virtual u_int64_t getCheckPointNumBytes(); |
610 | | virtual u_int32_t getCheckPointNumPacketDrops(); |
611 | | virtual u_int64_t getCheckPointNumDiscardedProbingPackets() const; |
612 | | virtual u_int64_t getCheckPointNumDiscardedProbingBytes() const; |
613 | 10.6k | inline void incFlagStats(u_int8_t flags, bool cumulative_flags) { |
614 | 10.6k | pktStats.incFlagStats(flags, cumulative_flags); |
615 | 10.6k | }; |
616 | | |
617 | | inline void incStats(bool ingressPacket, time_t when, u_int16_t eth_proto, |
618 | | u_int16_t ndpi_proto, |
619 | | ndpi_protocol_category_t ndpi_category, u_int8_t l4proto, |
620 | 146k | u_int32_t pkt_len, u_int32_t num_pkts) { |
621 | | /* NOTE: nEdge does the incs in NetfilterInterface::incStatsConntrack, keep |
622 | | * it in sync! */ |
623 | 146k | #ifndef HAVE_NEDGE |
624 | 146k | incEthStats(ingressPacket, eth_proto, num_pkts, pkt_len, |
625 | 146k | getPacketOverhead()); |
626 | 146k | ndpiStats->incStats(when, ndpi_proto, 0, 0, num_pkts, pkt_len); |
627 | | // Note: here we are not currently interested in packet direction, so we |
628 | | // tell it is receive |
629 | 146k | ndpiStats->incCategoryStats(when, ndpi_category, 0 /* see above comment */, |
630 | 146k | pkt_len); |
631 | 146k | pktStats.incStats(1, pkt_len); |
632 | 146k | l4Stats.incStats(when, l4proto, ingressPacket ? num_pkts : 0, |
633 | 146k | ingressPacket ? pkt_len : 0, !ingressPacket ? num_pkts : 0, |
634 | 146k | !ingressPacket ? pkt_len : 0); |
635 | 146k | #endif |
636 | | |
637 | | #ifdef NTOPNG_PRO |
638 | | /* Added DHCP storm detection */ |
639 | | if (ndpi_proto == NDPI_PROTOCOL_DHCP) checkDHCPStorm(when, num_pkts); |
640 | | #endif |
641 | 146k | }; |
642 | | |
643 | | inline void incICMPStats(bool is_icmpv6, u_int32_t num_pkts, |
644 | 3.29k | u_int8_t icmp_type, u_int8_t icmp_code, bool sent) { |
645 | 3.29k | if (is_icmpv6) |
646 | 210 | icmp_v6.incStats(num_pkts, icmp_type, icmp_code, sent, NULL); |
647 | 3.08k | else |
648 | 3.08k | icmp_v4.incStats(num_pkts, icmp_type, icmp_code, sent, NULL); |
649 | 3.29k | }; |
650 | | |
651 | | inline void incLocalStats(u_int num_pkts, u_int pkt_len, bool localsender, |
652 | 59.7k | bool localreceiver) { |
653 | 59.7k | localStats.incStats(num_pkts, pkt_len, localsender, localreceiver); |
654 | 59.7k | }; |
655 | 13.1k | inline void incnDPIFlows(u_int16_t l7_protocol) { |
656 | 13.1k | ndpiStats->incFlowsStats(l7_protocol); |
657 | 13.1k | } |
658 | | |
659 | | inline void incDSCPStats(u_int8_t ds, u_int64_t sent_packets, |
660 | | u_int64_t sent_bytes, u_int64_t rcvd_packets, |
661 | 29.8k | u_int64_t rcvd_bytes) { |
662 | 29.8k | dscpStats->incStats(ds, sent_packets, sent_bytes, rcvd_packets, rcvd_bytes); |
663 | 29.8k | } |
664 | | |
665 | | virtual void sumStats(TcpFlowStats *_tcpFlowStats, EthStats *_ethStats, |
666 | | LocalTrafficStats *_localStats, nDPIStats *_ndpiStats, |
667 | | PacketStats *_pktStats, TcpPacketStats *_tcpPacketStats, |
668 | | ProtoStats *_discardedProbingStats, |
669 | | DSCPStats *_dscpStats, SyslogStats *_syslogStats, |
670 | | RoundTripStats *_downloadStats, |
671 | | RoundTripStats *_uploadStats) const; |
672 | 0 | inline DB *getDB() const { return db; }; |
673 | 3.07k | inline EthStats* getStats() { return (ðStats); }; |
674 | 0 | inline int get_datalink() { return (pcap_datalink_type); }; |
675 | 3.07k | inline void set_datalink(int l) { pcap_datalink_type = l; }; |
676 | | bool isStartingUp() const; |
677 | | bool isRunning() const; |
678 | | bool isShuttingDown() const; |
679 | 177k | inline bool isTrafficMirrored() const { return is_traffic_mirrored; }; |
680 | | bool isSmartRecordingEnabled() const; |
681 | 0 | inline const char *getSmartRecordingInstance() const { return smart_recording_instance_name; }; |
682 | 0 | inline bool showDynamicInterfaceTraffic() const { |
683 | 0 | return show_dynamic_interface_traffic; |
684 | 0 | }; |
685 | 0 | inline bool pushHostFilters() const { return push_host_filters; }; |
686 | 0 | inline bool discardProbingTraffic() const { return discard_probing_traffic; }; |
687 | 2 | inline bool flowsOnlyInterface() const { return flows_only_interface; }; |
688 | | void updateTrafficMirrored(); |
689 | | void updateSmartRecording(); |
690 | | void updateDynIfaceTrafficPolicy(); |
691 | | void updatePushFiltersSettings(); |
692 | | void updateFlowDumpDisabled(); |
693 | | void updateLbdIdentifier(); |
694 | | void updateDiscardProbingTraffic(); |
695 | | void updateFlowsOnlyInterface(); |
696 | | u_int printAvailableInterfaces(bool printHelp, int idx, char *ifname, |
697 | | u_int ifname_len); |
698 | | void findFlowHosts(int32_t _iface_idx, u_int16_t vlan_id, |
699 | | u_int16_t observation_domain_id, |
700 | | u_int32_t private_flow_id, Mac *src_mac, |
