/src/ntopng/include/ParsedFlow.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * |
3 | | * (C) 2013-25 - ntop.org |
4 | | * |
5 | | * |
6 | | * This program is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU General Public License as published by |
8 | | * the Free Software Foundation; either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * This program is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU General Public License |
17 | | * along with this program; if not, write to the Free Software Foundation, |
18 | | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
19 | | * |
20 | | */ |
21 | | |
22 | | #ifndef _PARSED_FLOW_H_ |
23 | | #define _PARSED_FLOW_H_ |
24 | | |
25 | | #include "ntop_includes.h" |
26 | | |
27 | | class ParsedFlow : public ParsedFlowCore, public ParsedeBPF { |
28 | | private: |
29 | | bool has_parsed_ebpf, is_swapped; |
30 | | json_object *additional_fields_json; |
31 | | ndpi_serializer *additional_fields_tlv; |
32 | | char *l7_info; |
33 | | char *http_url, *http_site, *http_user_agent, *dhcp_client_name, *sip_call_id; |
34 | | ndpi_http_method http_method; |
35 | | char *dns_query; |
36 | | char *end_reason; |
37 | | char *tls_server_name, *bittorrent_hash; |
38 | | char *ja4c_hash; |
39 | | char *flow_risk_info; |
40 | | char *external_alert; |
41 | | char *l7_json; |
42 | | char *smtp_rcp_to, *smtp_mail_from; |
43 | | u_int32_t src_ip_addr_pre_nat, dst_ip_addr_pre_nat, |
44 | | src_ip_addr_post_nat, dst_ip_addr_post_nat; |
45 | | u_int8_t tls_unsafe_cipher, flow_verdict; |
46 | | ndpi_os os_hint; |
47 | | u_int16_t tls_cipher; |
48 | | u_int16_t http_ret_code; |
49 | | u_int16_t dns_query_type, dns_ret_code, dns_query_id; |
50 | | u_int32_t l7_error_code; |
51 | | u_int16_t src_port_pre_nat, dst_port_pre_nat, |
52 | | src_port_post_nat, dst_port_post_nat; |
53 | | custom_app_t custom_app; |
54 | | ndpi_confidence_t confidence; |
55 | | ndpi_risk ndpi_flow_risk_bitmap; |
56 | | char *ndpi_flow_risk_name; |
57 | | FlowSource flow_source; |
58 | | char *wlan_ssid; |
59 | | u_int8_t wtp_mac_address[6]; |
60 | | struct { |
61 | | u_int8_t src_to_dst, dst_to_src; |
62 | | } qoe; |
63 | | |
64 | | public: |
65 | | ParsedFlow(); |
66 | | |
67 | | ParsedFlow(const ParsedFlow &pf); |
68 | | |
69 | 0 | inline void addAdditionalField(const char *key, json_object *field) { |
70 | 0 | if (!additional_fields_json) |
71 | 0 | additional_fields_json = json_object_new_object(); |
72 | 0 | if (additional_fields_json) |
73 | 0 | json_object_object_add(additional_fields_json, key, field); |
74 | 0 | } |
75 | | |
76 | 0 | inline void addAdditionalField(ndpi_deserializer *deserializer) { |
77 | 0 | if (!additional_fields_tlv) { |
78 | 0 | additional_fields_tlv = |
79 | 0 | (ndpi_serializer *)calloc(1, sizeof(ndpi_serializer)); |
80 | 0 | if (additional_fields_tlv) |
81 | 0 | ndpi_init_serializer_ll(additional_fields_tlv, |
82 | 0 | ndpi_serialization_format_tlv, 64); |
83 | 0 | } |
84 | | |
85 | 0 | if (additional_fields_tlv) |
86 | 0 | ndpi_deserialize_clone_item(deserializer, additional_fields_tlv); |
87 | 0 | } |
88 | | |
89 | 0 | inline json_object *getAdditionalFieldsJSON() { return additional_fields_json; }; |
90 | 0 | inline ndpi_serializer *getAdditionalFieldsTLV() { |
91 | 0 | ndpi_serializer *tlv = additional_fields_tlv; |
