Zero window alert improvement

scripts/plugins/alerts/network/zero_tcp_window/status_definitions/status_zero_tcp_window.lua

@@ -9,11 +9,11 @@ local alert_consts = require "alert_consts"
 
 -- #######################################################
 
-local function zeroTcpWindow(ifid, alert, zero_tcp_window_checks)
-  if(zero_tcp_window_checks == nil) then
+local function formatZeroTcpWindow(ifid, alert, info)
+   if(info == nil) then
     return(i18n("zero_tcp_window.status_zero_tcp_window_description"))
   else
-    if(zero_tcp_window_checks.is_client) then
+    if(info.is_client) then
       return(i18n("zero_tcp_window.status_zero_tcp_window_description_c2s"))
     else
       return(i18n("zero_tcp_window.status_zero_tcp_window_description_s2c"))
@@ -23,27 +23,27 @@ end
 
 -- ##############################################
 
-local function createZeroTcpWindow(alert_severity, alert_granularity, is_server, is_client)
-  local zero_tcp_window_type = {
-     alert_granularity = alert_granularity,
-     alert_severity = alert_severity,
-     alert_type_params = {
-      is_server = is_server,
-      is_client = is_client
-     }
-  }
-
-  return zero_tcp_window_type
+-- Called by flow.triggerStatus() in zero_tcp_window.lua 
+local function createZeroTcpWindow(alert_severity, is_client, is_server)
+   local zero_tcp_window_type = {
+      alert_severity = alert_severity,
+      alert_type_params = {
+	 is_client = is_client,
+	 is_server = is_server,
+      }
+   }
+   
+   return zero_tcp_window_type
 end
 
 -- #######################################################
 
 return {
-  status_key = status_keys.ntopng.status_zero_tcp_window,
-  alert_severity = alert_consts.alert_severities.warning,
-  alert_type = alert_consts.alert_types.alert_connection_issues,
-  i18n_title = "zero_tcp_window.stats_zero_tcp_window_title",
-  i18n_description = zeroTcpWindow,
-  icon = "fas fa-arrow-circle-up",
-  creator = createZeroTcpWindow,
+   status_key = status_keys.ntopng.status_zero_tcp_window,
+   alert_severity = alert_consts.alert_severities.warning,
+   alert_type = alert_consts.alert_types.alert_connection_issues,
+   i18n_title = "zero_tcp_window.stats_zero_tcp_window_title",
+   i18n_description = formatZeroTcpWindow,
+   icon = "fas fa-arrow-circle-up",
+   creator = createZeroTcpWindow,
 }

scripts/plugins/alerts/network/zero_tcp_window/user_scripts/flow/zero_tcp_window.lua

@@ -31,49 +31,38 @@ script = {
 -- #################################################################
 
 local function check_tcp_window(now)
-  local is_client = false -- Does the client has TCP issues?
-  local is_server = false -- Does the server has TCP issues?
-  local high_score = 30
-  local low_score  = 5
-  local client_score
-  local server_score
-  
-  -- Client -> Server
-  if(flow.getTcpWndCli2SrvCheck() == false) then
-    if(flow.getTcpWndCli2Srv() == true) then
-      flow.setTcpWndCli2SrvCheck()
-      is_client = true
-      client_score = high_score
-      server_score = low_score
-    end
-  end
+   local zerowin = flow.isTcpZeroWinAlert()
 
-  -- Server -> Client
-  if(flow.getTcpWndSrv2CliCheck() == false) then
-    if(flow.getTcpWndSrv2Cli() == true) then
-      flow.setTcpWndSrv2CliCheck()
-      is_server = true
-      client_score = low_score
-      server_score = high_score
-    end
-  end
+   if(zerowin.client or zerowin.server) then
+      local high_score = 30
+      local low_score  = 5
+      local client_score
+      local server_score
 
-  -- Now it's time to generate the alert, it either the client or the server has issues
-   --is_client = true -- Uncomment to trigger an alert
+      -- Client -> Server
+      if(zerowin.client) then
+	 client_score = high_score
+	 server_score = low_score
+      end
 
-  if is_client or is_server then
+      -- Server -> Client
+      if(zerowin.server) then
+	 client_score = low_score
+	 server_score = high_score
+      end
 
-    flow.triggerStatus(
-      flow_consts.status_types.status_zero_tcp_window.create(
-	 flow_consts.status_types.status_zero_tcp_window.alert_severity,
-        is_client,
-        is_server
-     ),
-      high_score --[[ flow score]],
-     client_score --[[ cli score ]],
-     server_score --[[ srv score ]]
-    )
-  end
+      -- Now it's time to generate the alert      
+      flow.triggerStatus(
+	 flow_consts.status_types.status_zero_tcp_window.create(
+	    flow_consts.status_types.status_zero_tcp_window.alert_severity,
+	    zerowin.client,
+	    zerowin.server
+	 ),
+	 high_score   --[[ flow score]],
+	 client_score --[[ cli score ]],
+	 server_score --[[ srv score ]]
+      )
+   end
 end
 
 -- #################################################################