/src/ntopng/include/HostStats.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * |
3 | | * (C) 2013-25 - ntop.org |
4 | | * |
5 | | * |
6 | | * This program is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU General Public License as published by |
8 | | * the Free Software Foundation; either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * This program is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU General Public License |
17 | | * along with this program; if not, write to the Free Software Foundation, |
18 | | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
19 | | * |
20 | | */ |
21 | | |
22 | | #ifndef _HOST_STATS_H_ |
23 | | #define _HOST_STATS_H_ |
24 | | |
25 | | class Host; |
26 | | |
27 | | class HostStats : public GenericTrafficElement { |
28 | | protected: |
29 | | Host *host; |
30 | | |
31 | | u_int8_t client_flows_anomaly : 1, server_flows_anomaly : 1, |
32 | | client_score_anomaly : 1, server_score_anomaly : 1, _notused : 4; |
33 | | u_int32_t total_alerts; |
34 | | u_int32_t unreachable_flows_as_client, unreachable_flows_as_server; |
35 | | /* Used concurrently in view interfaces, possibly removed after |
36 | | * https://github.com/ntop/ntopng/issues/4596 */ |
37 | | u_int32_t alerted_flows_as_client, alerted_flows_as_server; |
38 | | u_int32_t host_unreachable_flows_as_client, host_unreachable_flows_as_server; |
39 | | u_int32_t total_num_flows_as_client, total_num_flows_as_server; |
40 | | u_int32_t num_flow_alerts; |
41 | | u_int64_t udp_sent_unicast, udp_sent_non_unicast; |
42 | | L4Stats l4stats; |
43 | | |
44 | | u_int8_t consecutive_high_score; |
45 | | time_t periodicUpdate, periodic_stats_update; |
46 | | |
47 | | /* *************************************** */ |
48 | | /* Behavioural analysis regarding the host */ |
49 | | DESCounter active_flows_srv, active_flows_cli, score_cli, score_srv; |
50 | | |
51 | | /* **************************************** */ |
52 | | |
53 | | /* Written by NetworkInterface::periodicStatsUpdate thread */ |
54 | | // NOTE: GenericTrafficElement inherited data is updated periodically too |
55 | | u_int32_t total_activity_time /* sec */; |
56 | | u_int32_t last_epoch_update; /* useful to avoid multiple updates */ |
57 | | |
58 | | #ifdef NTOPNG_PRO |
59 | | HostPoolStats *quota_enforcement_stats, *quota_enforcement_stats_shadow; |
60 | | #endif |
61 | | |
62 | | /* Written by NetworkInterface::processPacket thread */ |
63 | | PacketStats sent_stats, recv_stats; |
64 | | |
65 | | /* Used to store checkpoint data to build top talkers stats */ |
66 | | struct { |
67 | | u_int64_t sent_bytes; |
68 | | u_int64_t rcvd_bytes; |
69 | | } checkpoints; |
70 | | |
71 | | public: |
72 | | HostStats(Host *_host); |
73 | | virtual ~HostStats(); |
74 | | |
75 | | virtual void incStats(time_t when, u_int8_t l4_proto, u_int ndpi_proto, |
76 | | ndpi_protocol_category_t ndpi_category, |
77 | | custom_app_t custom_app, u_int64_t sent_packets, |
78 | | u_int64_t sent_bytes, u_int64_t sent_goodput_bytes, |
79 | | u_int64_t rcvd_packets, u_int64_t rcvd_bytes, |
80 | | u_int64_t rcvd_goodput_bytes, bool peer_is_unicast); |
81 | | void checkpoint(lua_State *vm); |
82 | | virtual void getJSONObject(json_object *my_object, |
