diff --git a/include/Flow.h b/include/Flow.h index 974665451d..2b7512c6fe 100644 --- a/include/Flow.h +++ b/include/Flow.h @@ -252,7 +252,7 @@ class Flow : public GenericHashEntry { inline u_int8_t getTcpFlagsSrv2Cli() { return(dst2src_tcp_flags); }; #ifdef NTOPNG_PRO bool checkPassVerdict(const struct tm *now); - inline bool isPassVerdict() { return passVerdict; }; + bool isPassVerdict(); #endif inline void setDropVerdict() { passVerdict = false; }; void incFlowDroppedCounters(); @@ -449,7 +449,7 @@ class Flow : public GenericHashEntry { inline u_int32_t getFlowDeviceIp() { return flow_device.device_ip; }; inline u_int16_t getFlowDeviceInIndex() { return flow_device.in_index; }; inline u_int16_t getFlowDeviceOutIndex() { return flow_device.out_index; }; - void setPacketsBytes(u_int32_t s2d_pkts, u_int32_t d2s_pkts, u_int32_t s2d_bytes, u_int32_t d2s_bytes); + void setPacketsBytes(time_t now, u_int32_t s2d_pkts, u_int32_t d2s_pkts, u_int32_t s2d_bytes, u_int32_t d2s_bytes); #ifdef NTOPNG_PRO void getFlowShapers(bool src2dst_direction, TrafficShaper **shaper_ingress, TrafficShaper **shaper_egress) { diff --git a/scripts/lua/modules/flow_utils.lua b/scripts/lua/modules/flow_utils.lua index 20aa64f068..d7c5b70b2e 100644 --- a/scripts/lua/modules/flow_utils.lua +++ b/scripts/lua/modules/flow_utils.lua @@ -1791,6 +1791,8 @@ function getFlowQuota(ifid, info, as_client) end local master_proto, app_proto = splitProtocol(info["proto.ndpi"]) + app_proto = app_proto or master_proto + local pools_stats = interface.getHostPoolsStats() local pool_stats = pools_stats and pools_stats[tonumber(pool_id)] diff --git a/src/Flow.cpp b/src/Flow.cpp index 665a7c5658..af1e611f14 100644 --- a/src/Flow.cpp +++ b/src/Flow.cpp @@ -2669,6 +2669,20 @@ void Flow::dissectSSDP(bool src2dst_direction, char *payload, u_int16_t payload_ #ifdef NTOPNG_PRO +bool Flow::isPassVerdict() { + if(!passVerdict) + return(false); + + if(cli_host && srv_host) + return((!quota_exceeded) + && (!(cli_host->dropAllTraffic() || srv_host->dropAllTraffic())) + && (!(cli_host->isBlacklisted() || srv_host->isBlacklisted()))); + else + return(true); +} + +/* *************************************** */ + bool Flow::checkPassVerdict(const struct tm *now) { if(!passVerdict) return(false); @@ -2677,13 +2691,7 @@ bool Flow::checkPassVerdict(const struct tm *now) { return(true); /* Always pass until detection is completed */ recheckQuota(now); - - if(cli_host && srv_host) - return((!quota_exceeded) - && (!(cli_host->dropAllTraffic() || srv_host->dropAllTraffic())) - && (!(cli_host->isBlacklisted() || srv_host->isBlacklisted()))); - else - return(true); + return isPassVerdict(); } #endif @@ -3032,10 +3040,9 @@ void Flow::fixAggregatedFlowFields() { /* ***************************************************** */ -void Flow::setPacketsBytes(u_int32_t s2d_pkts, u_int32_t d2s_pkts, +void Flow::setPacketsBytes(time_t now, u_int32_t s2d_pkts, u_int32_t d2s_pkts, u_int32_t s2d_bytes, u_int32_t d2s_bytes) { #ifdef NTOPNG_PRO - time_t now = time(0); u_int16_t eth_proto = ETHERTYPE_IP; u_int overhead = 0; diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp index 0dd380c50e..78b2800065 100644 --- a/src/NetworkInterface.cpp +++ b/src/NetworkInterface.cpp @@ -6382,17 +6382,21 @@ void NetworkInterface::updateFlowStats(u_int8_t protocol, bool src2dst_direction; IpAddress src_ip, dst_ip; Flow *f; + struct tm now; + time_t t_now = time(NULL); #ifdef DEBUG char buf[32], buf1[32]; const char *msg; #endif + localtime_r(&t_now, &now); src_ip.set(srcHost), dst_ip.set(dstHost); f = flows_hash->find(&src_ip, &dst_ip, sport, dport, 0 /* vlanId */, protocol, &src2dst_direction); if(f) { - f->setPacketsBytes(s2d_pkts, d2s_pkts, s2d_bytes, d2s_bytes); + f->setPacketsBytes(t_now, s2d_pkts, d2s_pkts, s2d_bytes, d2s_bytes); + f->recheckQuota(&now); #ifdef DEBUG msg = "Updated "; #endif