701 | | IpAddress *_src_ip, Host **src, Mac *dst_mac, |
702 | | IpAddress *_dst_ip, Host **dst); |
703 | | virtual Flow *findFlowByKeyAndHashId(u_int32_t key, u_int hash_id, |
704 | | AddressTree *allowed_hosts); |
705 | | virtual Flow *findFlowByTuple(u_int16_t vlan_id, |
706 | | u_int16_t observation_domain_id, |
707 | | u_int32_t private_flow_id, Mac *src_mac, |
708 | | Mac *dst_mac, IpAddress *src_ip, |
709 | | IpAddress *dst_ip, u_int16_t src_port, |
710 | | u_int16_t dst_port, u_int8_t l4_proto, |
711 | | AddressTree *allowed_hosts) const; |
712 | | bool findHostsByName(lua_State *vm, AddressTree *allowed_hosts, char *key); |
713 | | bool findHostsByMac(lua_State *vm, u_int8_t *mac); |
714 | | Host *findHostByMac(u_int8_t *mac); |
715 | | |
716 | | bool dissectPacket(int32_t iface_index, u_int32_t bridge_iface_idx, |
717 | | int pcap_datalink_type, bool ingressPacket, |
718 | | u_int8_t *sender_mac, /* Non NULL only for NFQUEUE interfaces */ |
719 | | const struct pcap_pkthdr *h, const u_char *packet, |
720 | | u_int16_t *ndpiProtocol, Host **srcHost, Host **dstHost, Flow **flow); |
721 | | bool processPacket(int32_t if_index, u_int32_t bridge_iface_idx, |
722 | | int pcap_datalink_type, bool ingressPacket, |
723 | | const struct bpf_timeval *when, const u_int64_t time, |
724 | | struct ndpi_ethhdr *eth, u_int16_t vlan_id, |
725 | | struct ndpi_iphdr *iph, struct ndpi_ipv6hdr *ip6, |
726 | | u_int16_t ip_offset, u_int16_t encapsulation_overhead, |
727 | | u_int32_t len_on_wire, const struct pcap_pkthdr *h, |
728 | | const u_char *packet, u_int16_t *ndpiProtocol, |
729 | | Host **srcHost, Host **dstHost, Flow **flow); |
730 | | void processInterfaceStats(sFlowInterfaceStats *stats); |
731 | | void getActiveFlowsStats(nDPIStats *stats, FlowStats *status_stats, |
732 | | AddressTree *allowed_hosts, Host *h, |
733 | | Host *talking_with_host, Host *client, Host *server, |
734 | | char *flow_info, Paginator *p, lua_State *vm, |
735 | | bool only_traffic_stats); |
736 | | virtual u_int32_t periodicStatsUpdateFrequency() const; |
737 | | void periodicStatsUpdate(); |
738 | | u_int64_t purgeQueuedIdleEntries(); |
739 | | struct timeval periodicUpdateInitTime() const; |
740 | | virtual u_int32_t getFlowMaxIdle(); |
741 | | |
742 | | virtual void lua(lua_State *vm, bool fullStats); |
743 | | void luaScore(lua_State *vm); |
744 | | void luaAlertedFlows(lua_State *vm); |
745 | | void luaAnomalies(lua_State *vm); |
746 | | void luaNdpiStats(lua_State *vm, bool diff = false); |
747 | | void luaPeriodicityFilteringMenu(lua_State *vm, MapsFilters *filters); |
748 | | void luaServiceFilteringMenu(lua_State *vm, MapsFilters *filters); |
749 | | void luaPeriodicityMap(lua_State *vm, MapsFilters *filters); |
750 | | void luaServiceMap(lua_State *vm, MapsFilters *filters); |
751 | | void luaSubInterface(lua_State *vm); |
752 | | void luaServiceMapStatus(lua_State *vm); |
753 | 0 | inline u_int8_t *getIfMac() { return ifMac; }; |
754 | 0 | inline float getThroughputBps() { return bytes_thpt.getThpt(); }; |
755 | 0 | inline float getThroughputPps() { return pkts_thpt.getThpt(); }; |
756 | | #if defined(NTOPNG_PRO) |
757 | | inline bool isServiceMapLearning() const { |
758 | | return (sMap ? sMap->isLearning() : false); |
759 | | } |
760 | | inline ServiceMap *getServiceMap() { return (sMap); }; |
761 | | inline bool isServiceMapEnabled() { return (sMap ? true : false); }; |
762 | | inline void flushServiceMap() { |
763 | | if (sMap) sMap->flush(); |
764 | | }; |
765 | | inline PeriodicityMap *getPeriodicityMap() { return (pMap); }; |
766 | | inline bool isPeriodicityMapEnabled() { return (pMap ? true : false); }; |
767 | | inline void flushPeriodicityMap() { |
768 | | if (pMap) pMap->flush(); |
769 | | }; |
770 | | void updateFlowPeriodicity(Flow *f); |
771 | | void updateServiceMap(Flow *f); |
772 | | #endif |
773 | | void lua_hash_tables_stats(lua_State *vm); |
774 | | void lua_periodic_activities_stats(lua_State *vm); |
775 | | virtual void lua_queues_stats(lua_State *vm); |
776 | | void getnDPIProtocols(lua_State *vm, ndpi_protocol_category_t filter, |
777 | | bool skip_critical); |
778 | | |
779 | | int getActiveHostsList( |
780 | | lua_State *vm, u_int32_t *begin_slot, bool walk_all, |
781 | | u_int8_t bridge_iface_idx, AddressTree *allowed_hosts, bool host_details, |
782 | | LocationPolicy location, char *countryFilter, char *mac_filter, |
783 | | u_int16_t vlan_id, OSType osFilter, u_int32_t asnFilter, |
784 | | int16_t networkFilter, u_int16_t pool_filter, bool filtered_hosts, |
785 | | bool blacklisted_hosts, u_int8_t ipver_filter, int proto_filter, |
786 | | TrafficType traffic_type_filter, u_int32_t device_ip, bool tsLua, |
787 | | bool anomalousOnly, bool dhcpOnly, const AddressTree *const cidr_filter, |
