mirror of
https://github.com/ntop/ntopng.git
synced 2026-05-06 03:45:26 +00:00
Adds alerted flow flag
This commit is contained in:
Simone Mainardi
parent
da1dbe4ab0
commit
0bbda384c9
3 changed files with 16 additions and 10 deletions
|
|
@ -67,7 +67,8 @@ class Flow : public GenericHashEntry {
|
|||
cli2srv_direction, twh_over, twh_ok, dissect_next_http_packet, passVerdict,
|
||||
check_tor, l7_protocol_guessed, flow_dropped_counts_increased,
|
||||
good_low_flow_detected, good_ssl_hs, update_flow_port_stats,
|
||||
quota_exceeded, has_malicious_cli_signature, has_malicious_srv_signature;
|
||||
quota_exceeded, has_malicious_cli_signature, has_malicious_srv_signature,
|
||||
is_alerted;
|
||||
u_int16_t diff_num_http_requests;
|
||||
int64_t alert_rowid;
|
||||
#ifdef NTOPNG_PRO
|
||||
|
|
@ -488,7 +489,8 @@ class Flow : public GenericHashEntry {
|
|||
inline bool isTCPReset() const { return (!isTCPClosed()
|
||||
&& ((src2dst_tcp_flags & TH_RST) || (dst2src_tcp_flags & TH_RST))); }
|
||||
bool isFlowAlerted() const;
|
||||
void setFlowAlerted(int64_t rowid);
|
||||
void setFlowAlerted();
|
||||
void setFlowAlertId(int64_t rowid);
|
||||
inline void setVRFid(u_int32_t v) { vrfId = v; }
|
||||
|
||||
inline void setFlowNwLatency(const struct timeval * const tv, bool client) {
|
||||
|
|
|
|||
|
|
@ -564,7 +564,7 @@ int AlertsManager::storeFlowAlert(Flow *f) {
|
|||
m.unlock(__FILE__, __LINE__);
|
||||
|
||||
if((rc == 0) && (cur_rowid != (u_int64_t)-1)) {
|
||||
f->setFlowAlerted(cur_rowid);
|
||||
f->setFlowAlertId(cur_rowid);
|
||||
notifyFlowAlert(cur_rowid);
|
||||
}
|
||||
|
||||
|
|
@ -773,7 +773,7 @@ int AlertsManager::storeFlowAlert(Flow *f, AlertType alert_type, AlertLevel aler
|
|||
m.unlock(__FILE__, __LINE__);
|
||||
|
||||
if((rc == 0) && (cur_rowid != (u_int64_t)-1)) {
|
||||
f->setFlowAlerted(cur_rowid);
|
||||
f->setFlowAlertId(cur_rowid);
|
||||
notifyFlowAlert(cur_rowid);
|
||||
}
|
||||
|
||||
|
|
|
|||
16
src/Flow.cpp
16
src/Flow.cpp
|
|
@ -139,6 +139,7 @@ Flow::Flow(NetworkInterface *_iface,
|
|||
|
||||
passVerdict = true, quota_exceeded = false;
|
||||
has_malicious_cli_signature = has_malicious_srv_signature = false;
|
||||
is_alerted = false;
|
||||
if(_first_seen > _last_seen) _first_seen = _last_seen;
|
||||
first_seen = _first_seen, last_seen = _last_seen;
|
||||
bytes_thpt_trend = trend_unknown, pkts_thpt_trend = trend_unknown;
|
||||
|
|
@ -358,6 +359,8 @@ void Flow::dumpFlowAlert() {
|
|||
if(do_dump) {
|
||||
iface->getAlertsManager()->storeFlowAlert(this);
|
||||
|
||||
setFlowAlerted();
|
||||
iface->incNumAlertedFlows();
|
||||
if(cli_host) cli_host->incNumAlertedFlows();
|
||||
if(srv_host) srv_host->incNumAlertedFlows();
|
||||
}
|
||||
|
|
@ -2482,18 +2485,19 @@ json_object* Flow::flow2json() {
|
|||
/* *************************************** */
|
||||
|
||||
bool Flow::isFlowAlerted() const {
|
||||
return alert_rowid >= 0;
|
||||
return is_alerted;
|
||||
}
|
||||
|
||||
/* *************************************** */
|
||||
|
||||
void Flow::setFlowAlerted(int64_t rowid) {
|
||||
if(rowid < 0)
|
||||
return;
|
||||
|
||||
void Flow::setFlowAlerted() {
|
||||
if(!isFlowAlerted())
|
||||
iface->incNumAlertedFlows();
|
||||
is_alerted = true;
|
||||
}
|
||||
|
||||
/* *************************************** */
|
||||
|
||||
void Flow::setFlowAlertId(int64_t rowid) {
|
||||
alert_rowid = rowid;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue