vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-06 03:45:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Move and rename counters used by alerts

Browse source
This commit is contained in:
Alfredo Cardigliano 2021-04-09 17:17:48 +02:00
parent ecde0b237e
commit 921b67ee5e
2 changed files with 46 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

34
include/Host.h
View file

@ -56,10 +56,18 @@ class Host : public GenericHashEntry, public HostAlertableEntity, public Score,
bool prefs_loaded;
/* END Host data: */
AlertCounter *syn_flood_attacker_alert, *syn_flood_victim_alert;
AlertCounter *flow_flood_attacker_alert, *flow_flood_victim_alert;
u_int32_t syn_sent_last_min, synack_recvd_last_min; /* syn scan counters (attacker) */
u_int32_t syn_recvd_last_min, synack_sent_last_min; /* syn scan counters (victim) */
/* Counters used by host alerts */
struct {
AlertCounter *attacker_counter, *victim_counter;
} syn_flood;
struct {
AlertCounter *attacker_counter, *victim_counter;
} flow_flood;
struct {
u_int32_t syn_sent_last_min, synack_recvd_last_min; /* (attacker) */
u_int32_t syn_recvd_last_min, synack_sent_last_min; /* (victim) */
} syn_scan;
std::atomic<u_int32_t> num_active_flows_as_client, num_active_flows_as_server; /* Need atomic as inc/dec done on different threads */
u_int32_t asn;
AutonomousSystem *as;
@ -301,17 +309,17 @@ class Host : public GenericHashEntry, public HostAlertableEntity, public Score,
if(as) as->updateRoundTripTime(rtt_msecs);
}
inline u_int16_t syn_flood_victim_hits() const { return syn_flood_victim_alert ? syn_flood_victim_alert->hits() : 0; };
inline u_int16_t syn_flood_attacker_hits() const { return syn_flood_attacker_alert ? syn_flood_attacker_alert->hits() : 0; };
inline void reset_syn_flood_hits() { if(syn_flood_victim_alert) syn_flood_victim_alert->reset_hits(); if(syn_flood_attacker_alert) syn_flood_attacker_alert->reset_hits(); };
inline u_int16_t syn_flood_victim_hits() const { return syn_flood.victim_counter ? syn_flood.victim_counter->hits() : 0; };
inline u_int16_t syn_flood_attacker_hits() const { return syn_flood.attacker_counter ? syn_flood.attacker_counter->hits() : 0; };
inline void reset_syn_flood_hits() { if(syn_flood.victim_counter) syn_flood.victim_counter->reset_hits(); if(syn_flood.attacker_counter) syn_flood.attacker_counter->reset_hits(); };
inline u_int16_t flow_flood_victim_hits() const { return flow_flood_victim_alert ? flow_flood_victim_alert->hits() : 0; };
inline u_int16_t flow_flood_attacker_hits() const { return flow_flood_attacker_alert ? flow_flood_attacker_alert->hits() : 0; };
inline void reset_flow_flood_hits() { if(flow_flood_victim_alert) flow_flood_victim_alert->reset_hits(); if(flow_flood_attacker_alert) flow_flood_attacker_alert->reset_hits(); };
inline u_int16_t flow_flood_victim_hits() const { return flow_flood.victim_counter ? flow_flood.victim_counter->hits() : 0; };
inline u_int16_t flow_flood_attacker_hits() const { return flow_flood.attacker_counter ? flow_flood.attacker_counter->hits() : 0; };
inline void reset_flow_flood_hits() { if(flow_flood.victim_counter) flow_flood.victim_counter->reset_hits(); if(flow_flood.attacker_counter) flow_flood.attacker_counter->reset_hits(); };
inline u_int32_t syn_scan_victim_hits() const { return syn_recvd_last_min > synack_sent_last_min ? syn_recvd_last_min - synack_sent_last_min : 0; };
inline u_int32_t syn_scan_attacker_hits() const { return syn_sent_last_min > synack_recvd_last_min ? syn_sent_last_min - synack_recvd_last_min : 0; };
inline void reset_syn_scan_hits() { syn_sent_last_min = synack_recvd_last_min = syn_recvd_last_min = synack_sent_last_min = 0; };
inline u_int32_t syn_scan_victim_hits() const { return syn_scan.syn_recvd_last_min > syn_scan.synack_sent_last_min ? syn_scan.syn_recvd_last_min - syn_scan.synack_sent_last_min : 0; };
inline u_int32_t syn_scan_attacker_hits() const { return syn_scan.syn_sent_last_min > syn_scan.synack_recvd_last_min ? syn_scan.syn_sent_last_min - syn_scan.synack_recvd_last_min : 0; };
inline void reset_syn_scan_hits() { syn_scan.syn_sent_last_min = syn_scan.synack_recvd_last_min = syn_scan.syn_recvd_last_min = syn_scan.synack_sent_last_min = 0; };
void incNumFlows(time_t t, bool as_client);
void decNumFlows(time_t t, bool as_client);

