diff --git a/include/Host.h b/include/Host.h
index e9b81955e2..39688506af 100644
--- a/include/Host.h
+++ b/include/Host.h
@@ -114,7 +114,7 @@ class Host : public GenericHost {
inline void setOS(char *_os) { if(os[0] == '\0') snprintf(os, sizeof(os), "%s", _os); }
inline IpAddress* get_ip() { return(&ip); }
void set_mac(char *m);
- inline bool is_blacklisted() { return(blacklisted_host); }
+ inline bool isBlacklisted() { return(blacklisted_host); }
inline u_int8_t* get_mac() { return(mac ? mac->get_mac() : NULL); }
inline Mac* getMac() { return(mac); }
inline char* get_os() { return(os); }
diff --git a/include/ntop_defines.h b/include/ntop_defines.h
index 976e3252f0..f3a6a57dc9 100644
--- a/include/ntop_defines.h
+++ b/include/ntop_defines.h
@@ -129,7 +129,7 @@
#define DOMAIN_TO_CATEGORIZE "ntopng.domain.tocategorize"
#define DOMAIN_WHITELIST_CAT "ntopng.domain.whitelist"
#define DNS_CACHE "ntopng.dns.cache"
-#define DHCP_CACHE "ntopng.dhcp.cache"
+#define DHCP_CACHE "ntopng.dhcp.%d.cache"
#define DNS_TO_RESOLVE "ntopng.dns.toresolve"
#define NTOPNG_TRACE "ntopng.trace"
#define MAX_NUM_NTOPNG_TRACES 32
diff --git a/src/AlertsManager.cpp b/src/AlertsManager.cpp
index 67ba4399d7..50e8fde071 100644
--- a/src/AlertsManager.cpp
+++ b/src/AlertsManager.cpp
@@ -439,7 +439,8 @@ void AlertsManager::makeRoom(AlertEntity alert_entity, const char *alert_entity_
/* **************************************************** */
-int AlertsManager::deleteOldestAlert(AlertEntity alert_entity, const char *alert_entity_value, const char *table_name, u_int32_t max_num_rows) {
+int AlertsManager::deleteOldestAlert(AlertEntity alert_entity, const char *alert_entity_value,
+ const char *table_name, u_int32_t max_num_rows) {
char query[STORE_MANAGER_MAX_QUERY];
sqlite3_stmt *stmt = NULL;
int rc = 0;
@@ -564,7 +565,7 @@ int AlertsManager::releaseAlert(AlertEntity alert_entity, const char *alert_enti
return -1;
if(!isAlertEngaged(alert_entity, alert_entity_value, engaged_alert_id)) {
- return 0; // cannot release an alert that has not been engaged
+ return 0; /* Cannot release an alert that has not been engaged */
}
if(getNetworkInterface()) getNetworkInterface()->decAlertLevel();
@@ -642,13 +643,13 @@ int AlertsManager::releaseAlert(AlertEntity alert_entity, const char *alert_enti
}
rc = 0;
+
out:
if(stmt) sqlite3_finalize(stmt);
m.unlock(__FILE__, __LINE__);
return rc;
}
-
/* **************************************************** */
const char* AlertsManager::getAlertEntity(AlertEntity alert_entity) {
@@ -706,7 +707,6 @@ SlackNotificationChoice AlertsManager::getSlackNotificationChoice(char* choice)
return notify_all_alerts; /* default choice*/
}
-
/* **************************************************** */
void AlertsManager::notifyAlert(AlertEntity alert_entity, const char *alert_entity_value,
@@ -768,7 +768,7 @@ void AlertsManager::notifySlack(AlertEntity alert_entity, const char *alert_enti
const char *alert_json,
const char *alert_origin, const char *alert_target) {
char buf[4], choice[32];
- bool alert_to_be_notified=false; // Checksd if the notification has to be done according to the slack notifications preference
+ bool alert_to_be_notified = false; // Checks if the notification has to be done according to the slack notifications preference
SlackNotificationChoice notification_choice;
if((ntop->getRedis()->get((char*)ALERTS_MANAGER_NOTIFICATION_ENABLED,
@@ -782,10 +782,10 @@ void AlertsManager::notifySlack(AlertEntity alert_entity, const char *alert_enti
alert_to_be_notified=true;