92 | 0 | additional_fields_tlv = NULL; |
93 | 0 | return tlv; |
94 | 0 | }; |
95 | 0 | inline bool hasParsedeBPF() const { return has_parsed_ebpf; }; |
96 | 0 | inline void setParsedeBPF() { has_parsed_ebpf = true; }; |
97 | 0 | inline void setParsedProcessInfo() { process_info_set = true; setParsedeBPF(); } |
98 | 0 | inline void setParsedContainerInfo() { container_info_set = true; setParsedeBPF(); } |
99 | | |
100 | | virtual ~ParsedFlow(); |
101 | | |
102 | | void freeMemory(); |
103 | | void swap(); |
104 | | void fromLua(lua_State *L, int index); |
105 | | |
106 | 0 | inline void setL7Info(const char *str) { if(l7_info != NULL) free(l7_info); if(str) { l7_info = strdup(str); } else l7_info = NULL; } |
107 | 0 | inline void setHTTPurl(const char *str) { if(http_url != NULL) free(http_url); if(str) { http_url = strdup(str); } else http_url = NULL; } |
108 | 0 | inline void setHTTPsite(const char *str) { if(http_site != NULL) free(http_site); if(str) { http_site = strdup(str);} else http_site = NULL; } |
109 | 0 | inline void setHTTPuserAgent(const char *str) { if(http_user_agent != NULL) free(http_user_agent); if(str) { http_user_agent = strdup(str);} else http_user_agent = NULL; } |
110 | 0 | inline void setHTTPMethod(ndpi_http_method m) { http_method = m; } |
111 | 0 | inline void setDNSQuery(const char *str) { if(dns_query != NULL) free(dns_query); if(str) { dns_query = strdup(str);} else dns_query = NULL; } |
112 | 0 | inline void setTLSserverName(const char *str) { if(tls_server_name != NULL) free(tls_server_name); if(str) { tls_server_name = strdup(str);} else tls_server_name = NULL; } |
113 | 0 | inline void setBittorrentHash(const char *str) { if(bittorrent_hash != NULL) free(bittorrent_hash); if(str) { bittorrent_hash = strdup(str);} else bittorrent_hash = NULL; } |
114 | 0 | inline void setJA4cHash(const char *str) { if(ja4c_hash != NULL) free(ja4c_hash); if(str) { ja4c_hash = strdup(str); } else ja4c_hash = NULL; } |
115 | 0 | inline void setRiskInfo(const char *str) { if(flow_risk_info != NULL) free(flow_risk_info); if(str) { flow_risk_info = strdup(str); } else flow_risk_info = NULL; } |
116 | 0 | inline void setExternalAlert(const char *str) { if(external_alert != NULL) free(external_alert); if(str) { external_alert = strdup(str);} else external_alert = NULL; } |
117 | 0 | inline void setL7JSON(const char *str) { if(l7_json != NULL) free(l7_json); if(str) { l7_json = strdup(str);} else l7_json = NULL; } |
118 | 0 | inline void setTLSUnsafeCipher(u_int8_t v) { tls_unsafe_cipher = v; } |
119 | 0 | inline void setTLSCipher(u_int16_t v) { tls_cipher = v; } |
120 | 0 | inline void setFlowVerdict(u_int8_t v) { flow_verdict = v; } |
121 | 0 | inline void setHTTPRetCode(u_int16_t v) { http_ret_code = v; } |
122 | 0 | inline void setDNSQueryType(u_int16_t v) { dns_query_type = v; } |
123 | 0 | inline void setDNSRetCode(u_int16_t v) { dns_ret_code = v; } |
124 | 0 | inline void setDNSQueryId(u_int16_t v) { dns_query_id = v; } |
125 | 0 | inline void setL7ErrorCode(u_int32_t v) { l7_error_code = v; } |
126 | 0 | inline void setCustomApp(custom_app_t c) { custom_app = c; } |
127 | 0 | inline void setConfidence(ndpi_confidence_t c) { confidence = c; } |
128 | 0 | inline void setRisk(ndpi_risk r) { ndpi_flow_risk_bitmap = r; } |
129 | 0 | inline void setFlowSource(FlowSource n) { flow_source = n; } |
130 | 0 | inline void setEndReason(const char *str) { if(end_reason != NULL) free(end_reason); if(str) { end_reason = strdup(str);} else end_reason = NULL; } |
131 | 0 | inline void setSMTPRcptTo(const char *str) { if(smtp_rcp_to != NULL) free(smtp_rcp_to); if(str) { smtp_rcp_to = strdup(str);} else smtp_rcp_to = NULL; } |
132 | 0 | inline void setSMTPMailFrom(const char *str) { if(smtp_mail_from != NULL) free(smtp_mail_from); if(str) { smtp_mail_from = strdup(str);} else smtp_mail_from = NULL; } |
133 | 0 | inline void setRiskName(const char *str) { if(ndpi_flow_risk_name != NULL) free(ndpi_flow_risk_name); if (str) { ndpi_flow_risk_name = strdup(str);} else ndpi_flow_risk_name = NULL; } |
134 | 0 | inline void setDHCPClientName(const char *str) { if(dhcp_client_name != NULL) free(dhcp_client_name); if(str) { dhcp_client_name = strdup(str);} else dhcp_client_name = NULL; } |
135 | 0 | inline void setSIPCallId(const char *str) { if(sip_call_id != NULL) free(sip_call_id); if(str) { sip_call_id = strdup(str);} else sip_call_id = NULL; } |
136 | 0 | inline void setPreNATSrcIp(u_int32_t v) { src_ip_addr_pre_nat = v; }; |
137 | 0 | inline void setPreNATDstIp(u_int32_t v) { dst_ip_addr_pre_nat = v; }; |
138 | 0 | inline void setPostNATSrcIp(u_int32_t v) { src_ip_addr_post_nat = v; }; |
139 | 0 | inline void setPostNATDstIp(u_int32_t v) { dst_ip_addr_post_nat = v; }; |
140 | 0 | inline void setPreNATSrcPort(u_int16_t v) { src_port_pre_nat = v; }; |
141 | 0 | inline void setPreNATDstPort(u_int16_t v) { dst_port_pre_nat = v; }; |
142 | 0 | inline void setPostNATSrcPort(u_int16_t v) { src_port_post_nat = v; }; |
143 | 0 | inline void setPostNATDstPort(u_int16_t v) { dst_port_post_nat = v; }; |
144 | 0 | inline void setWLANSSID(const char *str) { if(wlan_ssid != NULL) free(wlan_ssid); if(str) { wlan_ssid = strdup(str);} else wlan_ssid = NULL; } |
145 | 0 | inline void setWTPMACAddress(const char *str) { Utils::parseMac(wtp_mac_address, str); } |
146 | | |
147 | | /* ****** */ |
148 | 0 | inline char* getL7Info(bool setToNULL = false) { char *r = l7_info; if(setToNULL) l7_info = NULL; return(r); } |
149 | 0 | inline char* getHTTPurl(bool setToNULL = false) { char *r = http_url; if(setToNULL) http_url = NULL; return(r); } |
150 | 0 | inline char* getHTTPsite(bool setToNULL = false) { char *r = http_site; if(setToNULL) http_site = NULL; return(r); } |
151 | 0 | inline char* getHTTPuserAgent(bool setToNULL = false) { char *r = http_user_agent; if(setToNULL) http_user_agent = NULL; return(r); } |
152 | 0 | inline ndpi_http_method getHTTPMethod() { return(http_method); } |
153 | 0 | inline char* getDNSQuery(bool setToNULL = false) { char *r = dns_query; if(setToNULL) dns_query = NULL; return(r); } |
154 | 0 | inline char* getTLSserverName(bool setToNULL = false) { char *r = tls_server_name; if(setToNULL) tls_server_name = NULL; return(r); } |
155 | 0 | inline char* getBittorrentHash(bool setToNULL = false) { char *r = bittorrent_hash; if(setToNULL) bittorrent_hash = NULL; return(r); } |
156 | 0 | inline char* getJA4cHash(bool setToNULL = false) { char *r = ja4c_hash; if(setToNULL) ja4c_hash = NULL; return(r); } |
157 | 0 | inline char* getRiskInfo(bool setToNULL = false) { char *r = flow_risk_info; if(setToNULL) flow_risk_info = NULL; return(r); } |