788 | | char *sortColumn, u_int32_t maxHits, u_int32_t toSkip, bool a2zSortOrder); |
789 | | int getActiveASList(lua_State *vm, const Paginator *p, bool diff = false); |
790 | | int getActiveObsPointsList(lua_State *vm, const Paginator *p); |
791 | | int getActiveOSList(lua_State *vm, const Paginator *p); |
792 | | int getActiveCountriesList(lua_State *vm, const Paginator *p); |
793 | | int getActiveVLANList(lua_State *vm, char *sortColumn, u_int32_t maxHits, |
794 | | u_int32_t toSkip, bool a2zSortOrder, |
795 | | DetailsLevel details_level); |
796 | | int getActiveMacList(lua_State *vm, u_int32_t *begin_slot, bool walk_all, |
797 | | u_int8_t bridge_iface_idx, bool sourceMacsOnly, |
798 | | const char *manufacturer, char *sortColumn, |
799 | | u_int32_t maxHits, u_int32_t toSkip, bool a2zSortOrder, |
800 | | u_int16_t pool_filter, u_int8_t devtype_filter, |
801 | | u_int8_t location_filter, time_t min_first_seen); |
802 | | int getActiveMacManufacturers(lua_State *vm, u_int8_t bridge_iface_idx, |
803 | | bool sourceMacsOnly, u_int32_t maxHits, |
804 | | u_int8_t devtype_filter, |
805 | | u_int8_t location_filter); |
806 | | bool getActiveMacHosts(lua_State *vm, const char *mac); |
807 | | int getActiveDeviceTypes(lua_State *vm, u_int8_t bridge_iface_idx, |
808 | | bool sourceMacsOnly, u_int32_t maxHits, |
809 | | const char *manufacturer, u_int8_t location_filter); |
810 | | int getMacsIpAddresses(lua_State *vm, int idx); |
811 | | void getFlowsStats(lua_State *vm); |
812 | | void getNetworkStats(lua_State *vm, u_int16_t network_id, |
813 | | AddressTree *allowed_hosts, bool diff = false) const; |
814 | | void getNetworksStats(lua_State *vm, AddressTree *allowed_hosts, |
815 | | bool diff = false) const; |
816 | | int getFlows(lua_State *vm, u_int32_t *begin_slot, bool walk_all, |
817 | | AddressTree *allowed_hosts, Host *host, Host *talking_with_host, |
818 | | Host *client, Host *server, char *flow_info, Paginator *p); |
819 | | int getFlowsTraffic(lua_State *vm, u_int32_t *begin_slot, bool walk_all, |
820 | | AddressTree *allowed_hosts, Host *host, Paginator *p); |
821 | | int getFlowsGroup(lua_State *vm, AddressTree *allowed_hosts, Paginator *p, |
822 | | const char *groupColumn); |
823 | | int dropFlowsTraffic(AddressTree *allowed_hosts, Paginator *p); |
824 | | |
825 | | virtual void purgeIdle(time_t when, bool force_idle = false, |
826 | | bool full_scan = false); |
827 | | u_int purgeIdleFlows(bool force_idle, bool full_scan); |
828 | | u_int purgeIdleHosts(bool force_idlei, bool full_scan); |
829 | | u_int purgeIdleMacsASesCountriesVLANs(bool force_idle, bool full_scan); |
830 | | |
831 | | /* Overridden in ViewInterface.cpp */ |
832 | | virtual u_int64_t getNumPackets(); |
833 | | virtual u_int64_t getNumBytes(); |
834 | | virtual u_int64_t getNumDroppedAlerts(); |
835 | 0 | virtual void updatePacketsStats(){}; |
836 | 0 | virtual u_int32_t getNumDroppedPackets() { return 0; }; |
837 | | virtual u_int getNumPacketDrops(); |
838 | | virtual u_int64_t getNumNewFlows(); |
839 | | virtual u_int64_t getNumDiscardedProbingPackets() const; |
840 | | virtual u_int64_t getNumDiscardedProbingBytes() const; |
841 | | virtual u_int getNumFlows(); |
842 | 0 | inline u_int getNumL2Devices() { return (numL2Devices); }; |
843 | 0 | inline u_int getNumHosts() { return (totalNumHosts); }; |
844 | 0 | inline u_int getNumLocalHosts() { return (numLocalHosts); }; |
845 | 0 | inline u_int getNumRxOnlyHosts() { return (numTotalRxOnlyHosts); }; |
846 | 0 | inline u_int getNumLocalRxOnlyHosts() { return (numLocalRxOnlyHosts); }; |
847 | | |
848 | | u_int getNumMacs(); |
849 | | u_int getNumHTTPHosts(); |
850 | | |
851 | 0 | inline u_int64_t getNumPacketsSinceReset() { |
852 | 0 | return getNumPackets() - getCheckPointNumPackets(); |
853 | 0 | } |
854 | 0 | inline u_int64_t getNumBytesSinceReset() { |
855 | 0 | return getNumBytes() - getCheckPointNumBytes(); |
856 | 0 | } |
857 | 0 | inline u_int64_t getNumPacketDropsSinceReset() { |
858 | 0 | return getNumPacketDrops() - getCheckPointNumPacketDrops(); |
859 | 0 | } |
860 | 0 | inline u_int64_t getNumDroppedAlertsSinceReset() { |
861 | 0 | return getNumDroppedAlerts() - getCheckPointDroppedAlerts(); |
862 | 0 | } |
863 | 0 | inline u_int64_t getNumDiscProbingPktsSinceReset() const { |
864 | 0 | return getNumDiscardedProbingPackets() - |
865 | 0 | getCheckPointNumDiscardedProbingPackets(); |
866 | 0 | }; |
867 | 0 | inline u_int64_t getNumDiscProbingBytesSinceReset() const { |
868 | 0 | return getNumDiscardedProbingBytes() - |
869 | 0 | getCheckPointNumDiscardedProbingBytes(); |
870 | 0 | } |
871 | | |
872 | | virtual void runHousekeepingTasks(); |
873 | | void runShutdownTasks(); |
874 | | VLAN *getVLAN(u_int16_t u_int16_t, bool create_if_not_present, |