83 | | DetailsLevel details_level); |
84 | | inline void incFlagStats(bool as_client, u_int8_t flags, |
85 | 38.5k | bool cumulative_flags) { |
86 | 38.5k | if (as_client) |
87 | 19.2k | sent_stats.incFlagStats(flags, cumulative_flags); |
88 | 19.2k | else |
89 | 19.2k | recv_stats.incFlagStats(flags, cumulative_flags); |
90 | 38.5k | }; |
91 | | |
92 | 0 | virtual void computeAnomalyIndex(time_t when){}; |
93 | 0 | virtual u_int32_t getResetFlow() { return(0); }; |
94 | 0 | virtual void incResetFlow() {}; |
95 | 18.2k | inline Host *getHost() const { return (host); } |
96 | 0 | inline void incNumAlertedFlows(bool as_client) { |
97 | 0 | if (as_client) |
98 | 0 | alerted_flows_as_client++; |
99 | 0 | else |
100 | 0 | alerted_flows_as_server++; |
101 | 0 | }; |
102 | 306 | inline void incNumUnreachableFlows(bool as_server) { |
103 | 306 | if (as_server) |
104 | 153 | unreachable_flows_as_server++; |
105 | 153 | else |
106 | 153 | unreachable_flows_as_client++; |
107 | 306 | } |
108 | 312 | inline void incNumHostUnreachableFlows(bool as_server) { |
109 | 312 | if (as_server) |
110 | 156 | host_unreachable_flows_as_server++; |
111 | 156 | else |
112 | 156 | host_unreachable_flows_as_client++; |
113 | 312 | }; |
114 | 0 | inline void incNumFlowAlerts() { num_flow_alerts++; }; |
115 | 0 | inline void incTotalAlerts() { total_alerts++; }; |
116 | 0 | inline u_int32_t getTotalAlertedNumFlowsAsClient() const { |
117 | 0 | return (alerted_flows_as_client); |
118 | 0 | }; |
119 | 0 | inline u_int32_t getTotalAlertedNumFlowsAsServer() const { |
120 | 0 | return (alerted_flows_as_server); |
121 | 0 | }; |
122 | 0 | inline u_int32_t getTotalUnreachableNumFlowsAsClient() const { |
123 | 0 | return (unreachable_flows_as_client); |
124 | 0 | }; |
125 | 0 | inline u_int32_t getTotalUnreachableNumFlowsAsServer() const { |
126 | 0 | return (unreachable_flows_as_server); |
127 | 0 | }; |
128 | 0 | inline u_int32_t getTotalHostUnreachableNumFlowsAsClient() const { |
129 | 0 | return (host_unreachable_flows_as_client); |
130 | 0 | }; |
131 | 0 | inline u_int32_t getTotalHostUnreachableNumFlowsAsServer() const { |
132 | 0 | return (host_unreachable_flows_as_server); |
133 | 0 | }; |
134 | 0 | u_int32_t getTotalAlerts() const { return (total_alerts); }; |
135 | 0 | inline u_int32_t getNumFlowAlerts() const { return (num_flow_alerts); }; |
136 | | void luaNdpiStats(lua_State *vm); |
137 | | void luaActiveFlowsBehaviour(lua_State *vm); |
138 | | void luaScoreBehaviour(lua_State *vm); |
139 | | void luaStats(lua_State *vm, NetworkInterface *iface, bool host_details, |
140 | | bool verbose, bool tsLua = false); |
141 | 0 | virtual u_int16_t getNumActiveContactsAsClient() { return 0; } |
142 | 0 | virtual u_int16_t getNumActiveContactsAsServer() { return 0; } |
143 | 0 | virtual void resetTopSitesData(){}; |
144 | 0 | virtual void addContactedDomainName(char *domain_name) {} |
145 | 0 | virtual u_int32_t getDomainNamesCardinality() { return (u_int32_t)-1; } |
146 | 0 | virtual void resetDomainNamesCardinality() {} |
147 | | |
148 | 38.3k | inline void incSentStats(u_int num_pkts, u_int pkt_len) { |
149 | 38.3k | sent_stats.incStats(num_pkts, pkt_len); |
150 | 38.3k | }; |
151 | 38.3k | inline void incRecvStats(u_int num_pkts, u_int pkt_len) { |
