diff --git a/include/Flow.h b/include/Flow.h index 65581e946d..4d5f3f8738 100644 --- a/include/Flow.h +++ b/include/Flow.h @@ -246,6 +246,7 @@ class Flow : public GenericHashEntry { void update_pools_stats(const struct timeval *tv, u_int64_t diff_sent_packets, u_int64_t diff_sent_bytes, u_int64_t diff_rcvd_packets, u_int64_t diff_rcvd_bytes); + void periodic_dump_check(bool dump_alert, const struct timeval *tv); bool triggerAlerts() const; void dumpFlowAlert(); void updateCliJA3(); @@ -442,15 +443,14 @@ class Flow : public GenericHashEntry { void set_hash_entry_state_idle(); bool is_hash_entry_state_idle_transition_ready() const; void periodic_hash_entry_state_update(void *user_data, bool quick); - virtual void set_to_purge(time_t t); + void periodic_stats_update(void *user_data, bool quick); + void set_to_purge(time_t t); bool is_acknowledged_to_purge() const; void set_acknowledge_to_purge(); void set_hash_entry_id(u_int assigned_hash_entry_id); u_int get_hash_entry_id() const; char* print(char *buf, u_int buf_len) const; - void update_hosts_stats(periodic_stats_update_user_data_t *periodic_stats_update_user_data); - void periodic_dump_check(bool dump_alert, const struct timeval *tv); u_int32_t key(); static u_int32_t key(Host *cli, u_int16_t cli_port, diff --git a/include/GenericHashEntry.h b/include/GenericHashEntry.h index a667d96c99..34464a8024 100644 --- a/include/GenericHashEntry.h +++ b/include/GenericHashEntry.h @@ -224,6 +224,14 @@ class GenericHashEntry { * */ virtual void periodic_hash_entry_state_update(void *user_data, bool quick); + /** + * @brief Function in charge of updating periodic entry stats (e.g., its throughput or L7 traffic) + * + * @param user_date A pointer to user submitted data potentially necessary for the update + * @param quick Only perform minimal operations + * + */ + virtual void periodic_stats_update(void *user_data, bool quick); HashEntryState get_state() const; void updateSeen(); void updateSeen(time_t _last_seen); diff --git a/include/Host.h b/include/Host.h index 2ce747ed77..ec23b89569 100644 --- a/include/Host.h +++ b/include/Host.h @@ -222,6 +222,7 @@ class Host : public GenericHashEntry, public AlertableEntity { bool is_hash_entry_state_idle_transition_ready() const; void periodic_hash_entry_state_update(void *user_data, bool quick); + void periodic_stats_update(void *user_data, bool quick); virtual void incICMP(u_int8_t icmp_type, u_int8_t icmp_code, bool sent, Host *peer) {}; virtual void lua(lua_State* vm, AddressTree * ptree, bool host_details, diff --git a/src/Flow.cpp b/src/Flow.cpp index 543f9b71e2..e60ef34378 100644 --- a/src/Flow.cpp +++ b/src/Flow.cpp @@ -1039,7 +1039,8 @@ void Flow::incFlowDroppedCounters() { /* *************************************** */ -void Flow::update_hosts_stats(periodic_stats_update_user_data_t *periodic_stats_update_user_data) { +void Flow::periodic_stats_update(void *user_data, bool quick) { + periodic_stats_update_user_data_t *periodic_stats_update_user_data = (periodic_stats_update_user_data_t*) user_data; struct timeval *tv = periodic_stats_update_user_data->tv; u_int64_t sent_packets, sent_bytes, sent_goodput_bytes, rcvd_packets, rcvd_bytes, rcvd_goodput_bytes; u_int64_t diff_sent_packets, diff_sent_bytes, diff_sent_goodput_bytes, @@ -1052,6 +1053,8 @@ void Flow::update_hosts_stats(periodic_stats_update_user_data_t *periodic_stats_ Vlan *vl; NetworkStats *cli_network_stats; + periodic_dump_check(!quick, tv); + if(update_flow_port_stats) { bool dump_flow = false; @@ -1434,6 +1437,8 @@ void Flow::update_hosts_stats(periodic_stats_update_user_data_t *periodic_stats_ if(updated) memcpy(&last_update_time, tv, sizeof(struct timeval)); + + GenericHashEntry::periodic_stats_update(user_data, quick); } /* *************************************** */ diff --git a/src/GenericHashEntry.cpp b/src/GenericHashEntry.cpp index 3138c59ba3..0d7ae10b18 100644 --- a/src/GenericHashEntry.cpp +++ b/src/GenericHashEntry.cpp @@ -107,6 +107,11 @@ void GenericHashEntry::periodic_hash_entry_state_update(void *user_data, bool qu /* ***************************************** */ +void GenericHashEntry::periodic_stats_update(void *user_data, bool quick) { +} + +/* ***************************************** */ + bool GenericHashEntry::idle() const { return(get_state() > hash_entry_state_active); }; diff --git a/src/Host.cpp b/src/Host.cpp index ce973f7871..97622e0dfe 100644 --- a/src/Host.cpp +++ b/src/Host.cpp @@ -842,6 +842,42 @@ void Host::periodic_hash_entry_state_update(void *user_data, bool quick) { /* *************************************** */ +void Host::periodic_stats_update(void *user_data, bool quick) { + periodic_stats_update_user_data_t *periodic_stats_update_user_data = (periodic_stats_update_user_data_t*) user_data; + struct timeval *tv = periodic_stats_update_user_data->tv; + Mac *cur_mac = getMac(); + + checkReloadPrefs(); + checkDataReset(); + checkStatsReset(); + checkBroadcastDomain(); + + /* OS detection */ + if((os == os_unknown) && cur_mac && cur_mac->getFingerprint()) + os = Utils::getOSFromFingerprint(cur_mac->getFingerprint(), cur_mac->get_manufacturer(), cur_mac->getDeviceType()); + + num_active_flows_as_client.computeAnomalyIndex(tv->tv_sec), + num_active_flows_as_server.computeAnomalyIndex(tv->tv_sec), + low_goodput_client_flows.computeAnomalyIndex(tv->tv_sec), + low_goodput_server_flows.computeAnomalyIndex(tv->tv_sec); + + stats->updateStats(tv); + +#ifdef MONITOREDGAUGE_DEBUG + char buf[64], buf2[128]; + + if(num_active_flows_as_client.is_anomalous(tv->tv_sec)) + ntop->getTrace()->traceEvent(TRACE_NORMAL, "[num_active_flows_as_client] %s %s", ip.print(buf, sizeof(buf)), num_active_flows_as_client.print(buf2, sizeof(buf2))); + + if(num_active_flows_as_server.is_anomalous(tv->tv_sec)) + ntop->getTrace()->traceEvent(TRACE_NORMAL, "[num_active_flows_as_server] %s %s", ip.print(buf, sizeof(buf)), num_active_flows_as_server.print(buf2, sizeof(buf2))); +#endif + + GenericHashEntry::periodic_stats_update(user_data, quick); +} + +/* *************************************** */ + void Host::incStats(u_int32_t when, u_int8_t l4_proto, u_int ndpi_proto, ndpi_protocol_category_t ndpi_category, custom_app_t custom_app, @@ -1321,38 +1357,6 @@ bool Host::statsResetRequested() { /* *************************************** */ -void Host::updateStats(periodic_stats_update_user_data_t *periodic_stats_update_user_data) { - struct timeval *tv = periodic_stats_update_user_data->tv; - Mac *cur_mac = getMac(); - - checkDataReset(); - checkStatsReset(); - checkBroadcastDomain(); - - /* OS detection */ - if((os == os_unknown) && cur_mac && cur_mac->getFingerprint()) - os = Utils::getOSFromFingerprint(cur_mac->getFingerprint(), cur_mac->get_manufacturer(), cur_mac->getDeviceType()); - - num_active_flows_as_client.computeAnomalyIndex(tv->tv_sec), - num_active_flows_as_server.computeAnomalyIndex(tv->tv_sec), - low_goodput_client_flows.computeAnomalyIndex(tv->tv_sec), - low_goodput_server_flows.computeAnomalyIndex(tv->tv_sec); - - stats->updateStats(tv); - -#ifdef MONITOREDGAUGE_DEBUG - char buf[64], buf2[128]; - - if(num_active_flows_as_client.is_anomalous(tv->tv_sec)) - ntop->getTrace()->traceEvent(TRACE_NORMAL, "[num_active_flows_as_client] %s %s", ip.print(buf, sizeof(buf)), num_active_flows_as_client.print(buf2, sizeof(buf2))); - - if(num_active_flows_as_server.is_anomalous(tv->tv_sec)) - ntop->getTrace()->traceEvent(TRACE_NORMAL, "[num_active_flows_as_server] %s %s", ip.print(buf, sizeof(buf)), num_active_flows_as_server.print(buf2, sizeof(buf2))); -#endif -} - -/* *************************************** */ - void Host::checkStatsReset() { if(stats_shadow) { delete stats_shadow; diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp index 7113713956..3ae96fdc9e 100644 --- a/src/NetworkInterface.cpp +++ b/src/NetworkInterface.cpp @@ -2656,30 +2656,12 @@ static bool perform_quick_update(const struct timeval *tv, GenericHashEntry *ghe /* **************************************************** */ -static bool flow_update_hosts_stats(GenericHashEntry *node, - void *user_data, bool *matched) { - Flow *flow = (Flow*)node; +static bool host_flow_update_stats(GenericHashEntry *node, void *user_data, bool *matched) { periodic_stats_update_user_data_t *periodic_stats_update_user_data = (periodic_stats_update_user_data_t*)user_data; struct timeval *tv = periodic_stats_update_user_data->tv; bool quick_update = perform_quick_update(tv, node); - flow->periodic_dump_check(!quick_update, tv); - flow->update_hosts_stats(periodic_stats_update_user_data); - - *matched = true; - - return(false); /* false = keep on walking */ -} - -/* **************************************************** */ - -/* NOTE: host is not a GenericTrafficElement */ -static bool update_hosts_stats(GenericHashEntry *node, void *user_data, bool *matched) { - Host *host = (Host*)node; - periodic_stats_update_user_data_t *periodic_stats_update_user_data = (periodic_stats_update_user_data_t*)user_data; - - host->checkReloadPrefs(); - host->updateStats(periodic_stats_update_user_data); + node->periodic_stats_update(periodic_stats_update_user_data, quick_update); *matched = true; @@ -2762,11 +2744,11 @@ void NetworkInterface::periodicStatsUpdate() { /* View Interfaces don't have flows, they just walk flows of their 'viewed' peers */ if((!isView()) && flows_hash) - walker(&begin_slot, true, walker_flows, flow_update_hosts_stats, &periodic_stats_update_user_data); + walker(&begin_slot, true, walker_flows, host_flow_update_stats, &periodic_stats_update_user_data); if(hosts_hash) { begin_slot = 0; - walker(&begin_slot, true, walker_hosts, update_hosts_stats, &periodic_stats_update_user_data); + walker(&begin_slot, true, walker_hosts, host_flow_update_stats, &periodic_stats_update_user_data); } if(ases_hash) {