875 | | bool is_inline_call); |
876 | | AutonomousSystem *getAS(IpAddress *ipa, bool create_if_not_present, |
877 | | bool is_inline_call); |
878 | | ObservationPoint *getObsPoint(u_int16_t obs_point, bool create_if_not_present, |
879 | | bool is_inline_call); |
880 | | bool deleteObsPoint(u_int16_t obs_point); |
881 | | bool prepareDeleteObsPoint(u_int16_t obs_point); |
882 | | OperatingSystem *getOS(OSType os, bool create_if_not_present, |
883 | | bool is_inline_call); |
884 | | Country *getCountry(const char *country_name, bool create_if_not_present, |
885 | | bool is_inline_call); |
886 | | virtual Mac *getMac(u_int8_t _mac[6], bool create_if_not_present, |
887 | | bool is_inline_call); |
888 | | virtual Host *getHost(char *host_ip, u_int16_t vlan_id, |
889 | | u_int16_t observationPointId, bool is_inline_call); |
890 | | virtual Host *getHostByIP(IpAddress *ip, u_int16_t vlan_id, |
891 | | u_int16_t observationPointId, bool is_inline_call); |
892 | | bool getHostInfo(lua_State *vm, AddressTree *allowed_hosts, char *host_ip, |
893 | | u_int16_t vlan_id); |
894 | | void findPidFlows(lua_State *vm, u_int32_t pid); |
895 | | void findProcNameFlows(lua_State *vm, char *proc_name); |
896 | | void addAllAvailableInterfaces(); |
897 | 0 | inline bool idle() { return (is_idle); } |
898 | 0 | inline u_int16_t getMTU() { return (ifMTU); } |
899 | 146k | virtual u_int getPacketOverhead() { |
900 | 146k | return 24 /* 8 Preamble + 4 CRC + 12 IFG */; |
901 | 146k | } |
902 | 0 | inline void setIdleState(bool new_state) { is_idle = new_state; }; |
903 | 0 | inline StatsManager *getStatsManager() { return statsManager; }; |
904 | | AlertsQueue *getAlertsQueue() const; |
905 | | bool alert_store_query(lua_State *vm, const char *sql); |
906 | | |
907 | | void listHTTPHosts(lua_State *vm, char *key); |
908 | | #ifdef NTOPNG_PRO |
909 | | void refreshL7Rules(); |
910 | | void refreshShapers(); |
911 | | inline L7Policer *getL7Policer() { return (policer); } |
912 | | inline FlowInterfacesStats *getFlowInterfacesStats() { |
913 | | return (flow_interfaces_stats); |
914 | | } |
915 | | #endif |
916 | 15.6k | inline HostPools *getHostPools() { return (host_pools); } |
917 | 0 | inline void reloadHostPools() { |
918 | 0 | if (host_pools) host_pools->reloadPools(); |
919 | 0 | } |
920 | | |
921 | | bool registerLiveCapture(NtopngLuaContext *const luactx, int *id); |
922 | | bool deregisterLiveCapture(NtopngLuaContext *const luactx); |
923 | | void dumpLiveCaptures(lua_State *vm); |
924 | | bool stopLiveCapture(int capture_id); |
925 | | #ifdef NTOPNG_PRO |
926 | | #ifdef HAVE_NEDGE |
927 | | void updateHostsL7Policy(u_int16_t host_pool_id); |
928 | | void updateFlowsL7Policy(); |
929 | | #endif |
930 | | void resetPoolsStats(u_int16_t pool_filter); |
931 | | #endif |
932 | 0 | inline void luaHostPoolsStats(lua_State *vm) { |
933 | 0 | if (host_pools) host_pools->luaStats(vm); |
934 | 0 | }; |
935 | | void refreshHostPools(); |
936 | 20.3k | inline u_int16_t getHostPool(Host *h) { |
937 | 20.3k | if (h && host_pools) return host_pools->getPool(h); |
938 | 0 | return NO_HOST_POOL_ID; |
939 | 20.3k | }; |
940 | 16.6k | inline u_int16_t getHostPool(Mac *m) { |
941 | 16.6k | if (m && host_pools) return host_pools->getPool(m); |
942 | 0 | return NO_HOST_POOL_ID; |
943 | 16.6k | }; |
944 | | |
945 | | void loadScalingFactorPrefs(); |
946 | | void getnDPIFlowsCount(lua_State *vm); |
947 | | |
948 | | #ifdef HAVE_NEDGE |
949 | | inline void setInterfaceLocation(u_int32_t interface_id, |
950 | | InterfaceLocation location) { |
951 | | bridge_interface_id_to_location[interface_id] = location; |
952 | | } |
953 | | inline InterfaceLocation getInterfaceLocation(u_int32_t interface_id) { |
954 | | std::map<u_int32_t, InterfaceLocation>::iterator it; |
955 | | if ((it = bridge_interface_id_to_location.find(interface_id)) != |
956 | | bridge_interface_id_to_location.end()) |
957 | | return it->second; |
958 | | else |
959 | | return unknown_interface; |
960 | | } |
961 | | #endif |
962 | | |
963 | 9.61k | inline HostHash *get_hosts_hash() { return (hosts_hash); } |
964 | 0 | inline bool is_bridge_interface() { return (bridge_interface); } |
965 | 0 | inline const char *getLocalIPAddresses() { return (ip_addresses.c_str()); } |
966 | | void addInterfaceAddress(char *const addr); |
967 | | void addInterfaceNetwork(char *const net, char *addr); |
968 | | bool isInterfaceNetwork(IpAddress *ipa, int network_bits); |
969 | 0 | inline int select_database(char *dbname) { |
970 | 0 | return (db ? db->select_database(dbname) : -1); |
971 | 0 | }; |
972 | | inline int exec_sql_query(lua_State *vm, char *sql, bool limit_rows, |
973 | 0 | bool wait_for_db_created = false) { |
