/src/ntopng/include/OtherAlertableEntity.h
Line | Count | Source |
1 | | /* |
2 | | * |
3 | | * (C) 2019-25 - ntop.org |
4 | | * |
5 | | * |
6 | | * This program is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU General Public License as published by |
8 | | * the Free Software Foundation; either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * This program is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU General Public License |
17 | | * along with this program; if not, write to the Free Software Foundation, |
18 | | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
19 | | * |
20 | | */ |
21 | | |
22 | | #ifndef _OTHER_ALERTABLE_ENTITY_H_ |
23 | | #define _OTHER_ALERTABLE_ENTITY_H_ |
24 | | |
25 | | #include "ntop_includes.h" |
26 | | |
27 | | class NetworkInterface; |
28 | | |
29 | | class OtherAlertableEntity : public AlertableEntity { |
30 | | private: |
31 | | protected: |
32 | | /* |
33 | | Creating multiple maps guarantees that periodic scripts at different |
34 | | granularities do not interfere each other and thus that they can run |
35 | | concurrently without locking. |
36 | | |
37 | | However while alert_cache is accessed only by the alert engine and thus it |
38 | | is "thread-safe" as concurrent scripts (i.e. at different granularities) |
39 | | cannot call it, engaged_alerts needs to be protected as |
40 | | - it can be called by the Lua GUI |
41 | | - it can be called by the alert engine |
42 | | |
43 | | In order to save memory, the std::map key is a hash 32 bit and not the |
44 | | original string. Considered the number of entries this is a good |
45 | | tradeoff with no false positives considered the limited value |
46 | | cardinality. |
47 | | */ |
48 | | std::map<u_int32_t /* std::string */, std::string> alert_cache[MAX_NUM_PERIODIC_SCRIPTS]; |
49 | | std::map<u_int32_t /* std::string */, Alert> engaged_alerts[MAX_NUM_PERIODIC_SCRIPTS]; |
50 | | |
51 | | void getAlertsByPeriodicity(lua_State *vm, ScriptPeriodicity p, |
52 | | AlertType type_filter, AlertLevel severity_filter, |
53 | | AlertRole role_filter, u_int *idx); |
54 | | |
55 | | public: |
56 | | OtherAlertableEntity(NetworkInterface *alert_iface, AlertEntity entity); |
57 | | virtual ~OtherAlertableEntity(); |
58 | | |
59 | | /* |
60 | | getAlertCachedValue and setAlertCacheValue as thread safe as they are |
61 | | invoked only by periodic scripts and are not accessed by the GUI lua methods |
62 | | */ |
63 | 0 | inline std::string getAlertCachedValue(std::string key, ScriptPeriodicity p) { |
64 | 0 | std::map<u_int32_t /* std::string */, std::string>::iterator it = alert_cache[(u_int)p].find(ndpi_hash_string(key.c_str())); |
65 | |
|
66 | 0 | return ((it != alert_cache[(u_int)p].end()) ? it->second : std::string("")); |
67 | 0 | } |
68 | | |
69 | | inline void setAlertCacheValue(std::string key, std::string value, |
70 | 0 | ScriptPeriodicity p) { |
71 | 0 | alert_cache[(u_int)p][ndpi_hash_string(key.c_str())] = value; |
72 | 0 | } |
73 | | |
74 | | bool triggerAlert(lua_State *vm, std::string key, ScriptPeriodicity p, |
75 | | time_t now, u_int32_t score, AlertType alert_id, |
76 | | const char *subtype, const char *json, const char *ip, |
77 | | const char *name, u_int16_t port); |
78 | | bool releaseAlert(lua_State *vm, std::string key, ScriptPeriodicity p, |
79 | | time_t now); |
80 | | |
81 | | void luaAlert(lua_State *vm, const Alert *alert, ScriptPeriodicity p) const; |
82 | | void countAlerts(grouped_alerts_counters *counters); |
83 | | void getAlerts(lua_State *vm, ScriptPeriodicity p, AlertType type_filter, |
84 | | AlertLevel severity_filter, AlertRole role_filter, u_int *idx); |
85 | | }; |
86 | | |
87 | | #endif |