158 | 0 | inline char* getExternalAlert(bool setToNULL = false) { char *r = external_alert; if(setToNULL) external_alert = NULL; return(r); } |
159 | 0 | inline char* getL7JSON(bool setToNULL = false) { char *r = l7_json; if(setToNULL) l7_json = NULL; return(r); } |
160 | 0 | inline char* getEndReason(bool setToNull = false) { char *r = end_reason; if(setToNull) end_reason = NULL; return(r); } |
161 | 0 | inline char* getSMTPRcptTo(bool setToNull = false) { char *r = smtp_rcp_to; if(setToNull) smtp_rcp_to = NULL; return(r); } |
162 | 0 | inline char* getSMTPMailFrom(bool setToNull = false) { char *r = smtp_mail_from; if(setToNull) smtp_mail_from = NULL; return(r); } |
163 | 0 | inline char* getDHCPClientName(bool setToNull = false) { char *r = dhcp_client_name; if(setToNull) dhcp_client_name = NULL; return(r); } |
164 | 0 | inline char* getSIPCallId(bool setToNull = false) { char *r = sip_call_id; if(setToNull) sip_call_id = NULL; return(r); } |
165 | 0 | inline char* getWLANSSID(bool setToNull = false) { char *r = wlan_ssid; if(setToNull) wlan_ssid = NULL; return(r); } |
166 | 0 | inline u_int8_t *getWTPMACAddress() { return wtp_mac_address; } |
167 | | |
168 | 0 | inline u_int32_t getPreNATSrcIp() { return src_ip_addr_pre_nat; }; |
169 | 0 | inline u_int32_t getPreNATDstIp() { return dst_ip_addr_pre_nat; }; |
170 | 0 | inline u_int32_t getPostNATSrcIp() { return src_ip_addr_post_nat; }; |
171 | 0 | inline u_int32_t getPostNATDstIp() { return dst_ip_addr_post_nat; }; |
172 | 0 | inline u_int16_t getPreNATSrcPort() { return src_port_pre_nat; }; |
173 | 0 | inline u_int16_t getPreNATDstPort() { return dst_port_pre_nat; }; |
174 | 0 | inline u_int16_t getPostNATSrcPort() { return src_port_post_nat; }; |
175 | 0 | inline u_int16_t getPostNATDstPort() { return dst_port_post_nat; }; |
176 | 0 | inline u_int8_t getTLSUnsafeCipher() { return(tls_unsafe_cipher); } |
177 | 0 | inline u_int16_t getTLSCipher() { return(tls_cipher); } |
178 | 0 | inline u_int8_t getFlowVerdict() { return(flow_verdict); } |
179 | 0 | inline u_int16_t getHTTPRetCode() { return(http_ret_code); } |
180 | 0 | inline u_int16_t getDNSQueryType() { return(dns_query_type); } |
181 | 0 | inline u_int16_t getDNSRetCode() { return(dns_ret_code); } |
182 | 0 | inline u_int16_t getDNSQueryId() { return(dns_query_id); } |
183 | 0 | inline u_int32_t getL7ErrorCode() { return(l7_error_code); } |
184 | 0 | inline custom_app_t getCustomApp() { return(custom_app ); } |
185 | 0 | inline ndpi_confidence_t getConfidence() { return(confidence); } |
186 | 0 | inline ndpi_risk getRisk() { return(ndpi_flow_risk_bitmap); } |
187 | 0 | inline char* getRiskName() { return(ndpi_flow_risk_name); } |
188 | 0 | inline bool isSwapped() { return(is_swapped); } |
189 | 0 | inline FlowSource getFlowSource() { return(flow_source); } |
190 | 0 | inline u_int8_t getQoESrc2Dst() { return(qoe.src_to_dst); } |
191 | 0 | inline u_int8_t getQoEDst2Src() { return(qoe.dst_to_src); } |
192 | 0 | inline void setQoESrc2Dst(u_int8_t t) { qoe.src_to_dst = t; } |
193 | 0 | inline void setQoEDst2Src(u_int8_t t) { qoe.dst_to_src = t; } |
194 | 0 | inline void setOSHint(ndpi_os t) { os_hint = t; } |
195 | 0 | inline ndpi_os getOSHint() { return(os_hint); } |
196 | | |
197 | | u_int32_t get_private_flow_id(); |
198 | | |
199 | | void print(); |
200 | | }; |
201 | | |
202 | | #endif /* _PARSED_FLOW_H_ */ |