974 | 0 | return (db ? db->exec_sql_query(vm, sql, limit_rows, wait_for_db_created) |
975 | 0 | : -1); |
976 | 0 | }; |
977 | | int exec_csv_query(const char *sql, bool dump_in_json_format, |
978 | | struct mg_connection *conn); |
979 | | |
980 | | NetworkStats *getNetworkStats(u_int16_t networkId) const; |
981 | | void allocateStructures(); |
982 | | void getsDPIStats(lua_State *vm); |
983 | 0 | inline bool isDbCreated() { return (db ? db->isDbCreated() : true); }; |
984 | | #ifdef NTOPNG_PRO |
985 | | void updateFlowProfiles(); |
986 | | #ifndef HAVE_NEDGE |
987 | | inline FlowProfile *getFlowProfile(Flow *f) { |
988 | | return (flow_profiles ? flow_profiles->getFlowProfile(f) : NULL); |
989 | | } |
990 | | inline bool checkFilterSyntax(char *filter) { |
991 | | return (flow_profiles ? flow_profiles->checkFilterSyntax(filter) : false); |
992 | | } |
993 | | |
994 | | inline bool checkSubInterfaceSyntax(char *filter) { |
995 | | return (sub_interfaces ? sub_interfaces->checkSyntax(filter) : false); |
996 | | } |
997 | | #endif |
998 | | |
999 | | bool passShaperPacket(TrafficShaper *a_shaper, TrafficShaper *b_shaper, |
1000 | | struct pcap_pkthdr *h); |
1001 | | void initL7Policer(); |
1002 | | #endif |
1003 | | |
1004 | | void getFlowsStatus(lua_State *vm); |
1005 | 0 | inline void startDBLoop() { |
1006 | 0 | if (db) db->startDBLoop(); |
1007 | 0 | }; |
1008 | 0 | inline void incDBNumDroppedFlows(DB *dumper, u_int num = 1) { |
1009 | 0 | if (dumper) dumper->incNumDroppedFlows(num); |
1010 | 0 | }; |
1011 | | #ifdef NTOPNG_PRO |
1012 | | void updateBehaviorStats(const struct timeval *tv); |
1013 | | |
1014 | | virtual void getFlowDevices(lua_State *vm, bool add_table); |
1015 | | virtual void getFlowDeviceInfo(lua_State *vm, u_int32_t deviceIP) { |
1016 | | if (flow_interfaces_stats) |
1017 | | flow_interfaces_stats->luaDeviceInfo(vm, deviceIP, this); |
1018 | | else |
1019 | | lua_newtable(vm); |
1020 | | }; |
1021 | | #endif |
1022 | | virtual void getSFlowDevices(lua_State *vm, bool add_table); |
1023 | 0 | virtual void getSFlowDeviceInfo(lua_State *vm, u_int32_t deviceIP) { |
1024 | 0 | if (interfaceStats) |
1025 | 0 | interfaceStats->luaDeviceInfo(vm, deviceIP); |
1026 | 0 | else |
1027 | 0 | lua_newtable(vm); |
1028 | 0 | }; |
1029 | | int updateHostTrafficPolicy(AddressTree *allowed_networks, char *host_ip, |
1030 | | u_int16_t host_vlan); |
1031 | | |
1032 | 0 | virtual void reloadCompanions(){}; |
1033 | | |
1034 | 0 | void requestGwMacsReload() { gw_macs_reload_requested = true; }; |
1035 | | void reloadGwMacs(); |
1036 | | |
1037 | 7.42k | inline bool serializeLbdHostsAsMacs() { return (lbd_serialize_by_mac); } |
1038 | | void checkReloadHostsBroadcastDomain(); |
1039 | 40.2k | inline bool reloadHostsBroadcastDomain() { return reload_hosts_bcast_domain; } |
1040 | | void reloadHostsBlacklist(); |
1041 | | void checkNetworksAlerts(vector<ScriptPeriodicity> *p, lua_State *vm); |
1042 | | void checkInterfaceAlerts(vector<ScriptPeriodicity> *p, lua_State *vm); |
1043 | 148k | virtual bool areTrafficDirectionsSupported() { return (true); }; |
1044 | | |
1045 | 25.4k | inline bool isView() const { return is_view; }; |
1046 | 54.3k | inline ViewInterface *viewedBy() const { return viewed_by; }; |
1047 | 0 | inline u_int8_t getViewedId() const { return viewed_interface_id; }; |
1048 | 54.3k | inline bool isViewed() const { return viewedBy() != NULL; }; |
1049 | | /* |
1050 | | Method called by a view interface on all its viewed interfaces. |
1051 | | The view passes to this method both its pointer and the viewed interface id, |
1052 | | that is, a numeric identifier for the viewed interface inside the view |
1053 | | interface. |
1054 | | */ |
1055 | | inline void setViewed(ViewInterface *view_iface, |
1056 | 0 | u_int8_t _viewed_interface_id) { |
1057 | 0 | viewed_by = view_iface; |
1058 | 0 | viewed_interface_id = _viewed_interface_id; |
1059 | 0 | }; |
1060 | | |
1061 | | bool getMacInfo(lua_State *vm, char *mac); |
1062 | | bool resetMacStats(lua_State *vm, char *mac, bool delete_data); |
1063 | | bool setMacDeviceType(char *strmac, DeviceType dtype, bool alwaysOverwrite); |
1064 | | bool getASInfo(lua_State *vm, u_int32_t asn); |
1065 | | bool getObsPointInfo(lua_State *vm, u_int16_t obs_point); |
1066 | | bool getOSInfo(lua_State *vm, OSType os_type); |
1067 | | bool getCountryInfo(lua_State *vm, const char *country); |
1068 | | bool getVLANInfo(lua_State *vm, u_int16_t vlan_id); |
1069 | | void incNumHosts(bool local, bool rxOnlyHost); |
1070 | | void decNumHosts(bool local, bool rxOnlyHost); |
1071 | 5.64k | inline void incNumL2Devices() { numL2Devices++; } |
1072 | 188 | inline void decNumL2Devices() { numL2Devices--; } |
1073 | 176k | inline u_int32_t getScalingFactor() const { return (scalingFactor); } |