else if(notification_choice == notify_errors_and_warnings) {
if((alert_severity == alert_level_error) || (alert_severity == alert_level_warning))
- alert_to_be_notified=true;
+ alert_to_be_notified = true;
} else {
if((notification_choice == notify_errors_only) && (alert_severity == alert_level_error))
- alert_to_be_notified =true;
+ alert_to_be_notified = true;
}
if(alert_to_be_notified)
@@ -931,8 +931,8 @@ int AlertsManager::storeFlowAlert(Flow *f, AlertType alert_type,
|| sqlite3_bind_int64(stmt,23, f->get_packets_srv2cli())
|| sqlite3_bind_int(stmt, 24, f->getTcpFlagsCli2Srv())
|| sqlite3_bind_int(stmt, 25, f->getTcpFlagsSrv2Cli())
- || sqlite3_bind_int(stmt, 26, (cli && cli->is_blacklisted()) ? 1 : 0)
- || sqlite3_bind_int(stmt, 27, (srv && srv->is_blacklisted()) ? 1 : 0)
+ || sqlite3_bind_int(stmt, 26, (cli && cli->isBlacklisted()) ? 1 : 0)
+ || sqlite3_bind_int(stmt, 27, (srv && srv->isBlacklisted()) ? 1 : 0)
|| sqlite3_bind_int(stmt, 28, (cli && cli->isLocalHost()) ? 1 : 0)
|| sqlite3_bind_int(stmt, 29, (srv && srv->isLocalHost()) ? 1 : 0)
) {
@@ -1013,8 +1013,8 @@ int AlertsManager::engageReleaseHostAlert(Host *h,
int AlertsManager::engageReleaseNetworkAlert(const char *cidr,
const char *engaged_alert_id,
- AlertType alert_type, AlertLevel alert_severity, const char *alert_json,
- bool engage) {
+ AlertType alert_type, AlertLevel alert_severity,
+ const char *alert_json, bool engage) {
struct in_addr addr4;
struct in6_addr addr6;
char ip_buf[256];
diff --git a/src/Flow.cpp b/src/Flow.cpp
index f9d0eb6a0e..4a70c3b160 100644
--- a/src/Flow.cpp
+++ b/src/Flow.cpp
@@ -290,8 +290,8 @@ void Flow::checkBlacklistedFlow() {
if(!blacklist_alarm_emitted) {
if(cli_host
&& srv_host
- && (cli_host->is_blacklisted()
- || srv_host->is_blacklisted())) {
+ && (cli_host->isBlacklisted()
+ || srv_host->isBlacklisted())) {
char c_buf[64], s_buf[64], *c, *s, fbuf[256], alert_msg[1024];
c = cli_host->get_ip()->print(c_buf, sizeof(c_buf));
@@ -306,10 +306,10 @@ void Flow::checkBlacklistedFlow() {
"%s %s contacted %s host "
"%s [%s]",
ntop->getPrefs()->get_http_prefix(),
- cli_host->is_blacklisted() ? "Blacklisted host" : "Host",
+ cli_host->isBlacklisted() ? "Blacklisted host" : "Host",
c, iface->get_name(),
cli_host->get_name() ? cli_host->get_name() : c,
- srv_host->is_blacklisted() ? "blacklisted" : "",
+ srv_host->isBlacklisted() ? "blacklisted" : "",
ntop->getPrefs()->get_http_prefix(),
s, iface->get_name(),
srv_host->get_name() ? srv_host->get_name() : s,
@@ -2301,7 +2301,7 @@ bool Flow::isPassVerdict() {
if(cli_host && srv_host)
return((!(cli_host->isAboveQuota() || srv_host->isAboveQuota()))
&& (!(cli_host->dropAllTraffic() || srv_host->dropAllTraffic()))
- && (!(cli_host->is_blacklisted() || srv_host->is_blacklisted())));
+ && (!(cli_host->isBlacklisted() || srv_host->isBlacklisted())));
else
return(true);
}
diff --git a/src/Host.cpp b/src/Host.cpp
index 64f9601779..bb1c23d75a 100644
--- a/src/Host.cpp
+++ b/src/Host.cpp
@@ -264,11 +264,12 @@ void Host::initialize(u_int8_t _mac[6], u_int16_t _vlanId, bool init_all) {
bool Host::readDHCPCache() {
if(mac) {
/* Check DHCP cache */
- char client_mac[24], buf[64];
+ char client_mac[24], buf[64], key[64];
Utils::formatMac(mac->get_mac(), client_mac, sizeof(client_mac));
- if(ntop->getRedis()->hashGet((char*)DHCP_CACHE, client_mac, buf, sizeof(buf)) == 0) {
+ snprintf(key, sizeof(key), DHCP_CACHE, iface->get_id());
+ if(ntop->getRedis()->hashGet(key, client_mac, buf, sizeof(buf)) == 0) {
setName(buf);
