From d36d69b2e223c2276b4f80969a9aacafe332ce05 Mon Sep 17 00:00:00 2001
From: Simone Mainardi <mainardi@ntop.org>
Date: Tue, 24 Sep 2019 18:19:26 +0200
Subject: [PATCH] Additional alerted flows debug traces

---
 include/Flow.h |  3 +++
 src/Flow.cpp   | 19 ++++++++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/include/Flow.h b/include/Flow.h
index f5595f4f1b..8799c26f59 100644
--- a/include/Flow.h
+++ b/include/Flow.h
@@ -69,6 +69,9 @@ class Flow : public GenericHashEntry {
     good_low_flow_detected, good_ssl_hs, update_flow_port_stats,
     quota_exceeded, has_malicious_cli_signature, has_malicious_srv_signature,
     is_alerted;
+#ifdef ALERTED_FLOWS_DEBUG
+  bool iface_alert_inc, iface_alert_dec;
+#endif
   u_int16_t diff_num_http_requests;
   int64_t alert_rowid;
 #ifdef NTOPNG_PRO
diff --git a/src/Flow.cpp b/src/Flow.cpp
index c894bdfd1e..8a110d8034 100644
--- a/src/Flow.cpp
+++ b/src/Flow.cpp
@@ -140,6 +140,9 @@ Flow::Flow(NetworkInterface *_iface,
   passVerdict = true, quota_exceeded = false;
   has_malicious_cli_signature = has_malicious_srv_signature = false;
   is_alerted = false;
+#ifdef ALERTED_FLOWS_DEBUG
+  iface_alert_inc = iface_alert_dec = false;
+#endif
   if(_first_seen > _last_seen) _first_seen = _last_seen;
   first_seen = _first_seen, last_seen = _last_seen;
   bytes_thpt_trend = trend_unknown, pkts_thpt_trend = trend_unknown;
@@ -231,6 +234,13 @@ void Flow::freeDPIMemory() {
 /* *************************************** */
 
 Flow::~Flow() {
+#ifdef ALERTED_FLOWS_DEBUG
+  if(iface_alert_inc && !iface_alert_dec) {
+    char buf[256];
+    ntop->getTrace()->traceEvent(TRACE_WARNING, "[MISMATCH][inc but not dec] %s",
+				 print(buf, sizeof(buf)));
+  }
+#endif
   if(cli_host)
     cli_host->decUses();
   else if(cli_ip_addr) /* Dynamically allocated only when cli_host was NULL */
@@ -361,6 +371,9 @@ void Flow::dumpFlowAlert() {
 
       setFlowAlerted();
       iface->incNumAlertedFlows(this);
+#ifdef ALERTED_FLOWS_DEBUG
+      iface_alert_inc = true;
+#endif
       if(cli_host) cli_host->incNumAlertedFlows();
       if(srv_host) srv_host->incNumAlertedFlows();
     }
@@ -2127,8 +2140,12 @@ void Flow::set_hash_entry_state_idle() {
 
   iface->decNumFlows();
 
-  if(isFlowAlerted())
+  if(isFlowAlerted()) {
     iface->decNumAlertedFlows(this);
+#ifdef ALERTED_FLOWS_DEBUG
+      iface_alert_dec = true;
+#endif
+  }
 
   GenericHashEntry::set_hash_entry_state_idle();
 }