152 | 38.3k | recv_stats.incStats(num_pkts, pkt_len); |
153 | 38.3k | }; |
154 | 47.9k | inline void incnDPIFlows(u_int16_t l7_protocol) { |
155 | 47.9k | if (ndpiStats) ndpiStats->incFlowsStats(l7_protocol); |
156 | 47.9k | }; |
157 | 0 | inline void incrConsecutiveHighScore() { consecutive_high_score++; }; |
158 | 0 | inline void resetConsecutiveHighScore() { consecutive_high_score = 0; }; |
159 | 0 | inline u_int8_t getConsecutiveHighScore() { |
160 | 0 | return (consecutive_high_score); |
161 | 0 | }; |
162 | 0 | inline u_int32_t getTotalNumFlowsAsClient() const { |
163 | 0 | return (total_num_flows_as_client); |
164 | 0 | }; |
165 | 0 | inline u_int32_t getTotalNumFlowsAsServer() const { |
166 | 0 | return (total_num_flows_as_server); |
167 | 0 | }; |
168 | 0 | inline u_int32_t getTotalActivityTime() const { |
169 | 0 | return (total_activity_time); |
170 | 0 | }; |
171 | 51.9k | virtual void incNumFlows(bool as_client) { |
172 | 51.9k | if (as_client) |
173 | 25.9k | total_num_flows_as_client++; |
174 | 25.9k | else |
175 | 25.9k | total_num_flows_as_server++; |
176 | 51.9k | }; |
177 | | |
178 | 0 | virtual bool hasAnomalies(time_t when) { return false; }; |
179 | 0 | virtual void luaAnomalies(lua_State *vm, time_t when){}; |
180 | 0 | virtual void luaPeers(lua_State *vm){}; |
181 | | virtual void lua(lua_State *vm, bool mask_host, DetailsLevel details_level); |
182 | | void updateStats(const struct timeval *tv); |
183 | | virtual void luaHostBehaviour(lua_State *vm); |
184 | | #ifdef NTOPNG_PRO |
185 | | inline void incQuotaEnforcementStats(time_t when, u_int16_t ndpi_proto, |
186 | | u_int64_t sent_packets, |
187 | | u_int64_t sent_bytes, |
188 | | u_int64_t rcvd_packets, |
189 | | u_int64_t rcvd_bytes) { |
190 | | if (quota_enforcement_stats) |
191 | | quota_enforcement_stats->incStats(when, ndpi_proto, sent_packets, |
192 | | sent_bytes, rcvd_packets, rcvd_bytes); |
193 | | }; |
194 | | inline void incQuotaEnforcementCategoryStats( |
195 | | time_t when, ndpi_protocol_category_t category_id, u_int64_t sent_bytes, |
196 | | u_int64_t rcvd_bytes) { |
197 | | if (quota_enforcement_stats) |
198 | | quota_enforcement_stats->incCategoryStats(when, category_id, sent_bytes, |
199 | | rcvd_bytes); |
200 | | } |
201 | | inline void resetQuotaStats() { |
202 | | if (quota_enforcement_stats) quota_enforcement_stats->resetStats(); |
203 | | }; |
204 | | |
205 | | void allocateQuotaEnforcementStats(); |
206 | | void deleteQuotaEnforcementStats(); |
207 | | inline HostPoolStats *getQuotaEnforcementStats() { |
208 | | return (quota_enforcement_stats); |
209 | | } |
210 | | #endif |
211 | | |
212 | 0 | virtual void luaHTTP(lua_State *vm) {} |
213 | 0 | virtual void luaDNS(lua_State *vm, bool verbose) {} |
214 | 0 | virtual void luaICMP(lua_State *vm, bool isV4, bool verbose) {} |
215 | 0 | virtual void incrVisitedWebSite(char *hostname) {} |
216 | 0 | virtual HTTPstats *getHTTPstats() { return (NULL); } |
217 | 0 | virtual DnsStats *getDNSstats() { return (NULL); } |
218 | 0 | virtual ICMPstats *getICMPstats() { return (NULL); } |
219 | | |
220 | 23.9k | virtual void incCliContactedPorts(u_int16_t port) { ; } |
221 | 23.9k | virtual void incSrvPortsContacts(u_int16_t port) { ; } |