return true;
}
diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp
index 8184ac89ee..f8e2cec2a7 100644
--- a/src/NetworkInterface.cpp
+++ b/src/NetworkInterface.cpp
@@ -253,7 +253,7 @@ void NetworkInterface::initL7Policer() {
snprintf(key, sizeof(key), "ntopng.prefs.%d.l7_policy", get_id());
- if (ntop->getRedis()->hashGet(key, (char*)any_net, rsp, sizeof(rsp)) != 0) {
+ if(ntop->getRedis()->hashGet(key, (char*)any_net, rsp, sizeof(rsp)) != 0) {
#ifdef DEBUG
ntop->getTrace()->traceEvent(TRACE_WARNING, "Creating '%s' network rule on interface %d",
any_net, get_id());
@@ -264,7 +264,7 @@ void NetworkInterface::initL7Policer() {
/* Create default shaper */
snprintf(key, sizeof(key), "ntopng.prefs.%d.shaper_max_rate", get_id());
- if (ntop->getRedis()->hashGet(key, (char*)"0", rsp, sizeof(rsp)) != 0) {
+ if(ntop->getRedis()->hashGet(key, (char*)"0", rsp, sizeof(rsp)) != 0) {
/* set as not shaping */
ntop->getRedis()->hashSet(key, (char*)"0", (char*)"-1");
}
@@ -1131,7 +1131,7 @@ bool NetworkInterface::processPacket(const struct bpf_timeval *when,
if(len == 0) break;
if(id == 12 /* Host Name */) {
- char name[64], buf[24], *client_mac;
+ char name[64], buf[24], *client_mac, key[64];
int j;
j = ndpi_min(len, sizeof(name)-1);
@@ -1141,7 +1141,8 @@ bool NetworkInterface::processPacket(const struct bpf_timeval *when,
client_mac = Utils::formatMac(&payload[28], buf, sizeof(buf)),
ntop->getTrace()->traceEvent(TRACE_INFO, "[DHCP] %s = '%s'", client_mac, name);
- ntop->getRedis()->hashSet((char*)DHCP_CACHE, client_mac, name);
+ snprintf(key, sizeof(key), DHCP_CACHE, get_id());
+ ntop->getRedis()->hashSet(key, client_mac, name);
break;
} else if(id == 0xFF)
break; /* End of options */
@@ -1233,43 +1234,40 @@ bool NetworkInterface::processPacket(const struct bpf_timeval *when,
#ifdef NTOPNG_PRO
if(is_bridge_interface()) {
- pass_verdict = flow->isPassVerdict();
- if(pass_verdict) {
- u_int8_t shaper_ingress, shaper_engress;
- char buf[64];
-
- flow->getFlowShapers(src2dst_direction, &shaper_ingress, &shaper_engress);
- ntop->getTrace()->traceEvent(TRACE_DEBUG, "[%s] %u / %u ",
- flow->get_detected_protocol_name(buf, sizeof(buf)),
- shaper_ingress, shaper_engress);
- pass_verdict = passShaperPacket(shaper_ingress, shaper_engress, (struct pcap_pkthdr*)h);
- }
+ pass_verdict = flow->isPassVerdict();
+
+ if(pass_verdict) {
+ u_int8_t shaper_ingress, shaper_engress;
+ char buf[64];
+
+ flow->getFlowShapers(src2dst_direction, &shaper_ingress, &shaper_engress);
+ ntop->getTrace()->traceEvent(TRACE_DEBUG, "[%s] %u / %u ",
+ flow->get_detected_protocol_name(buf, sizeof(buf)),
+ shaper_ingress, shaper_engress);
+ pass_verdict = passShaperPacket(shaper_ingress, shaper_engress, (struct pcap_pkthdr*)h);
+ }
}
#endif
- if(pass_verdict)
- incStats(when->tv_sec, iph ? ETHERTYPE_IP : ETHERTYPE_IPV6,
- flow->get_detected_protocol().protocol,
- rawsize, 1, 24 /* 8 Preamble + 4 CRC + 12 IFG */);
-
- bool dump_is_unknown = dump_unknown_traffic
+ bool dump_if_unknown = dump_unknown_traffic
&& (!flow->isDetectionCompleted() ||
flow->get_detected_protocol().protocol == NDPI_PROTOCOL_UNKNOWN);
- if(dump_is_unknown
+ if(dump_if_unknown
|| dump_all_traffic
|| dump_security_packets
|| flow->dumpFlowTraffic()) {
- if(dump_to_disk) dumpPacketDisk(h, packet, dump_is_unknown ? UNKNOWN : GUI);
+ if(dump_to_disk) dumpPacketDisk(h, packet, dump_if_unknown ? UNKNOWN : GUI);
if(dump_to_tap) dumpPacketTap(h, packet, GUI);
}
- } else
- incStats(when->tv_sec, iph ? ETHERTYPE_IP : ETHERTYPE_IPV6,