1074 | 0 | inline void setScalingFactor(u_int32_t f) { scalingFactor = f; } |
1075 | 44.0k | virtual bool isSampledTraffic() const { |
1076 | 44.0k | return ((scalingFactor == 1) ? false : true); |
1077 | 44.0k | } |
1078 | | #ifdef NTOPNG_PRO |
1079 | | virtual bool getCustomAppDetails(u_int32_t remapped_app_id, |
1080 | | u_int32_t *const pen, |
1081 | | u_int32_t *const app_field, |
1082 | | u_int32_t *const app_id) { |
1083 | | return false; |
1084 | | }; |
1085 | | virtual void addToNotifiedInformativeCaptivePortal(u_int32_t client_ip) { ; }; |
1086 | | virtual void addIPToLRUMatches(u_int32_t client_ip, u_int16_t user_pool_id, |
1087 | | char *label) { |
1088 | | ; |
1089 | | }; |
1090 | | #endif |
1091 | | |
1092 | 0 | inline void mdnsSendAnyQuery(char *targetIPv4, char *query) { |
1093 | 0 | if (mdns) mdns->sendAnyQuery(targetIPv4, query); |
1094 | 0 | } |
1095 | | |
1096 | 0 | inline bool mdnsQueueResolveIPv4(u_int32_t ipv4addr, bool alsoUseGatewayDNS) { |
1097 | 0 | return (mdns ? mdns->queueResolveIPv4(ipv4addr, alsoUseGatewayDNS) : false); |
1098 | 0 | } |
1099 | | |
1100 | | inline void mdnsFetchResolveResponses(lua_State *vm, |
1101 | 0 | int32_t timeout_sec = 2) { |
1102 | 0 | if (mdns) mdns->fetchResolveResponses(vm, timeout_sec); |
1103 | 0 | } |
1104 | | |
1105 | 108k | inline bool isSubInterface() { return (is_dynamic_interface); }; |
1106 | | void setSubInterface(NetworkInterface *master_iface, FlowHashingEnum mode, |
1107 | | u_int64_t criteria); |
1108 | 0 | NetworkInterface *getMasterInterface() { return dynamic_interface_master; }; |
1109 | | |
1110 | | bool isLocalBroadcastDomainHost(Host *const h, bool is_inline_call); |
1111 | 0 | inline MDNS *getMDNS() { return (mdns); } |
1112 | 0 | inline NetworkDiscovery *getNetworkDiscovery() { return (discovery); } |
1113 | 20.3k | inline void incPoolNumHosts(u_int16_t id, bool is_inline_call) { |
1114 | 20.3k | if (host_pools) host_pools->incNumHosts(id, is_inline_call); |
1115 | 20.3k | }; |
1116 | 20.3k | inline void decPoolNumHosts(u_int16_t id, bool is_inline_call) { |
1117 | 20.3k | if (host_pools) host_pools->decNumHosts(id, is_inline_call); |
1118 | 20.3k | }; |
1119 | 16.6k | inline void incPoolNumL2Devices(u_int16_t id, bool is_inline_call) { |
1120 | 16.6k | if (host_pools) host_pools->incNumL2Devices(id, is_inline_call); |
1121 | 16.6k | }; |
1122 | 955 | inline void decPoolNumL2Devices(u_int16_t id, bool is_inline_call) { |
1123 | 955 | if (host_pools) host_pools->decNumL2Devices(id, is_inline_call); |
1124 | 955 | }; |
1125 | | Host *findHostByIP(AddressTree *allowed_hosts, char *host_ip, |
1126 | | u_int16_t vlan_id, u_int16_t observationPointId); |
1127 | | TimeseriesExporter *getInfluxDBTSExporter(); |
1128 | | TimeseriesExporter *getRRDTSExporter(); |
1129 | | |
1130 | 0 | inline uint32_t getMaxSpeed() const { return (ifSpeed); } |
1131 | 0 | inline bool isLoopback() const { return (is_loopback); } |
1132 | 0 | inline bool isGwMacConfigured() const { |
1133 | 0 | return (gw_macs->getNumEntries() > 0); |
1134 | 0 | } |
1135 | 0 | inline bool isGwMac(u_int8_t a[6]) const { |
1136 | 0 | return (isGwMacConfigured() && gw_macs->get(a, false) != NULL); |
1137 | 0 | } |
1138 | 0 | inline bool isInterfaceMac(u_int8_t a[6]) const { |
1139 | 0 | return (memcmp(a, ifMac, sizeof(ifMac)) == 0); |
1140 | 0 | } |
1141 | | |
1142 | 88.9k | virtual bool read_from_pcap_dump() const { return (false); }; |
1143 | 17 | virtual bool read_from_pcap_dump_done() const { return (false); }; |
1144 | 0 | virtual void set_read_from_pcap_dump_done() { ; }; |
1145 | | /* |
1146 | | Issue a request for user scripts reload. This is called by ntopng when user |
1147 | | scripts should be reloaded, e.g., after a configuration change. |
1148 | | */ |
1149 | 0 | virtual void updateDirectionStats() { ; } |
1150 | | void reloadDhcpRanges(); |
1151 | | |
1152 | | /* Used to give the interface a new check loader to be used */ |
1153 | | void reloadFlowChecks(FlowChecksLoader *fcbl); |
1154 | | void reloadHostChecks(HostChecksLoader *hcbl); |
1155 | | |
1156 | 9 | inline bool hasConfiguredDhcpRanges() { |
1157 | 9 | return (dhcp_ranges && !dhcp_ranges->last_ip.isEmpty()); |
1158 | 9 | }; |
1159 | 0 | inline bool isFlowDumpDisabled() { return (flow_dump_disabled); } |
1160 | | bool isInDhcpRange(IpAddress *ip); |
1161 | | void getPodsStats(lua_State *vm); |
1162 | | void getContainersStats(lua_State *vm, const char *pod_filter); |
1163 | | bool enqueueFlowToCompanion(ParsedFlow *const pf, bool skip_loopback_traffic); |
1164 | | bool dequeueFlowFromCompanion(ParsedFlow **pf); |
1165 | | |
1166 | | #ifdef INTERFACE_PROFILING |
1167 | | inline void profiling_section_enter(const char *label, int id) { |
1168 | | INTERFACE_PROFILING_SECTION_ENTER(label, id); |