222 | 846 | virtual void incContactedService(char *name) { ; } |
223 | 15.6k | virtual void incCliContactedHosts(IpAddress *peer) { ; } |
224 | 34.2k | virtual void incSrvHostContacts(IpAddress *peer) { ; } |
225 | 0 | virtual void incContactedHosts(char *hostname) { ; } |
226 | 0 | virtual void incCountriesContacts(char *country) { ; } |
227 | | |
228 | 0 | virtual void resetCountriesContacts() { ; } |
229 | 0 | virtual void resetContactedHosts() { ; } |
230 | | |
231 | 0 | virtual u_int16_t getCountriesContactsCardinality() { |
232 | 0 | return ((u_int16_t)-1); |
233 | 0 | } |
234 | 0 | virtual u_int16_t getContactedHostsCardinality() { return ((u_int16_t)-1); } |
235 | | |
236 | 0 | virtual u_int32_t getNTPContactCardinality() { return ((u_int32_t)-1); } |
237 | 0 | virtual u_int32_t getDNSContactCardinality() { return ((u_int32_t)-1); } |
238 | 0 | virtual u_int32_t getSMTPContactCardinality() { return ((u_int32_t)-1); } |
239 | 0 | virtual u_int32_t getIMAPContactCardinality() { return ((u_int32_t)-1); } |
240 | 0 | virtual u_int32_t getPOPContactCardinality() { return ((u_int32_t)-1); } |
241 | | |
242 | 0 | virtual bool incNTPContactCardinality(Host *h) { return (false); } |
243 | 0 | virtual bool incDNSContactCardinality(Host *h) { return (false); } |
244 | 0 | virtual bool incSMTPContactCardinality(Host *h) { return (false); } |
245 | 0 | virtual bool incIMAPContactCardinality(Host *h) { return (false); } |
246 | 0 | virtual bool incPOPContactCardinality(Host *h) { return (false); } |
247 | | |
248 | 0 | inline bool has_flows_anomaly(bool as_client) { |
249 | 0 | return (as_client ? client_flows_anomaly : server_flows_anomaly); |
250 | 0 | } |
251 | 0 | inline u_int64_t value_flows_anomaly(bool as_client) { |
252 | 0 | return (as_client ? active_flows_cli.getLastValue() |
253 | 0 | : active_flows_srv.getLastValue()); |
254 | 0 | } |
255 | 0 | inline u_int64_t lower_bound_flows_anomaly(bool as_client) { |
256 | 0 | return (as_client ? active_flows_cli.getLastLowerBound() |
257 | 0 | : active_flows_srv.getLastLowerBound()); |
258 | 0 | } |
259 | 0 | inline u_int64_t upper_bound_flows_anomaly(bool as_client) { |
260 | 0 | return (as_client ? active_flows_cli.getLastUpperBound() |
261 | 0 | : active_flows_srv.getLastUpperBound()); |
262 | 0 | } |
263 | | |
264 | 0 | inline bool has_score_anomaly(bool as_client) { |
265 | 0 | return (as_client ? client_score_anomaly : server_score_anomaly); |
266 | 0 | } |
267 | 0 | inline u_int64_t lower_bound_score_anomaly(bool as_client) { |
268 | 0 | return (as_client ? score_cli.getLastLowerBound() |
269 | 0 | : score_srv.getLastLowerBound()); |
270 | 0 | } |
271 | 0 | inline u_int64_t upper_bound_score_anomaly(bool as_client) { |
272 | 0 | return (as_client ? score_cli.getLastUpperBound() |
273 | 0 | : score_srv.getLastUpperBound()); |
274 | 0 | } |
275 | | |
276 | 0 | inline PacketStats *getSentStats() { return (&sent_stats); } |
277 | 0 | inline PacketStats *getRecvStats() { return (&recv_stats); } |
278 | 0 | inline L4Stats *getL4Stats() { return (&l4stats); } |
279 | 26.7k | inline bool isReceiveOnly() { |
280 | 26.7k | return ((getNumPktsSent() > 0) ? false : true); |
281 | 26.7k | } |
282 | | }; |
283 | | |
284 | | #endif |