Traffic directions for mirrored traffic in case no gateway MAC address is configured

are not set using local/remote hosts location. Fixes #5977
2026-05-22 10:45:57 +00:00 · 2021-10-15 16:34:35 +02:00 · 2021-10-15 16:34:35 +02:00 · bebae2ec93
commit bebae2ec93
parent 42f032bbb0
5 changed files with 30 additions and 5 deletions
--- a/scripts/locales/en.lua
+++ b/scripts/locales/en.lua
@ -3102,7 +3102,7 @@ local lang = {
    ["discard_probing_traffic"] = "Discard Probing Traffic",
    ["dump_flows_to_database"] = "Dump Flows to Database",
    ["gw_macs"] = "MAC Address Based Traffic Directions",
-    ["gw_macs_description"] = "This is used to compute traffic direction (ingress or egress) based on the provided MAC address(es) (comma-separated list) as in some case (when capturing traffic from a traffic mirror or pcap) it is not possible to know the traffic direction. Traffic directed to the configured MAC address(es) is considered as egress traffic.",
+    ["gw_macs_description"] = "This is used to compute traffic direction (ingress or egress) based on the provided MAC address(es) (comma-separated list) as in some case (when capturing traffic from a traffic mirror or pcap) it is not possible to know the traffic direction. Traffic directed to the configured MAC address(es) is considered as egress traffic.<br><b>Note:</b><br>In case no MAC address is configured, the traffic direction is set using local vs remote hosts traffic (-m).",
    ["gw_macs_example"] = "e.g. %{example}",
    ["hide_from_top_networks"] = "Hide from Top Networks",
    ["hide_from_top_networks_descr"] = "e.g. %{example}",
--- a/src/NetworkInterface.cpp
+++ b/src/NetworkInterface.cpp
@ -1676,7 +1676,30 @@ bool NetworkInterface::processPacket(u_int32_t bridge_iface_idx,
    if(new_flow)
      flow->setIngress2EgressDirection(ingressPacket);
 #endif
+    /*
+      In case of a traffic mirror with no MAC gatewy address configured
+      the traffic direction is set based on the local (-m) host
+     */
+    if(isTrafficMirrored() && (!isGwMacConfigured())) {
+      int16_t network_id;
+      bool cli_local = flow->get_cli_ip_addr()->isLocalHost(&network_id);
+      bool srv_local = flow->get_srv_ip_addr()->isLocalHost(&network_id);

+      if(cli_local && (!srv_local))
+	ingressPacket = false;
+      else if((!cli_local) && srv_local)
+	ingressPacket = true;
+      else
+	; /* Leave as is */
+
+      /*
+      ntop->getTrace()->traceEvent(TRACE_NORMAL, "%s -> %s",
+				   flow->get_cli_ip_addr()->isLocalHost(&network_id) ? "L" : "R",
+				   flow->get_srv_ip_addr()->isLocalHost(&network_id) ? "L" : "R");
+      */
+    }
+
+    
    if(flow->is_swap_requested()
       /* This guarantees that at least a packet has been observed in both directions, and that
 	  we are in the dst->src direction of the flow that is being swapped
@ -6103,7 +6126,7 @@ void NetworkInterface::lua(lua_State *vm) {
  /* Note: source MAC is now used to get traffic direction when not areTrafficDirectionsSupported() */
  lua_push_bool_table_entry(vm, "has_traffic_directions",
 			    (areTrafficDirectionsSupported() || (!Utils::isEmptyMac(ifMac)))
-			    && (!isLoopback()) && (!isTrafficMirrored() || isGwMacConfigured()));
+			    && (!isLoopback()) /* && (!isTrafficMirrored() || isGwMacConfigured())*/ );
  lua_push_bool_table_entry(vm, "has_seen_pods", hasSeenPods());
  lua_push_bool_table_entry(vm, "has_seen_containers", hasSeenContainers());
  lua_push_bool_table_entry(vm, "has_seen_external_alerts", hasSeenExternalAlerts());
--- a/src/flow_alerts/PeriodicityChangedAlert.cpp
+++ b/src/flow_alerts/PeriodicityChangedAlert.cpp
@ -24,8 +24,10 @@
 /* ***************************************************** */

 ndpi_serializer* PeriodicityChangedAlert::getAlertJSON(ndpi_serializer* serializer) {
+#ifdef NTOPNG_PRO
  Flow *f = getFlow();
-
+#endif
+  
  if(serializer == NULL)
    return NULL;

--- a/src/flow_checks/IECUnexpectedTypeId.cpp
+++ b/src/flow_checks/IECUnexpectedTypeId.cpp
@ -50,7 +50,7 @@ bool IECUnexpectedTypeId::loadConfiguration(json_object *config) {
    char str[512];
    u_int idx = 0;
    
-    for(int i=0; i<json_object_array_length(items); i++) {
+    for(u_int i=0; i<json_object_array_length(items); i++) {
      json_object *item = json_object_array_get_idx(items, i);
      u_int32_t id      = json_object_get_int(item);
      int rx = snprintf(&str[idx], sizeof(str)-idx-1, "%s%u",
--- a/src/flow_checks/UnexpectedServer.cpp
+++ b/src/flow_checks/UnexpectedServer.cpp
@ -79,7 +79,7 @@ bool UnexpectedServer::loadConfiguration(json_object *config) {
  */

  if(json_object_object_get_ex(config, "items", &whitelist_json)) {
-    for(int i = 0; i < json_object_array_length(whitelist_json); i++) {
+    for(u_int i = 0; i < json_object_array_length(whitelist_json); i++) {
      const char *server_ptr;
      
      whitelisted_server_json = json_object_array_get_idx(whitelist_json, i);