Coverage Report

Created: 2025-05-16 06:24

/src/ntopng/include/ParsedFlow.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
 *
3
 * (C) 2013-25 - ntop.org
4
 *
5
 *
6
 * This program is free software; you can redistribute it and/or modify
7
 * it under the terms of the GNU General Public License as published by
8
 * the Free Software Foundation; either version 3 of the License, or
9
 * (at your option) any later version.
10
 *
11
 * This program is distributed in the hope that it will be useful,
12
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14
 * GNU General Public License for more details.
15
 *
16
 * You should have received a copy of the GNU General Public License
17
 * along with this program; if not, write to the Free Software Foundation,
18
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19
 *
20
 */
21
22
#ifndef _PARSED_FLOW_H_
23
#define _PARSED_FLOW_H_
24
25
#include "ntop_includes.h"
26
27
class ParsedFlow : public ParsedFlowCore, public ParsedeBPF {
28
 private:
29
  bool has_parsed_ebpf, is_swapped;
30
  json_object *additional_fields_json;
31
  ndpi_serializer *additional_fields_tlv;
32
  char *l7_info;
33
  char *http_url, *http_site, *http_user_agent, *dhcp_client_name, *sip_call_id;
34
  ndpi_http_method http_method;
35
  char *dns_query;
36
  char *end_reason;
37
  char *tls_server_name, *bittorrent_hash;
38
  char *ja4c_hash;
39
  char *flow_risk_info;
40
  char *external_alert;
41
  char *l7_json;
42
  char *smtp_rcp_to, *smtp_mail_from;
43
  u_int32_t src_ip_addr_pre_nat, dst_ip_addr_pre_nat,
44
              src_ip_addr_post_nat, dst_ip_addr_post_nat;
45
  u_int8_t tls_unsafe_cipher, flow_verdict;
46
  ndpi_os os_hint;
47
  u_int16_t tls_cipher;
48
  u_int16_t http_ret_code;
49
  u_int16_t dns_query_type, dns_ret_code, dns_query_id;
50
  u_int32_t l7_error_code;
51
  u_int16_t src_port_pre_nat, dst_port_pre_nat,
52
            src_port_post_nat, dst_port_post_nat;
53
  custom_app_t custom_app;
54
  ndpi_confidence_t confidence;
55
  ndpi_risk ndpi_flow_risk_bitmap;
56
  char *ndpi_flow_risk_name;
57
  FlowSource flow_source;
58
  char *wlan_ssid;
59
  u_int8_t wtp_mac_address[6];
60
  struct {
61
    u_int8_t src_to_dst, dst_to_src;
62
  } qoe;
63
  
64
 public:
65
  ParsedFlow();
66
  
67
  ParsedFlow(const ParsedFlow &pf);
68
69
0
  inline void addAdditionalField(const char *key, json_object *field) {
70
0
    if (!additional_fields_json)
71
0
      additional_fields_json = json_object_new_object();
72
0
    if (additional_fields_json)
73
0
      json_object_object_add(additional_fields_json, key, field);
74
0
  }
75
  
76
0
  inline void addAdditionalField(ndpi_deserializer *deserializer) {
77
0
    if (!additional_fields_tlv) {
78
0
      additional_fields_tlv =
79
0
          (ndpi_serializer *)calloc(1, sizeof(ndpi_serializer));
80
0
      if (additional_fields_tlv)
81
0
        ndpi_init_serializer_ll(additional_fields_tlv,
82
0
                                ndpi_serialization_format_tlv, 64);
83
0
    }
84
    
85
0
    if (additional_fields_tlv)
86
0
      ndpi_deserialize_clone_item(deserializer, additional_fields_tlv);
87
0
  }
88
  