1169 | | }; |
1170 | | inline void profiling_section_exit(int id) { |
1171 | | INTERFACE_PROFILING_SECTION_EXIT(id); |
1172 | | }; |
1173 | | #endif |
1174 | | |
1175 | | void incNumActiveProbes(); |
1176 | | void decNumActiveProbes(); |
1177 | | u_int64_t getNumActiveProbes() const; |
1178 | | |
1179 | | void incNumAlertedFlows(Flow *f, AlertLevel severity); |
1180 | | void decNumAlertedFlows(Flow *f, AlertLevel severity); |
1181 | | virtual u_int64_t getNumActiveAlertedFlows() const; |
1182 | | virtual u_int64_t getNumActiveAlertedFlows( |
1183 | | AlertLevelGroup alert_level_group) const; |
1184 | | void incNumAlertsEngaged(AlertEntity alert_entity, AlertLevel alert_severity); |
1185 | | void decNumAlertsEngaged(AlertEntity alert_entity, AlertLevel alert_severity); |
1186 | | void incNumDroppedAlerts(AlertEntity alert_entity); |
1187 | 0 | inline void incNumWrittenAlerts() { num_written_alerts++; } |
1188 | 0 | inline void incNumAlertsQueries() { num_alerts_queries++; } |
1189 | 0 | inline u_int64_t getNumWrittenAlerts() { return (num_written_alerts); } |
1190 | 0 | inline u_int64_t getNumAlertsQueries() { return (num_alerts_queries); } |
1191 | | void walkAlertables(AlertEntity alert_entity, const char *entity_value, |
1192 | | AddressTree *allowed_nets, alertable_callback *callback, |
1193 | | void *user_data); |
1194 | | void getEngagedAlerts(lua_State *vm, AlertEntity alert_entity, |
1195 | | const char *entity_value, AlertType alert_type, |
1196 | | AlertLevel alert_severity, AlertRole role_filter, |
1197 | | AddressTree *allowed_nets); |
1198 | | |
1199 | | void processExternalAlertable(AlertEntity entity, const char *entity_val, |
1200 | | lua_State *vm, u_int vm_argument_idx, |
1201 | | bool do_store_alert); |
1202 | 0 | virtual bool reproducePcapOriginalSpeed() const { return (false); } |
1203 | | u_int32_t getNumEngagedAlerts() const; |
1204 | | u_int32_t getNumEngagedAlerts(AlertLevelGroup alert_level_group) const; |
1205 | | void luaNumEngagedAlerts(lua_State *vm) const; |
1206 | | int walkActiveHosts(lua_State *vm, HostWalkMode mode, u_int32_t maxHits, |
1207 | | int16_t networkIdFilter, bool localHostsOnly, |
1208 | | bool treeMapMode); |
1209 | | virtual void |
1210 | | flowAlertsDequeueLoop(); /* Body of the loop that dequeues flows for the |
1211 | | execution of user script hooks */ |
1212 | | virtual void hostAlertsDequeueLoop(); /* Same as above but for hosts */ |
1213 | | |
1214 | | virtual void dumpFlowLoop(); /* Body of the loop that dequeues flows for the |
1215 | | database dump */ |
1216 | | void incNumQueueDroppedFlows(u_int32_t num); |
1217 | | /* |
1218 | | Dequeues enqueued flows to dump them to database |
1219 | | */ |
1220 | | u_int64_t dequeueFlowsForDump(u_int idle_flows_budget, |
1221 | | u_int active_flows_budget); |
1222 | | |
1223 | | void execProtocolDetectedChecks(Flow *f); |
1224 | | void execPeriodicUpdateChecks(Flow *f); |
1225 | | void execFlowEndChecks(Flow *f); |
1226 | | void execFlowBeginChecks(Flow *f); |
1227 | | void execHostChecks(Host *h); |
1228 | | |
1229 | 0 | inline void incHostAnomalies(u_int32_t local, u_int32_t remote) { |
1230 | 0 | tot_num_anomalies.local_hosts += local, |
1231 | 0 | tot_num_anomalies.remote_hosts += remote; |
1232 | 0 | }; |
1233 | | |
1234 | | /* |
1235 | | Dequeues enqueued flows to execute user script checks. |
1236 | | Budgets indicate how many flows should be dequeued (if available) to perform |
1237 | | protocol detected, active, and idle checks. |
1238 | | */ |
1239 | | u_int64_t dequeueFlowAlertsFromChecks(u_int budget); |
1240 | 0 | inline FlowChecksExecutor *getFlowCheckExecutor() { |
1241 | 0 | return (flow_checks_executor); |
1242 | 0 | } |
1243 | | |
1244 | | /* Same as above but for hosts */ |
1245 | | u_int64_t dequeueHostAlertsFromChecks(u_int budget); |
1246 | 0 | inline HostChecksExecutor *getHostCheckExecutor() { |
1247 | 0 | return (host_checks_executor); |
1248 | 0 | } |
1249 | | HostCheck *getCheck(HostCheckID t); |
1250 | | |
1251 | | void incObservationPointIdFlows(u_int16_t pointId); |
1252 | | |
1253 | | bool hasObservationPointId(u_int16_t pointId); |
1254 | | bool haveObservationPointsDefined(); |
1255 | | u_int16_t getFirstObservationPointId(); |
1256 | | |
1257 | | struct ndpi_detection_module_struct *initnDPIStruct(); |
1258 | | bool initnDPIReload(); |
1259 | | void finalizenDPIReload(); |
1260 | | void cleanShadownDPI(); |
1261 | 0 | inline bool isnDPIReloadInProgress() { return (ndpiReloadInProgress); } |
1262 | 179k | inline struct ndpi_detection_module_struct *get_ndpi_struct() const { |
1263 | 179k | return (ndpi_struct); |
1264 | 179k | }; |
1265 | 0 | inline ndpi_protocol_category_t get_ndpi_proto_category(ndpi_protocol proto) { |
