/src/ntopng/include/FlowAlert.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * |
3 | | * (C) 2013-25 - ntop.org |
4 | | * |
5 | | * |
6 | | * This program is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU General Public License as published by |
8 | | * the Free Software Foundation; either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * This program is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU General Public License |
17 | | * along with this program; if not, write to the Free Software Foundation, |
18 | | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
19 | | * |
20 | | */ |
21 | | |
22 | | #ifndef _FLOW_ALERT_H_ |
23 | | #define _FLOW_ALERT_H_ |
24 | | |
25 | | #include "ntop_includes.h" |
26 | | |
27 | | class FlowAlert { |
28 | | private: |
29 | | Flow *flow; |
30 | | std::string check_name; |
31 | | bool cli_attacker, srv_attacker; |
32 | | bool cli_victim, srv_victim; |
33 | | u_int8_t cli_score, srv_score; |
34 | | u_int8_t alert_score; |
35 | | char *json_alert; |
36 | | bool refresh_json_alert; |
37 | | |
38 | | /* |
39 | | Adds to the passed `serializer` (generated with `getAlertSerializer`) |
40 | | information specific to this alert |
41 | | */ |
42 | 0 | virtual ndpi_serializer *getAlertJSON(ndpi_serializer *serializer) { |
43 | 0 | return serializer; |
44 | 0 | } |
45 | | |
46 | | public: |
47 | | FlowAlert(FlowCheck *c, Flow *f); |
48 | | virtual ~FlowAlert(); |
49 | | |
50 | 0 | inline void setCliAttacker() { cli_attacker = true; } |
51 | 0 | inline void setSrvAttacker() { srv_attacker = true; } |
52 | 0 | inline void setCliVictim() { cli_victim = true; } |
53 | 0 | inline void setSrvVictim() { srv_victim = true; } |
54 | | |
55 | 0 | inline bool isCliAttacker() { return cli_attacker; } |
56 | 0 | inline bool isCliVictim() { return cli_victim; } |
57 | | |
58 | 0 | inline bool isSrvAttacker() { return srv_attacker; } |
59 | 0 | inline bool isSrvVictim() { return srv_victim; } |
60 | | |
61 | 0 | inline void setCliSrvScores(u_int8_t c, u_int8_t s) { |
62 | 0 | cli_score = min_val(c, SCORE_MAX_VALUE); |
63 | 0 | srv_score = min_val(s, SCORE_MAX_VALUE); |
64 | 0 | if (cli_score + srv_score > SCORE_MAX_VALUE) srv_score = SCORE_MAX_VALUE - cli_score; |
65 | 0 | }; |
66 | 0 | inline u_int8_t getCliScore() { return cli_score; }; |
67 | 0 | inline u_int8_t getSrvScore() { return srv_score; }; |
68 | | |
69 | | virtual FlowAlertType getAlertType() const = 0; |
70 | 0 | inline u_int8_t getAlertScore() const { return alert_score; }; |
71 | 0 | inline void setAlertScore(u_int8_t value) { |
72 | 0 | if (value > SCORE_MAX_VALUE) value = SCORE_MAX_VALUE; |
73 | 0 | alert_score = value; |
74 | 0 | }; |
75 | | |
76 | | /* false = alert that requires attention, true = not important (auto ack) */ |
77 | 0 | virtual bool autoAck() const { return true; }; |
78 | | |
79 | 0 | inline Flow *getFlow() const { return (flow); } |
80 | 0 | inline std::string getCheckName() const { return (check_name); } |
81 | | |
82 | | /* |
83 | | Generates the JSON alert serializer with base information and per-check |
84 | | information gathered with `getAlertJSON`. The returned string should not |
85 | | be freed by the caller as it is a reference to an internal string released |
86 | | with the alert. |
87 | | */ |
88 | | const char *getSerializedAlert(); |
89 | 0 | inline void refreshAlert() { refresh_json_alert = true; }; |
90 | | }; |
91 | | |
92 | | #endif /* _FLOW_ALERT_H_ */ |