From a1e4e98fcb2a3e222a021487f2d8593d7bd2954f Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Tue, 18 Jan 2022 22:52:32 +0100
Subject: [PATCH] Implements #6215

---
 include/Flow.h               | 1 +
 scripts/locales/en.lua       | 1 +
 scripts/lua/flow_details.lua | 1 +
 src/Flow.cpp                 | 7 +++++--
 4 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/include/Flow.h b/include/Flow.h
index eb20b405f2..acb63a8595 100644
--- a/include/Flow.h
+++ b/include/Flow.h
@@ -94,6 +94,7 @@ class Flow : public GenericHashEntry {
   void *cli_id, *srv_id;
   json_object *json_info;
   ndpi_serializer *tlv_info;
+  ndpi_confidence_t confidence;
   char *host_server_name, *bt_hash;
   IEC104Stats *iec104;
   char *suspicious_dga_domain; /* Stores the suspicious DGA domain for flows with NDPI_SUSPICIOUS_DGA_DOMAIN */
diff --git a/scripts/locales/en.lua b/scripts/locales/en.lua
index 1b01607b34..5c0646ade1 100644
--- a/scripts/locales/en.lua
+++ b/scripts/locales/en.lua
@@ -116,6 +116,7 @@ local lang = {
   ["download_icon"] = "<i class='fas fa-arrow-down'></i>",
   ["download_x"] = "%{what} Download",
   ["downloaders"] = "Download Volume",
+  ["ndpi_confidence"] = "Confidence",
   ["drilldown"] = "Drilldown",
   ["dscp"] = "DSCP",
   ["dscp_dst2src"] = "Server DSCP",
diff --git a/scripts/lua/flow_details.lua b/scripts/lua/flow_details.lua
index 9014624f30..9f5a97fe00 100644
--- a/scripts/lua/flow_details.lua
+++ b/scripts/lua/flow_details.lua
@@ -474,6 +474,7 @@ else
       print("flows_stats.lua?category=" .. flow["proto.ndpi_cat"] .. "\">")
       print(getCategoryLabel(flow["proto.ndpi_cat"]))
       print("</A>) ".. formatBreed(flow["proto.ndpi_breed"], flow["proto.is_encrypted"]))
+      print(" ["..i18n("ndpi_confidence")..": "..flow.confidence.."]")
    end
    
    if(flow["verdict.pass"] == false) then print("</strike>") end
diff --git a/src/Flow.cpp b/src/Flow.cpp
index ca364f2ffe..9e9ebdbe5f 100644
--- a/src/Flow.cpp
+++ b/src/Flow.cpp
@@ -67,7 +67,7 @@ Flow::Flow(NetworkInterface *_iface,
 #endif
 
   icmp_info = _icmp_info ? new (std::nothrow) ICMPinfo(*_icmp_info) : NULL;
-  ndpiFlow = NULL, cli_id = srv_id = NULL;
+  ndpiFlow = NULL, cli_id = srv_id = NULL, confidence = NDPI_CONFIDENCE_UNKNOWN;
   cli_ebpf = srv_ebpf = NULL;
   json_info = NULL, tlv_info = NULL, twh_over = twh_ok = false,
     dissect_next_http_packet = false, host_server_name = NULL;
@@ -462,7 +462,8 @@ void Flow::processDetectedProtocol() {
 
   /* Domain Concats Alert */
   if(ndpiFlow) 
-    domain_name = ndpi_get_flow_name(ndpiFlow);
+    domain_name = ndpi_get_flow_name(ndpiFlow), confidence = ndpiFlow->confidence;
+
   if(cli_h && domain_name && domain_name[0] != '\0')
     cli_h->addContactedDomainName(domain_name);
 }
@@ -2250,6 +2251,8 @@ void Flow::lua(lua_State* vm, AddressTree * ptree,
       }
     }
 
+    lua_push_str_table_entry(vm, "confidence", ndpi_confidence_get_name(confidence));
+    
     lua_get_risk_info(vm);
     lua_entropy(vm);
   }