89
0
  inline json_object *getAdditionalFieldsJSON()    { return additional_fields_json; };
90
0
  inline ndpi_serializer *getAdditionalFieldsTLV() {
91
0
    ndpi_serializer *tlv = additional_fields_tlv;
92
0
    additional_fields_tlv = NULL;
93
0
    return tlv;
94
0
  };
95
0
  inline bool hasParsedeBPF() const    { return has_parsed_ebpf; };
96
0
  inline void setParsedeBPF()          { has_parsed_ebpf = true; };
97
0
  inline void setParsedProcessInfo()   { process_info_set = true; setParsedeBPF(); }  
98
0
  inline void setParsedContainerInfo() { container_info_set = true; setParsedeBPF(); }
99
100
  virtual ~ParsedFlow();
101
102
  void freeMemory();
103
  void swap();
104
  void fromLua(lua_State *L, int index);
105
106
0
  inline void setL7Info(const char *str)  { if(l7_info != NULL) free(l7_info); if(str) { l7_info = strdup(str); } else l7_info = NULL; }
107
0
  inline void setHTTPurl(const char *str) { if(http_url != NULL) free(http_url);  if(str) { http_url = strdup(str); } else http_url = NULL; }
108
0
  inline void setHTTPsite(const char *str) { if(http_site != NULL) free(http_site);  if(str) { http_site = strdup(str);} else http_site = NULL; }
109
0
  inline void setHTTPuserAgent(const char *str) { if(http_user_agent != NULL) free(http_user_agent);  if(str) { http_user_agent = strdup(str);} else http_user_agent = NULL; }
110
0
  inline void setHTTPMethod(ndpi_http_method m) { http_method = m; }
111
0
  inline void setDNSQuery(const char *str) { if(dns_query != NULL) free(dns_query);  if(str) { dns_query = strdup(str);} else dns_query = NULL; }
112
0
  inline void setTLSserverName(const char *str) { if(tls_server_name != NULL) free(tls_server_name);  if(str) { tls_server_name = strdup(str);} else tls_server_name = NULL; }
113
0
  inline void setBittorrentHash(const char *str) { if(bittorrent_hash != NULL) free(bittorrent_hash);  if(str) { bittorrent_hash = strdup(str);} else bittorrent_hash = NULL; }
114
0
  inline void setJA4cHash(const char *str) { if(ja4c_hash != NULL) free(ja4c_hash);  if(str) { ja4c_hash = strdup(str); } else ja4c_hash = NULL; }
115
0
  inline void setRiskInfo(const char *str) { if(flow_risk_info != NULL) free(flow_risk_info);  if(str) { flow_risk_info = strdup(str); } else flow_risk_info = NULL; }
116
0
  inline void setExternalAlert(const char *str) { if(external_alert != NULL) free(external_alert);  if(str) { external_alert = strdup(str);} else external_alert = NULL; }
117
0
  inline void setL7JSON(const char *str) { if(l7_json != NULL) free(l7_json);  if(str) { l7_json = strdup(str);} else l7_json = NULL; }
118
0
  inline void setTLSUnsafeCipher(u_int8_t v) { tls_unsafe_cipher = v; }
119
0
  inline void setTLSCipher(u_int16_t v) { tls_cipher = v; }
120
0
  inline void setFlowVerdict(u_int8_t v) { flow_verdict = v; }
121
0
  inline void setHTTPRetCode(u_int16_t v) { http_ret_code = v; }
122
0
  inline void setDNSQueryType(u_int16_t v) { dns_query_type = v; }
123
0
  inline void setDNSRetCode(u_int16_t v) { dns_ret_code = v; }
124
0
  inline void setDNSQueryId(u_int16_t v) { dns_query_id = v; }
125
0
  inline void setL7ErrorCode(u_int32_t v) { l7_error_code = v; }
126
0
  inline void setCustomApp(custom_app_t c) { custom_app = c; }
127
0
  inline void setConfidence(ndpi_confidence_t c) { confidence = c; }
