From f2c3ee137c01a183998ffeb760be73decaa5773e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 13 Jul 2020 23:56:46 +0200 Subject: [PATCH] Host stats cleanup --- include/Bin.h | 55 --------------------- include/FlowDurationBin.h | 34 ------------- include/Host.h | 6 ++- include/LocalHost.h | 22 +++++++++ include/NewFlowFrequencyBin.h | 42 ---------------- include/ntop_includes.h | 6 +-- scripts/lua/get_host_flow_stats.lua | 69 -------------------------- scripts/lua/host_details.lua | 66 +------------------------ src/Bin.cpp | 77 ----------------------------- src/Flow.cpp | 3 ++ src/HTTPserver.cpp | 2 +- src/Host.cpp | 47 ++---------------- 12 files changed, 40 insertions(+), 389 deletions(-) delete mode 100644 include/Bin.h delete mode 100644 include/FlowDurationBin.h delete mode 100644 include/NewFlowFrequencyBin.h delete mode 100644 scripts/lua/get_host_flow_stats.lua delete mode 100644 src/Bin.cpp diff --git a/include/Bin.h b/include/Bin.h deleted file mode 100644 index 802490529e..0000000000 --- a/include/Bin.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * - * (C) 2020 - ntop.org - * - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _BIN_H_ -#define _BIN_H_ - -#include "ntop_includes.h" - -/* #define BIN_DEBUG 1 */ - -/* ******************************* */ - -#define MAX_NUM_BINS 8 -#define BIN_MASK (MAX_NUM_BINS-1) - -class Bin { - private: - u_int32_t bins[MAX_NUM_BINS]; - -protected: - inline void incBin(u_int32_t value) { - if(value <= 1) bins[0]++; - else if(value <= 3) bins[1]++; - else if(value <= 5) bins[2]++; - else if(value <= 10) bins[3]++; - else if(value <= 30) bins[4]++; - else if(value <= 60) bins[5]++; - else if(value <= 300) bins[6]++; - else bins[7]++; - } - -public: - Bin() { memset(bins, 0, sizeof(bins)); } - void lua(lua_State* vm, const char *bin_label) const; -}; - -#endif /* _BIN_H_ */ diff --git a/include/FlowDurationBin.h b/include/FlowDurationBin.h deleted file mode 100644 index c811ecfe46..0000000000 --- a/include/FlowDurationBin.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * - * (C) 2020 - ntop.org - * - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _FLOW_DURATION_BIN_H_ -#define _FLOW_DURATION_BIN_H_ - -#include "ntop_includes.h" - -class FlowDurationBin : public Bin { - public: - FlowDurationBin() { ; } - - inline void incDuration(u_int32_t durationSec) { incBin(durationSec); } -}; - -#endif /* _FLOW_DURATION_BIN_H_ */ diff --git a/include/Host.h b/include/Host.h index 07aef62cf1..dd7150a50d 100644 --- a/include/Host.h +++ b/include/Host.h @@ -41,8 +41,6 @@ class Host : public GenericHashEntry, public AlertableEntity { time_t last_stats_reset; u_int32_t active_alerted_flows; Bitmap misbehaving_flows_as_client_status, misbehaving_flows_as_server_status; - NewFlowFrequencyBin clientFrequencyBin, serverFrequencyBin; - FlowDurationBin clientDurationBin, serverDurationBin; /* Host data: update Host::deleteHostData when adding new fields */ struct { @@ -385,6 +383,10 @@ class Host : public GenericHashEntry, public AlertableEntity { void incSrvHostContacts(IpAddress *peer) { stats->incSrvHostContacts(peer); } void incSrvPortsContacts(u_int16_t port) { stats->incSrvPortsContacts(port); } void incContactedService(char *name) { stats->incContactedService(name); } + + virtual void flowBeginEvent(Flow *f, u_int32_t epoch, bool as_client) { ; } + virtual void flowL7ProtoDetectedEvent(Flow *f, u_int16_t l7proto, bool as_client) { ; } + virtual void flowEndEvent(Flow *f, bool as_client) { ; } }; #endif /* _HOST_H_ */ diff --git a/include/LocalHost.h b/include/LocalHost.h index 230277b4d3..086a667c12 100644 --- a/include/LocalHost.h +++ b/include/LocalHost.h @@ -31,6 +31,10 @@ class LocalHost : public Host, public SerializableElement { time_t initialization_time; LocalHostStats *initial_ts_point; +#ifdef NTOPNG_PRO + HostBehaviourAnalysis ba; +#endif + /* LocalHost data: update LocalHost::deleteHostData when adding new fields */ OperatingSystem os; char *os_detail; @@ -84,6 +88,24 @@ class LocalHost : public Host, public SerializableElement { virtual void lua(lua_State* vm, AddressTree * ptree, bool host_details, bool verbose, bool returnHost, bool