50
src/Host.cpp
View file

@ -75,10 +75,10 @@ Host::~Host() {
freeHostNames();
if(syn_flood_attacker_alert) delete syn_flood_attacker_alert;
if(syn_flood_victim_alert) delete syn_flood_victim_alert;
if(flow_flood_attacker_alert) delete flow_flood_attacker_alert;
if(flow_flood_victim_alert) delete flow_flood_victim_alert;
if(syn_flood.attacker_counter) delete syn_flood.attacker_counter;
if(syn_flood.victim_counter) delete syn_flood.victim_counter;
if(flow_flood.attacker_counter) delete flow_flood.attacker_counter;
if(flow_flood.victim_counter) delete flow_flood.victim_counter;
if(stats) delete stats;
if(stats_shadow) delete stats_shadow;
@ -127,23 +127,23 @@ u_int16_t Host::decScoreValue(u_int16_t score_decr, ScoreCategory score_category
/* *************************************** */
void Host::updateSynAlertsCounter(time_t when, bool syn_sent) {
AlertCounter *counter = syn_sent ? syn_flood_attacker_alert : syn_flood_victim_alert;
AlertCounter *counter = syn_sent ? syn_flood.attacker_counter : syn_flood.victim_counter;
counter->inc(when, this);
if(syn_sent)
syn_sent_last_min++;
syn_scan.syn_sent_last_min++;
else
syn_recvd_last_min++;
syn_scan.syn_recvd_last_min++;
}
/* *************************************** */
void Host::updateSynAckAlertsCounter(time_t when, bool synack_sent) {
if(synack_sent)
synack_sent_last_min++;
syn_scan.synack_sent_last_min++;
else
synack_recvd_last_min++;
syn_scan.synack_recvd_last_min++;
}
/* *************************************** */
@ -207,12 +207,12 @@ void Host::initialize(Mac *_mac, u_int16_t _vlanId) {
is_in_broadcast_domain = false;
PROFILING_SUB_SECTION_ENTER(iface, "Host::initialize: new AlertCounter", 17);
syn_flood_attacker_alert = new (std::nothrow) AlertCounter();
syn_flood_victim_alert = new (std::nothrow) AlertCounter();
flow_flood_attacker_alert = new (std::nothrow) AlertCounter();
flow_flood_victim_alert = new (std::nothrow) AlertCounter();
syn_sent_last_min = synack_recvd_last_min = 0;
syn_recvd_last_min = synack_sent_last_min = 0;
syn_flood.attacker_counter = new (std::nothrow) AlertCounter();
syn_flood.victim_counter = new (std::nothrow) AlertCounter();
flow_flood.attacker_counter = new (std::nothrow) AlertCounter();
flow_flood.victim_counter = new (std::nothrow) AlertCounter();
syn_scan.syn_sent_last_min = syn_scan.synack_recvd_last_min = 0;
syn_scan.syn_recvd_last_min = syn_scan.synack_sent_last_min = 0;
PROFILING_SUB_SECTION_EXIT(iface, 17);
if(ip.getVersion() /* IP is set */) {
@ -499,9 +499,9 @@ void Host::lua_get_geoloc(lua_State *vm) {
void Host::lua_get_syn_flood(lua_State *vm) const {
u_int16_t hits;
if((hits = syn_flood_victim_alert->hits()))
if((hits = syn_flood.victim_counter->hits()))
lua_push_uint64_table_entry(vm, "hits.syn_flood_victim", hits);
if((hits = syn_flood_attacker_alert->hits()))
if((hits = syn_flood.attacker_counter->hits()))
lua_push_uint64_table_entry(vm, "hits.syn_flood_attacker", hits);
}
@ -510,9 +510,9 @@ void Host::lua_get_syn_flood(lua_State *vm) const {
void Host::lua_get_flow_flood(lua_State *vm) const {
u_int16_t hits;
if((hits = flow_flood_victim_alert->hits()))
if((hits = flow_flood.victim_counter->hits()))
lua_push_uint64_table_entry(vm, "hits.flow_flood_victim", hits);
if((hits = flow_flood_attacker_alert->hits()))
if((hits = flow_flood.attacker_counter->hits()))
lua_push_uint64_table_entry(vm, "hits.flow_flood_attacker", hits);
}
@ -539,14 +539,14 @@ void Host::lua_get_syn_scan(lua_State *vm) const {
u_int32_t hits;
hits = 0;
if (syn_sent_last_min > synack_recvd_last_min)
hits = syn_sent_last_min - synack_recvd_last_min;
if (syn_scan.syn_sent_last_min > syn_scan.synack_recvd_last_min)
hits = syn_scan.syn_sent_last_min - syn_scan.synack_recvd_last_min;
if(hits)
lua_push_uint64_table_entry(vm, "hits.syn_scan_attacker", hits);
hits = 0;
if (syn_recvd_last_min > synack_sent_last_min)
hits = syn_recvd_last_min - synack_sent_last_min;
if (syn_scan.syn_recvd_last_min > syn_scan.synack_sent_last_min)
hits = syn_scan.syn_recvd_last_min - syn_scan.synack_sent_last_min;
if(hits)
lua_push_uint64_table_entry(vm, "hits.syn_scan_victim", hits);
}
@ -1057,10 +1057,10 @@ void Host::incNumFlows(time_t t, bool as_client) {
AlertCounter *counter;
if(as_client) {
counter = flow_flood_attacker_alert;
counter = flow_flood.attacker_counter;
num_active_flows_as_client++;
} else {
counter = flow_flood_victim_alert;
counter = flow_flood.victim_counter;
num_active_flows_as_server++;
}