128
0
  inline void setRisk(ndpi_risk r) { ndpi_flow_risk_bitmap = r; }
129
0
  inline void setFlowSource(FlowSource n) { flow_source = n; }
130
0
  inline void setEndReason(const char *str) { if(end_reason != NULL) free(end_reason);  if(str) { end_reason = strdup(str);} else end_reason = NULL; }
131
0
  inline void setSMTPRcptTo(const char *str) { if(smtp_rcp_to != NULL) free(smtp_rcp_to);  if(str) { smtp_rcp_to = strdup(str);} else smtp_rcp_to = NULL; }
132
0
  inline void setSMTPMailFrom(const char *str) { if(smtp_mail_from != NULL) free(smtp_mail_from);  if(str) { smtp_mail_from = strdup(str);} else smtp_mail_from = NULL; }
133
0
  inline void setRiskName(const char *str) { if(ndpi_flow_risk_name != NULL) free(ndpi_flow_risk_name); if (str) { ndpi_flow_risk_name = strdup(str);} else ndpi_flow_risk_name = NULL; }
134
0
  inline void setDHCPClientName(const char *str) { if(dhcp_client_name != NULL) free(dhcp_client_name);  if(str) { dhcp_client_name = strdup(str);} else dhcp_client_name = NULL; }
135
0
  inline void setSIPCallId(const char *str) { if(sip_call_id != NULL) free(sip_call_id);  if(str) { sip_call_id = strdup(str);} else sip_call_id = NULL; }
136
0
  inline void setPreNATSrcIp(u_int32_t v) { src_ip_addr_pre_nat = v; };
137
0
  inline void setPreNATDstIp(u_int32_t v) { dst_ip_addr_pre_nat = v; };
138
0
  inline void setPostNATSrcIp(u_int32_t v) { src_ip_addr_post_nat = v; };
139
0
  inline void setPostNATDstIp(u_int32_t v) { dst_ip_addr_post_nat = v; };
140
0
  inline void setPreNATSrcPort(u_int16_t v) { src_port_pre_nat = v; };
141
0
  inline void setPreNATDstPort(u_int16_t v) { dst_port_pre_nat = v; };
142
0
  inline void setPostNATSrcPort(u_int16_t v) { src_port_post_nat = v; };
143
0
  inline void setPostNATDstPort(u_int16_t v) { dst_port_post_nat = v; };
144
0
  inline void setWLANSSID(const char *str) { if(wlan_ssid != NULL) free(wlan_ssid);  if(str) { wlan_ssid = strdup(str);} else wlan_ssid = NULL; }
145
0
  inline void setWTPMACAddress(const char *str) { Utils::parseMac(wtp_mac_address, str); }
146
147
  /* ****** */
148
0
  inline char* getL7Info(bool setToNULL = false)  { char *r = l7_info; if(setToNULL) l7_info = NULL; return(r); }
149
0
  inline char* getHTTPurl(bool setToNULL = false) { char *r = http_url; if(setToNULL) http_url = NULL; return(r); }
150
0
  inline char* getHTTPsite(bool setToNULL = false) { char *r = http_site; if(setToNULL) http_site = NULL; return(r); }
151
0
  inline char* getHTTPuserAgent(bool setToNULL = false) { char *r = http_user_agent; if(setToNULL) http_user_agent = NULL; return(r); }
152
0
  inline ndpi_http_method getHTTPMethod() { return(http_method); }
153
0
  inline char* getDNSQuery(bool setToNULL = false) { char *r = dns_query; if(setToNULL) dns_query = NULL; return(r); }
154
0
  inline char* getTLSserverName(bool setToNULL = false) { char *r = tls_server_name; if(setToNULL) tls_server_name = NULL; return(r); }
155
0
  inline char* getBittorrentHash(bool setToNULL = false) { char *r = bittorrent_hash; if(setToNULL) bittorrent_hash = NULL; return(r); }
156
0
  inline char* getJA4cHash(bool setToNULL = false) { char *r = ja4c_hash; if(setToNULL) ja4c_hash = NULL; return(r); }
157
0