1266 | 0 | return (ndpi_get_proto_category(get_ndpi_struct(), proto)); |
1267 | 0 | }; |
1268 | | ndpi_protocol_category_t get_ndpi_proto_category(u_int16_t protoid); |
1269 | | void setnDPIProtocolCategory(struct ndpi_detection_module_struct *ndpi_str, |
1270 | | u_int16_t protoId, |
1271 | | ndpi_protocol_category_t protoCategory); |
1272 | | bool nDPILoadIPCategory(char *what, ndpi_protocol_category_t id, |
1273 | | char *list_name); |
1274 | | bool nDPILoadHostnameCategory(char *what, ndpi_protocol_category_t id, |
1275 | | char *list_name); |
1276 | | int nDPILoadMaliciousJA3Signatures(const char *file_path); |
1277 | | int setDomainMask(const char *domain, u_int64_t domain_mask); |
1278 | | int addTrustedIssuerDN(const char *dn); |
1279 | 0 | inline void setLastInterfacenDPIReload(time_t now) { last_ndpi_reload = now; } |
1280 | 0 | inline bool needsnDPICleanup() { return (ndpi_cleanup_needed); } |
1281 | 0 | inline void setnDPICleanupNeeded(bool needed) { |
1282 | 0 | ndpi_cleanup_needed = needed; |
1283 | 0 | } |
1284 | | u_int16_t getnDPIProtoByName(const char *name); |
1285 | 8.19k | inline void decNumSentRcvdHosts(bool isLocal) { |
1286 | 8.19k | if (isLocal) numLocalRxOnlyHosts--; |
1287 | 8.19k | numTotalRxOnlyHosts--; |
1288 | 8.19k | } |
1289 | 0 | inline u_int32_t getNewFlowSerial() { return (flow_serial++); } |
1290 | | bool resetHostTopSites(AddressTree *allowed_hosts, char *host_ip, |
1291 | | u_int16_t vlan_id, u_int16_t observationPointId); |
1292 | | void localHostsServerPorts(lua_State *vm); |
1293 | | |
1294 | 0 | inline void setCustomFlowLuaScriptProtoDetected(LuaEngine *vm) { |
1295 | 0 | customFlowLuaScript_proto = vm; |
1296 | 0 | } |
1297 | 0 | inline void setCustomFlowLuaScriptPeriodic(LuaEngine *vm) { |
1298 | 0 | customFlowLuaScript_periodic = vm; |
1299 | 0 | } |
1300 | 0 | inline void setCustomFlowLuaScriptEnd(LuaEngine *vm) { |
1301 | 0 | customFlowLuaScript_end = vm; |
1302 | 0 | } |
1303 | 0 | inline LuaEngine *getCustomFlowLuaScriptProtoDetected() { |
1304 | 0 | return (customFlowLuaScript_proto); |
1305 | 0 | } |
1306 | 0 | inline LuaEngine *getCustomFlowLuaScriptPeriodic() { |
1307 | 0 | return (customFlowLuaScript_periodic); |
1308 | 0 | } |
1309 | 0 | inline LuaEngine *getCustomFlowLuaScriptEnd() { |
1310 | 0 | return (customFlowLuaScript_end); |
1311 | 0 | } |
1312 | | |
1313 | 0 | inline void setCustomHostLuaScript(LuaEngine *vm) { |
1314 | 0 | customHostLuaScript = vm; |
1315 | 0 | } |
1316 | 0 | inline LuaEngine *getCustomHostLuaScript() { return (customHostLuaScript); } |
1317 | | |
1318 | 243 | inline void setServerPort(bool isTCP, u_int16_t port, ndpi_protocol *proto) { |
1319 | 243 | usedPorts.setServerPort(isTCP, port, proto); |
1320 | 243 | }; |
1321 | 0 | void luaUsedPorts(lua_State *vm) { usedPorts.lua(vm, this); }; |
1322 | | |
1323 | | void getHostsPorts(lua_State *vm); |
1324 | | void getHostsByPort(lua_State *vm); |
1325 | | void getHostsByService(lua_State *vm); |
1326 | | void getFilteredLiveFlowsStats(lua_State *vm); |
1327 | | void getVLANFlowsStats(lua_State *vm); |
1328 | | void getRxOnlyHostsList(lua_State *vm, bool local_host_rx_only, |
1329 | | bool list_host_peers); |
1330 | | |
1331 | | static bool compute_protocol_flow_stats(GenericHashEntry *node, |
1332 | | void *user_data, bool *matched); |
1333 | | static bool compute_client_flow_stats(GenericHashEntry *node, void *user_data, |
1334 | | bool *matched); |
1335 | | static bool compute_server_flow_stats(GenericHashEntry *node, void *user_data, |
1336 | | bool *matched); |
1337 | | static bool compute_client_server_srv_port_flow_stats(GenericHashEntry *node, |
1338 | | void *user_data, |
1339 | | bool *matched); |
1340 | | static bool compute_client_server_srv_port_app_proto_flow_stats(GenericHashEntry *node, |
1341 | | void *user_data, |
1342 | | bool *matched); |
1343 | | static bool get_host_ports(GenericHashEntry *node, |
1344 | | void *user_data, |
1345 | | bool *matched); |
1346 | | static bool get_hosts_by_port(GenericHashEntry *node, |
1347 | | void *user_data, |
1348 | | bool *matched); |
1349 | | static bool get_hosts_by_service(GenericHashEntry *node, |
1350 | | void *user_data, |
1351 | | bool *matched); |
1352 | | |
1353 | | #ifdef NTOPNG_PRO |
1354 | | static bool compute_client_server_flow_stats(GenericHashEntry *node, |
1355 | | void *user_data, bool *matched); |
1356 | | static bool compute_app_client_server_flow_stats(GenericHashEntry *node, |
1357 | | void *user_data, |
1358 | | bool *matched); |
1359 | | static bool compute_info_flow_stats(GenericHashEntry *node, void *user_data, |
1360 | | bool *matched); |
1361 | | #endif |
1362 | | void getActiveMacs(lua_State *vm); |
1363 | | |
1364 | | }; |
1365 | | |
1366 | | #endif /* _NETWORK_INTERFACE_H_ */ |