- flow->get_detected_protocol().protocol,
- rawsize, 1, 24 /* 8 Preamble + 4 CRC + 12 IFG */);
-
+ }
+
+ incStats(when->tv_sec, iph ? ETHERTYPE_IP : ETHERTYPE_IPV6,
+ flow->get_detected_protocol().protocol,
+ rawsize, 1, 24 /* 8 Preamble + 4 CRC + 12 IFG */);
+
// Detect user activities
- if ((!isSampledTraffic())
+ if((!isSampledTraffic())
&& (ntop->getPrefs()->is_flow_activity_enabled())) {
Host *cli = flow->get_cli_host();
Host *srv = flow->get_srv_host();
@@ -3778,7 +3776,7 @@ bool NetworkInterface::isInterfaceUp(char *name) {
struct ifreq ifr;
int sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
- if (strlen(name) >= sizeof(ifr.ifr_name))
+ if(strlen(name) >= sizeof(ifr.ifr_name))
return(false);
memset(&ifr, 0, sizeof(ifr));
@@ -4171,6 +4169,7 @@ static int lua_flow_set_activity_filter(lua_State* vm) {
case 2+0: config.all.pass = true;
}
break;
+
case activity_filter_web:
if(lua_type(vm, params+1) == LUA_TNUMBER) {
config.web.numsamples = lua_tonumber(vm, ++params);
@@ -4199,6 +4198,7 @@ static int lua_flow_set_activity_filter(lua_State* vm) {
case 2+4: config.web.serverdominant = true;
}
break;
+
case activity_filter_ratio:
if(lua_type(vm, params+1) == LUA_TNUMBER) {
config.ratio.numsamples = lua_tonumber(vm, ++params);
@@ -4217,6 +4217,7 @@ static int lua_flow_set_activity_filter(lua_State* vm) {
case 2+2: config.ratio.clisrv_ratio = -1.f;
}
break;
+
case activity_filter_interflow:
if(lua_type(vm, params+1) == LUA_TNUMBER) {
config.interflow.minflows = min((int)lua_tonumber(vm, ++params), INTER_FLOW_ACTIVITY_SLOTS);
@@ -4224,7 +4225,7 @@ static int lua_flow_set_activity_filter(lua_State* vm) {
if(lua_type(vm, params+1) == LUA_TNUMBER) {
config.interflow.minpkts = lua_tonumber(vm, ++params);
- if (lua_type(vm, params+1) == LUA_TNUMBER) {
+ if(lua_type(vm, params+1) == LUA_TNUMBER) {
config.interflow.minduration = lua_tonumber(vm, ++params);
if(lua_type(vm, params+1) == LUA_TBOOLEAN)
@@ -4240,8 +4241,10 @@ static int lua_flow_set_activity_filter(lua_State* vm) {
case 2+3: config.interflow.sslonly = false;
}
break;
+
case activity_filter_metrics_test:
break;
+
case activity_filter_sma:
if(lua_type(vm, params+1) == LUA_TNUMBER) {
config.sma.edge = lua_tonumber(vm, ++params);
@@ -4265,6 +4268,7 @@ static int lua_flow_set_activity_filter(lua_State* vm) {
case 2+3: config.sma.sustain = 1000;
}
break;
+
case activity_filter_wma:
if(lua_type(vm, params+1) == LUA_TNUMBER) {
config.wma.edge = lua_tonumber(vm, ++params);
@@ -4288,6 +4292,7 @@ static int lua_flow_set_activity_filter(lua_State* vm) {
case 2+3: config.wma.aggrsecs = 0;
}
break;
+
case activity_filter_command_sequence:
if(lua_type(vm, params+1) == LUA_TBOOLEAN) {
config.command_sequence.mustwait = lua_toboolean(vm, ++params);
@@ -4298,10 +4303,10 @@ static int lua_flow_set_activity_filter(lua_State* vm) {
if(lua_type(vm, params+1) == LUA_TNUMBER) {
config.command_sequence.maxinterval = lua_tonumber(vm, ++params);
- if (lua_type(vm, params+1) == LUA_TNUMBER) {
+ if(lua_type(vm, params+1) == LUA_TNUMBER) {
config.command_sequence.mincommands = lua_tonumber(vm, ++params);
- if (lua_type(vm, params+1) == LUA_TNUMBER)
+ if(lua_type(vm, params+1) == LUA_TNUMBER)
config.command_sequence.minflips = lua_tonumber(vm, ++params);
}
}
@@ -4315,6 +4320,7 @@ static int lua_flow_set_activity_filter(lua_State* vm) {
case 2+4: config.command_sequence.minflips = 1;
}
break;
+
default:
ntop->getTrace()->traceEvent(TRACE_WARNING, "Invalid activity filter (%d)", filterID);
return (CONST_LUA_ERROR);