diff --git a/include/Prefs.h b/include/Prefs.h index 6a1b41231e..a3a1022a9c 100644 --- a/include/Prefs.h +++ b/include/Prefs.h @@ -63,10 +63,13 @@ class Prefs { enable_mac_ndpi_stats, enable_activities_debug, enable_behaviour_analysis, enable_asn_behaviour_analysis, enable_network_behaviour_analysis, enable_iface_l7_behaviour_analysis, emit_flow_alerts, emit_host_alerts, - dump_flows_on_clickhouse, readonly_flows_dump, use_mac_in_flow_key, + dump_flows_on_clickhouse, readonly_flows_dump, do_reforge_timestamps, add_vlan_tags_to_cloud_exporters, collect_blacklist_stats, fail_on_invalid_license, limited_resources_mode, fingerprint_stats, tls_quic_hostnaming; +#ifndef HAVE_NEDGE + bool use_mac_in_flow_key; +#endif u_int32_t behaviour_analysis_learning_period; u_int32_t iec60870_learning_period, modbus_learning_period, s7comm_learning_period, devices_learning_period, @@ -878,7 +881,9 @@ class Prefs { ASNConfiguration* getSubCustomerASN() { return (sub_customer_asn); } ASNConfiguration* getRemoteASN() { return (remote_asn); } +#ifndef HAVE_NEDGE inline bool useMacAddressInFlowKey() { return (use_mac_in_flow_key); } +#endif inline bool useHostPoolsForLocal() const { return use_host_pools_for_local; } inline bool areFingerprintStatsEnabled() { return (fingerprint_stats); } inline bool doReforgeTimestamps() { return (do_reforge_timestamps); } diff --git a/scripts/lua/admin/prefs.lua b/scripts/lua/admin/prefs.lua index ba09a23942..d75a7ca136 100644 --- a/scripts/lua/admin/prefs.lua +++ b/scripts/lua/admin/prefs.lua @@ -948,11 +948,13 @@ if auth.has_capability(auth.capabilities.preferences) then subpage_active.entries["toggle_host_mask"].description, h_labels, h_values, "0", "primary", "toggle_host_mask", "ntopng.prefs.host_mask") + if not ntop.isnEdge() then prefsToggleButton(subpage_active, { field = "toggle_use_mac_in_flow_key", default = "0", pref = "use_mac_in_flow_key" }) + end prefsToggleButton(subpage_active, { field = "toggle_use_host_pools_for_local", diff --git a/scripts/lua/modules/prefs_menu.lua b/scripts/lua/modules/prefs_menu.lua index 6149307a92..a36ebe4f17 100644 --- a/scripts/lua/modules/prefs_menu.lua +++ b/scripts/lua/modules/prefs_menu.lua @@ -501,7 +501,8 @@ local menu_subpages = {{ }, toggle_use_mac_in_flow_key = { title = i18n("prefs.toggle_use_mac_in_flow_key_title"), - description = i18n("prefs.toggle_use_mac_in_flow_key_description") + description = i18n("prefs.toggle_use_mac_in_flow_key_description"), + hidden = (have_nedge) }, toggle_use_host_pools_for_local = { title = i18n("prefs.toggle_use_host_pools_for_local_title"), diff --git a/src/Flow.cpp b/src/Flow.cpp index 5199e94ec8..55183c9fa4 100644 --- a/src/Flow.cpp +++ b/src/Flow.cpp @@ -3075,7 +3075,14 @@ bool Flow::equal(const Mac* _src_pkt_mac, const Mac* _dst_pkt_mac, bool* src2srv_direction) const { const IpAddress *cli_ip = get_cli_ip_addr(), *srv_ip = get_srv_ip_addr(); const Mac *src_mac, *dst_mac; +#ifndef HAVE_NEDGE + /* + nEdge note: As with Netfilter we do not have MAC visibility (at least + on the first packet) they should not be used here to avoid invalid flow + search as with Netfilter we see only the sender MAC + */ bool useMacAddressInFlowKey = ntop->getPrefs()->useMacAddressInFlowKey(); +#endif #if 0 if(ntohs(_cli_port) == 17446) { @@ -3119,6 +3126,7 @@ bool Flow::equal(const Mac* _src_pkt_mac, const Mac* _dst_pkt_mac, } else return (false); +#ifndef HAVE_NEDGE #ifdef USE_MAC_IN_KEY_WITH_DHCP /* Check if MAC address needs to be used in flow key */ if ((cli_ip->key() == 0) && (srv_ip->key() == 0xFFFFFFFF)) { @@ -3126,16 +3134,6 @@ bool Flow::equal(const Mac* _src_pkt_mac, const Mac* _dst_pkt_mac, } #endif -#ifdef HAVE_NEDGE - /* - As with Netfilter we do not have MAC visibility - they should not be used here to avoid invalid - flow search as with Netfilter we see only the - sender MAC - */ - useMacAddressInFlowKey = false; -#endif - if (useMacAddressInFlowKey) { if (cli_host && src_mac) { Mac* cli_mac = cli_host->getMac(); @@ -3163,6 +3161,7 @@ bool Flow::equal(const Mac* _src_pkt_mac, const Mac* _dst_pkt_mac, if (srv_mac != dst_mac) return (false); } } +#endif return (true); } diff --git a/src/HostHash.cpp b/src/HostHash.cpp index a46056536b..336d89a545 100644 --- a/src/HostHash.cpp +++ b/src/HostHash.cpp @@ -38,8 +38,11 @@ Host* HostHash::get(u_int16_t vlanId, IpAddress* key, Mac* mac, bool is_inline_call, u_int16_t observation_point_id) { u_int32_t hash = key->key(); +#ifndef HAVE_NEDGE /* Check if MAC address needs to be used in host key */ - if (ntop->getPrefs()->useMacAddressInFlowKey() == false) mac = NULL; + if (ntop->getPrefs()->useMacAddressInFlowKey() == false) +#endif + mac = NULL; #ifdef USE_MAC_IN_KEY_WITH_DHCP if ((hash == 0 /* 0.0.0.0 */) && (mac != NULL)) hash += mac->key(); diff --git a/src/Prefs.cpp b/src/Prefs.cpp index 1d3b231ce4..9fbaad9924 100644 --- a/src/Prefs.cpp +++ b/src/Prefs.cpp @@ -92,7 +92,9 @@ Prefs::Prefs(Ntop* _ntop) { enable_mac_ndpi_stats = false; auto_assigned_pool_id = NO_HOST_POOL_ID; default_l7policy = PASS_ALL_SHAPER_ID; +#ifndef HAVE_NEDGE use_mac_in_flow_key = false; +#endif use_host_pools_for_local = false; fingerprint_stats = false; ciphers_list = NULL; @@ -989,8 +991,10 @@ void Prefs::reloadPrefsFromRedis() { enable_assets_log = getDefaultBoolPrefsValue(CONST_PREFS_ENABLE_ASSETS_LOG, false); enable_sql_log = getDefaultBoolPrefsValue(CONST_PREFS_ENABLE_SQL_LOG, false); +#ifndef HAVE_NEDGE use_mac_in_flow_key = getDefaultPrefsValue(CONST_PREFS_USE_MAC_IN_FLOW_KEY, false); +#endif use_host_pools_for_local = getDefaultBoolPrefsValue(CONST_PREFS_USE_HOST_POOLS_FOR_LOCAL, false); fingerprint_stats = @@ -3087,8 +3091,10 @@ void Prefs::lua(lua_State* vm) { lua_push_bool_table_entry(vm, "fingerprint_stats", areFingerprintStatsEnabled()); +#ifndef HAVE_NEDGE lua_push_uint64_table_entry(vm, "use_mac_in_flow_key", useMacAddressInFlowKey()); +#endif lua_push_uint64_table_entry(vm, "housekeeping_frequency", housekeeping_frequency); lua_push_uint64_table_entry(vm, "local_host_cache_duration",