asListElement); virtual void lua_get_timeseries(lua_State* vm); + + virtual void flowBeginEvent(Flow *f, u_int32_t epoch, bool as_client) { +#ifdef NTOPNG_PRO + ba.flowBeginEvent(f, epoch, as_client); +#endif + } + + virtual void flowL7ProtoDetectedEvent(Flow *f, u_int16_t l7proto, bool as_client) { +#ifdef NTOPNG_PRO + ba.flowL7ProtoDetectedEvent(f, l7proto, as_client); +#endif + } + + virtual void flowEndEvent(Flow *f, bool as_client) { +#ifdef NTOPNG_PRO + ba.flowEndEvent(f, as_client); +#endif + } }; #endif /* _LOCAL_HOST_H_ */ diff --git a/include/NewFlowFrequencyBin.h b/include/NewFlowFrequencyBin.h deleted file mode 100644 index 7fe429fda4..0000000000 --- a/include/NewFlowFrequencyBin.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * - * (C) 2020 - ntop.org - * - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#ifndef _NEW_FLOW_FREQUENCY_BIN_H_ -#define _NEW_FLOW_FREQUENCY_BIN_H_ - -#include "ntop_includes.h" - -class NewFlowFrequencyBin : public Bin { - u_int32_t lastFlowCreationEpoch; - - public: - NewFlowFrequencyBin() { lastFlowCreationEpoch = 0; } - - inline void incFrequency(u_int32_t epoch) { - if(lastFlowCreationEpoch != 0) { - incBin(epoch - lastFlowCreationEpoch); - } - - lastFlowCreationEpoch = epoch; - } -}; - -#endif /* _NEW_FLOW_FREQUENCY_BIN_H_ */ diff --git a/include/ntop_includes.h b/include/ntop_includes.h index 332ca34840..9a411fde53 100644 --- a/include/ntop_includes.h +++ b/include/ntop_includes.h @@ -371,9 +371,9 @@ using namespace std; #include "HostStats.h" #include "LocalHostStats.h" #include "HostScore.h" -#include "Bin.h" -#include "FlowDurationBin.h" -#include "NewFlowFrequencyBin.h" +#ifdef NTOPNG_PRO +#include "HostBehaviourAnalysis.h" +#endif #include "Host.h" #include "LocalHost.h" #include "RemoteHost.h" diff --git a/scripts/lua/get_host_flow_stats.lua b/scripts/lua/get_host_flow_stats.lua deleted file mode 100644 index 964671c584..0000000000 --- a/scripts/lua/get_host_flow_stats.lua +++ /dev/null @@ -1,69 +0,0 @@ --- --- (C) 2013-20 - ntop.org --- - -dirs = ntop.getDirs() -package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path -local json = require("dkjson") - -require "lua_utils" - --- Do not use sendHTTPHeader('application/json') as the pie chart expects text/html -sendHTTPContentTypeHeader('text/html') - -interface.select(ifname) - -host_info = url2hostinfo(_GET) -host = interface.getHostInfo(host_info["host"],host_info["vlan"]) -mode = _GET["mode"] - --- tprint(host.bins) - -postfix = "" - -if(host == nil) then - bins = {} -else - if(mode == "client_duration") then - bins = host.bins.client.duration - postfix = " sec" - elseif(mode == "server_duration") then - bins = host.bins.server.duration - postfix = " sec" - -- print((host["flows.as_server"]-host["active_flows.as_server"]).."\n") - elseif(mode == "client_frequency") then - bins = host.bins.client.frequency - postfix = " sec" - elseif(mode == "server_frequency") then - bins = host.bins.server.frequency - postfix = " sec" - end -end - --- tprint(bins) - -num = 0 -rsp = "[" - -total = 0 - -for k,v in pairs(bins) do - k = k .. postfix - v = truncate(v*100) - - if(v > 2) then - if(num > 0) then rsp = rsp .. "," end - rsp = rsp .. '\n\t{ "label": "'..k..'", "value": '.. v .. '}' - num = num + 1 - total = total + v - end -end - -if(total < 100) then - if(num > 0) then rsp = rsp .. "," end - rsp = rsp .. '\n\t{ "label": "Other", "value": '.. (100-total) .. '}' -end - -rsp = rsp .. "\n]" - -print(rsp) diff --git a/scripts/lua/host_details.lua b/scripts/lua/host_details.lua index a9fba52c92..aefe96a083 100644 --- a/scripts/lua/host_details.lua +++ b/scripts/lua/host_details.lua @@ -254,7 +254,7 @@ else local title = i18n("host_details.host")..": "..host_info["host"] if host["broadcast_domain_host"] then - title = title.." " + title = title.."  " end if host.dhcpHost then @@ -1136,47 +1136,8 @@ end print [[ ]] print(i18n("traffic_page.l4_proto_overview")) - print[[
]] + print[[
