diff --git a/include/Host.h b/include/Host.h
index 01ee979eca..428bfc3389 100644
--- a/include/Host.h
+++ b/include/Host.h
@@ -30,7 +30,7 @@ class Host : public GenericHashEntry, public HostAlertableEntity, public Score,
protected:
IpAddress ip;
Mac *mac;
- char *asname;
+ char *asname, *blacklist_name;
struct {
Fingerprint ja3;
@@ -590,6 +590,7 @@ class Host : public GenericHashEntry, public HostAlertableEntity, public Score,
}
inline HostStats* getStats() { return(stats); }
+ void setBlacklistName(char*);
};
#endif /* _HOST_H_ */
diff --git a/scripts/lua/host_details.lua b/scripts/lua/host_details.lua
index 4e804aa091..2e24290ce0 100644
--- a/scripts/lua/host_details.lua
+++ b/scripts/lua/host_details.lua
@@ -653,7 +653,14 @@ else
if(host["dhcp_server"] == true) then print(' '..i18n("details.label_dhcp_server")..'') end
if(host["systemhost"] == true) then print(' ') end
- if(host["is_blacklisted"] == true) then print(' '..i18n("details.label_blacklisted_host")..'') end
+ if(host["is_blacklisted"] == true) then
+ print(' '..i18n("details.label_blacklisted_host"))
+
+ if(host.blacklist_name ~= nil) then print(' ('.. host.blacklist_name ..')') end
+
+ print('')
+ end
+
if((host["privatehost"] == false) and (host["is_multicast"] == false) and (host["is_broadcast"] == false)) then
print(' VirusTotal ')
print(' GreyNoise ')
diff --git a/src/Flow.cpp b/src/Flow.cpp
index e0fafa9c57..9ce4f31dd0 100644
--- a/src/Flow.cpp
+++ b/src/Flow.cpp
@@ -139,7 +139,9 @@ Flow::Flow(NetworkInterface *_iface,
lh->setRouterMac(_srv_mac);
}
}
- } else { /* Client host has not been allocated, let's keep the info in an IpAddress */
+ } else {
+ /* Client host has not been allocated, let's keep the info in an IpAddress */
+
if((cli_ip_addr = new (std::nothrow) IpAddress(*_cli_ip)))
cli_ip_addr->reloadBlacklist(iface->get_ndpi_struct());
}
@@ -158,7 +160,9 @@ Flow::Flow(NetworkInterface *_iface,
cli_host->get_country(country, sizeof(country));
if(country[0] != '\0') srv_host->incCountriesContacts(country);
}
- } else { /* Server host has not been allocated, let's keep the info in an IpAddress */
+ } else {
+ /* Server host has not been allocated, let's keep the info in an IpAddress */
+
if((srv_ip_addr = new (std::nothrow) IpAddress(*_srv_ip)))
srv_ip_addr->reloadBlacklist(iface->get_ndpi_struct());
}
@@ -169,7 +173,9 @@ Flow::Flow(NetworkInterface *_iface,
&& get_cli_ip_addr()->isIPv4()
&& get_srv_ip_addr()->isIPv4() /* IPv4 only */
&& !get_srv_ip_addr()->isBroadcastAddress() /* Avoid 255.255.255.255 */)
- getInterface()->updateBroadcastDomains(_vlanId, _cli_mac->get_mac(), _srv_mac->get_mac(), ntohl(_cli_ip->get_ipv4()), ntohl(_srv_ip->get_ipv4()));
+ getInterface()->updateBroadcastDomains(_vlanId, _cli_mac->get_mac(),
+ _srv_mac->get_mac(), ntohl(_cli_ip->get_ipv4()),
+ ntohl(_srv_ip->get_ipv4()));
memset(&custom_app, 0, sizeof(custom_app));
@@ -180,7 +186,8 @@ Flow::Flow(NetworkInterface *_iface,
if(hp) {
if(cli_host) routing_table_id = hp->getRoutingPolicy(cli_host->get_host_pool());
- if(srv_host) routing_table_id = max_val(routing_table_id, hp->getRoutingPolicy(srv_host->get_host_pool()));
+ if(srv_host) routing_table_id = max_val(routing_table_id,
+ hp->getRoutingPolicy(srv_host->get_host_pool()));
}
#endif
@@ -267,8 +274,10 @@ Flow::Flow(NetworkInterface *_iface,
if(isBlacklistedClient()) {
if(srv_host) srv_host->inc_num_blacklisted_flows(false);
+ cli_host->setBlacklistName((char*)get_custom_category_file());
} else if(isBlacklistedServer()) {
if(cli_host) cli_host->inc_num_blacklisted_flows(true);
+ srv_host->setBlacklistName((char*)get_custom_category_file());
}
iface->execFlowBeginChecks(this);
@@ -865,9 +874,18 @@ void Flow::processPacket(const struct pcap_pkthdr *h,
payload, payload_len,
(struct timeval *)&h->ts);
- if(detection_completed && (!needsExtraDissection())) {
- setExtraDissectionCompleted();
- updateProtocol(proto_id);
+ if(detection_completed) {
+ if(!needsExtraDissection()) {
+ setExtraDissectionCompleted();
+ updateProtocol(proto_id);
+ }
+
+ if(get_custom_category_file()) {
+ if(isBlacklistedClient())
+ cli_host->setBlacklistName((char*)get_custom_category_file());
+ else if(isBlacklistedServer())
+ srv_host->setBlacklistName((char*)get_custom_category_file());
+ }
}
}
diff --git a/src/Host.cpp b/src/Host.cpp
index 65ad739c48..852fcb1559 100644
--- a/src/Host.cpp
+++ b/src/Host.cpp
@@ -91,6 +91,8 @@ Host::~Host() {
if(listening_ports) delete listening_ports;
if(listening_ports_shadow) delete listening_ports_shadow;
#endif
+
+ if(blacklist_name) free(blacklist_name);
/*
Pool counters are updated both in and outside the datapath.
@@ -291,6 +293,7 @@ void Host::initialize(Mac *_mac, VLANid _vlanId, u_int16_t observation_point_id)
is_in_broadcast_domain = iface->isLocalBroadcastDomainHost(this, true /* Inline call */);
memset(&num_blacklisted_flows, 0, sizeof(num_blacklisted_flows));
+ blacklist_name = NULL;
}
/* *************************************** */
@@ -816,6 +819,9 @@ void Host::lua(lua_State* vm, AddressTree *ptree,
if(device_ip != 0)
lua_push_str_table_entry(vm, "device_ip", Utils::intoaV4(device_ip, buf, sizeof(buf)));
+ if(blacklist_name != NULL)
+ lua_push_str_table_entry(vm, "blacklist_name", blacklist_name);
+
if(more_then_one_device)
lua_push_bool_table_entry(vm, "more_then_one_device", more_then_one_device);
@@ -2380,3 +2386,9 @@ void Host::setPopServer(char *name) {
}
}
+/* *************************************** */
+
+void Host::setBlacklistName(char *name) {
+ if((blacklist_name == NULL) && (name != NULL))
+ blacklist_name = strdup(name);
+}