  inline char* getRiskInfo(bool setToNULL = false) { char *r = flow_risk_info; if(setToNULL) flow_risk_info  = NULL; return(r); }
158
0
  inline char* getExternalAlert(bool setToNULL = false) { char *r = external_alert; if(setToNULL) external_alert = NULL; return(r); }
159
0
  inline char* getL7JSON(bool setToNULL = false) { char *r = l7_json; if(setToNULL) l7_json = NULL; return(r); }
160
0
  inline char* getEndReason(bool setToNull = false) { char *r = end_reason; if(setToNull) end_reason = NULL; return(r); }
161
0
  inline char* getSMTPRcptTo(bool setToNull = false) { char *r = smtp_rcp_to; if(setToNull) smtp_rcp_to = NULL; return(r); }
162
0
  inline char* getSMTPMailFrom(bool setToNull = false) { char *r = smtp_mail_from; if(setToNull) smtp_mail_from = NULL; return(r); }
163
0
  inline char* getDHCPClientName(bool setToNull = false) { char *r = dhcp_client_name; if(setToNull) dhcp_client_name = NULL; return(r); }
164
0
  inline char* getSIPCallId(bool setToNull = false) { char *r = sip_call_id; if(setToNull) sip_call_id = NULL; return(r); }
165
0
  inline char* getWLANSSID(bool setToNull = false) { char *r = wlan_ssid; if(setToNull) wlan_ssid = NULL; return(r); }
166
0
  inline u_int8_t *getWTPMACAddress() { return wtp_mac_address; }
167
168
0
  inline u_int32_t getPreNATSrcIp() { return src_ip_addr_pre_nat; };
169
0
  inline u_int32_t getPreNATDstIp() { return dst_ip_addr_pre_nat; };
170
0
  inline u_int32_t getPostNATSrcIp() { return src_ip_addr_post_nat; };
171
0
  inline u_int32_t getPostNATDstIp() { return dst_ip_addr_post_nat; };
172
0
  inline u_int16_t getPreNATSrcPort() { return src_port_pre_nat; };
173
0
  inline u_int16_t getPreNATDstPort() { return dst_port_pre_nat; };
174
0
  inline u_int16_t getPostNATSrcPort() { return src_port_post_nat; };
175
0
  inline u_int16_t getPostNATDstPort() { return dst_port_post_nat; };
176
0
  inline u_int8_t getTLSUnsafeCipher() { return(tls_unsafe_cipher); }
177
0
  inline u_int16_t getTLSCipher() { return(tls_cipher); }
178
0
  inline u_int8_t getFlowVerdict() { return(flow_verdict); }
179
0
  inline u_int16_t getHTTPRetCode() { return(http_ret_code); }
180
0
  inline u_int16_t getDNSQueryType() { return(dns_query_type); }
181
0
  inline u_int16_t getDNSRetCode() { return(dns_ret_code); }
182
0
  inline u_int16_t getDNSQueryId() { return(dns_query_id); }
183
0
  inline u_int32_t getL7ErrorCode() { return(l7_error_code); }
184
0
  inline custom_app_t getCustomApp() { return(custom_app ); }
185
0
  inline ndpi_confidence_t getConfidence() { return(confidence); }
186
0
  inline ndpi_risk getRisk() { return(ndpi_flow_risk_bitmap); }
187
0
  inline char* getRiskName() { return(ndpi_flow_risk_name); }
188
0
  inline bool isSwapped() { return(is_swapped); }
189
0
  inline FlowSource getFlowSource() { return(flow_source); }
190
0
  inline u_int8_t getQoESrc2Dst()   { return(qoe.src_to_dst); }
191
0
  inline u_int8_t getQoEDst2Src()   { return(qoe.dst_to_src); }
192
0
  inline void setQoESrc2Dst(u_int8_t t)   { qoe.src_to_dst = t; }
193
0
  inline void setQoEDst2Src(u_int8_t t)   { qoe.dst_to_src = t; }
194
0
  inline void setOSHint(ndpi_os t) { os_hint = t;        }
195
0
  inline ndpi_os getOSHint()       { return(os_hint);    }
196
197
  u_int32_t get_private_flow_id();
198
199
  void print();
200
};
201
202
#endif /* _PARSED_FLOW_H_ */