- local num_expired_client_flows = host["flows.as_client"]-host["active_flows.as_client"] - local num_expired_server_flows = host["flows.as_server"]-host["active_flows.as_server"] - - if((num_expired_client_flows+num_expired_server_flows) > 0) then - print [[]] print(i18n("traffic_page.flow_distribution")) print[[ - ]] print(i18n("traffic_page.flow_duration")) print[[ - ]] print(i18n("traffic_page.flow_frequency")) print[[ - - ]] - - -- ############ - - print [[]] print(i18n("details.as_client")) print[[]] - if(num_expired_client_flows) then - print [[ -
-
- ]] - else - print(" td colspan=2> ") - end - - -- ############ - - print [[]] print(i18n("details.as_server")) print[[]] - if(num_expired_server_flows) then - print [[ -
-
- ]] - else - print(" td colspan=2> ") - end - - - end - - - print [[ diff --git a/src/Bin.cpp b/src/Bin.cpp deleted file mode 100644 index ee9273d4e4..0000000000 --- a/src/Bin.cpp +++ /dev/null @@ -1,77 +0,0 @@ -/* - * - * (C) 2020 - ntop.org - * - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -#include "ntop_includes.h" - -void Bin::lua(lua_State* vm, const char *bin_label) const { - u_int32_t total, i; - - lua_newtable(vm); - - for(i=0, total=0; iflowL7ProtoDetectedEvent(this, l7proto, true); + if(srv_host) srv_host->flowL7ProtoDetectedEvent(this, l7proto, false); + switch(l7proto) { case NDPI_PROTOCOL_SSH: diff --git a/src/HTTPserver.cpp b/src/HTTPserver.cpp index f2f642ec5a..6fb7a08dd8 100644 --- a/src/HTTPserver.cpp +++ b/src/HTTPserver.cpp @@ -625,7 +625,7 @@ static void redirect_to_login(struct mg_connection *conn, "Content-Length: %lu\r\n" "Location: http://%s:%u%s%s%s%s\r\n\r\n%s", strlen(wispr_data), - (long unsigned int)ntop->get_HTTPserver()->getCaptiveRedirectAddress(), // LAN address + ntop->get_HTTPserver()->getCaptiveRedirectAddress(), // LAN address CAPTIVE_PORTAL_PORT, ntop->getPrefs()->get_http_prefix(), ntop->getPrefs()->getCaptivePortalUrl(), referer ? (char*)"?referer=" : "", diff --git a/src/Host.cpp b/src/Host.cpp index b5c43355ad..3c002dd98a 100644 --- a/src/Host.cpp +++ b/src/Host.cpp @@ -59,6 +59,7 @@ Host::~Host() { if(as) as->decUses(); if(country) country->decUses(); if(vlan) vlan->decUses(); + #ifdef NTOPNG_PRO if(host_traffic_shapers) { for(int i = 0; i < NUM_TRAFFIC_SHAPERS; i++) { @@ -643,8 +644,6 @@ void Host::lua(lua_State* vm, AddressTree *ptree, lua_get_syn_flood(vm); lua_get_flow_flood(vm); lua_get_syn_scan(vm); - - lua_get_bins(vm); } lua_get_time(vm); @@ -667,40 +666,6 @@ void Host::lua(lua_State* vm, AddressTree *ptree, /* ***************************************** */ -void Host::lua_get_bins(lua_State* vm) const { - lua_newtable(vm); - - /* *************************** */ - - lua_newtable(vm); - - clientFrequencyBin.lua(vm, "frequency"); - clientDurationBin.lua(vm, "duration"); - - lua_pushstring(vm, "client"); - lua_insert(vm, -2); - lua_settable(vm, -3); - - /* *************************** */ - - lua_newtable(vm); - - serverFrequencyBin.lua(vm, "frequency"); - serverDurationBin.lua(vm, "duration"); - - lua_pushstring(vm, "server"); - lua_insert(vm, -2); - lua_settable(vm, -3); - - /* *************************** */ - - lua_pushstring(vm, "bins"); - lua_insert(vm, -2); - lua_settable(vm, -3); -} - -/* ***************************************** */ - char* Host::get_name(char *buf, u_int buf_len, bool force_resolution_if_not_found) { char *addr = NULL, name_buf[96]; int rc = -1; @@ -1055,13 +1020,13 @@ void Host::incNumFlows(time_t t, bool as_client, Host *peer, Flow *f) { if(as_client) { counter = flow_flood_attacker_alert; num_active_flows_as_client.inc(1); - clientFrequencyBin.incFrequency(t); } else { counter = flow_flood_victim_alert; - serverFrequencyBin.incFrequency(t); num_active_flows_as_server.inc(1); } + flowBeginEvent(f, t, as_client); + counter->inc(t, this); stats->incNumFlows(as_client, peer); } @@ -1074,16 +1039,14 @@ void Host::decNumFlows(time_t t, bool as_client, Host *peer, Flow *f) { num_active_flows_as_client.dec(1); else ntop->getTrace()->traceEvent(TRACE_WARNING, "Internal error: invalid counter value"); - - clientDurationBin.incDuration(f->get_duration()); } else { if(num_active_flows_as_server.get()) num_active_flows_as_server.dec(1); else ntop->getTrace()->traceEvent(TRACE_WARNING, "Internal error: invalid counter value"); - - serverDurationBin.incDuration(f->get_duration()); } + + flowEndEvent(f, as_client); stats->decNumFlows(as_client, peer); }