diff --git a/include/Flow.h b/include/Flow.h index 8e9f4ae69f..46244e6272 100644 --- a/include/Flow.h +++ b/include/Flow.h @@ -60,6 +60,12 @@ typedef enum { SSL_ENCRYPTION_BOTH = 0x3, } FlowSSLEncryptionStatus; +typedef struct buffered_packet { + const struct pcap_pkthdr h; + u_char *packet; + struct buffered_packet *next; +} BufferedPacket; + class Flow : public GenericHashEntry { private: Host *cli_host, *srv_host; @@ -69,6 +75,7 @@ class Flow : public GenericHashEntry { u_int32_t vrfId; u_int8_t protocol, src2dst_tcp_flags, dst2src_tcp_flags; struct ndpi_flow_struct *ndpiFlow; + BufferedPacket *flow_packets_head, *flow_packets_tail; bool detection_completed, protocol_processed, cli2srv_direction, twh_over, dissect_next_http_packet, passVerdict, check_tor, l7_protocol_guessed, flow_alerted, flow_dropped_counts_increased, @@ -466,6 +473,8 @@ class Flow : public GenericHashEntry { inline void setIngress2EgressDirection(bool _ingress2egress) { ingress2egress_direction = _ingress2egress; } inline bool isIngress2EgressDirection() { return(ingress2egress_direction); } #endif + void addPacketToDump(const struct pcap_pkthdr *h, const u_char *packet); + void flushBufferedPackets(); }; #endif /* _FLOW_H_ */ diff --git a/include/NetworkInterface.h b/include/NetworkInterface.h index 3ab65d1922..804ac71fde 100644 --- a/include/NetworkInterface.h +++ b/include/NetworkInterface.h @@ -255,7 +255,7 @@ class NetworkInterface : public Checkpointable { See C++ FAQ Lite covers this in section 23.7 */ inline virtual bool isPacketInterface() { return(getIfType() != interface_type_FLOW); } -#ifndef HAVE_LIBCAP +#if defined(linux) && !defined(HAVE_LIBCAP) /* Note: if we miss the capabilities, we block the overriding of this method. */ inline bool isDiscoverableInterface() { return(false); } #else @@ -482,13 +482,13 @@ class NetworkInterface : public Checkpointable { #ifdef NTOPNG_PRO void refreshL7Rules(); void refreshShapers(); - inline L7Policer* getL7Policer() { return(policer); } + inline L7Policer* getL7Policer() { return(policer); } inline FlowInterfacesStats* getFlowInterfacesStats() { return(flow_interfaces_stats); } #endif - inline HostPools* getHostPools() { return(host_pools); } + inline HostPools* getHostPools() { return(host_pools); } - PacketDumper *getPacketDumper(void) { return pkt_dumper; } - PacketDumperTuntap *getPacketDumperTap(void) { return pkt_dumper_tap; } + PacketDumper *getPacketDumper(void) { return pkt_dumper; } + PacketDumperTuntap *getPacketDumperTap(void) { return pkt_dumper_tap; } #ifdef NTOPNG_PRO void updateHostsL7Policy(u_int16_t host_pool_id); @@ -648,6 +648,7 @@ class NetworkInterface : public Checkpointable { u_int32_t s2d_pkts, u_int32_t d2s_pkts, u_int32_t s2d_bytes, u_int32_t d2s_bytes); Host* findHostByIP(AddressTree *allowed_hosts, char *host_ip, u_int16_t vlan_id); + inline bool do_dump_unknown_traffic() { return(dump_unknown_traffic); } }; #endif /* _NETWORK_INTERFACE_H_ */ diff --git a/include/PacketDumper.h b/include/PacketDumper.h index 35ad93ace6..add16fe9dd 100644 --- a/include/PacketDumper.h +++ b/include/PacketDumper.h @@ -29,8 +29,8 @@ class PacketDumper { NetworkInterface *iface; time_t dump_end; pcap_dumper_t *dumper; - u_int64_t num_sampled_packets, num_dumped_packets; - u_int32_t file_id; + u_int64_t num_sampled_packets, num_dumped_packets, num_dumped_unknown_packets; + u_int32_t file_id, num_dumped_unknown_files; u_int16_t iface_type; time_t sec_start; int sampling_rate; @@ -49,9 +49,12 @@ class PacketDumper { void dumpPacket(const struct pcap_pkthdr *h, const u_char *packet, dump_reason reason, int sampling_rate, unsigned int max_pkts_per_file, unsigned int max_sec_per_file); - inline u_int64_t get_num_dumped_packets() { return(num_dumped_packets); } - inline u_int64_t get_num_dumped_files() { return(file_id); } + inline u_int64_t get_num_dumped_packets() { return(num_dumped_packets+num_dumped_unknown_packets); } + inline u_int64_t get_num_dumped_files() { return(file_id+num_dumped_unknown_files); } void lua(lua_State *vm); + inline void incUnknownPacketDump(u_int16_t num_pkts) { + num_dumped_unknown_packets += num_pkts, num_dumped_unknown_files++; + } }; #endif /* _PACKET_DUMPER_H_ */ diff --git a/include/ntop_defines.h b/include/ntop_defines.h index 31b5cba740..76f3b8386a 100644 --- a/include/ntop_defines.h +++ b/include/ntop_defines.h @@ -839,5 +839,8 @@ #define MAX_THREAD_POOL_SIZE 5 #endif -#define MIN_TIME_SPAWN_THREAD_POOL 10 /* sec */ +#define MIN_TIME_SPAWN_THREAD_POOL 10 /* sec */ + +#define MAX_NDPI_IDLE_TIME_BEFORE_GUESS 5 /* sec */ + #endif /* _NTOP_DEFINES_H_ */ diff --git a/src/Flow.cpp b/src/Flow.cpp index a5531ce03f..1f5e28edc3 100644 --- a/src/Flow.cpp +++ b/src/Flow.cpp @@ -37,8 +37,9 @@ Flow::Flow(NetworkInterface *_iface, srv2cli_last_goodput_bytes = cli2srv_last_goodput_bytes = 0, good_ssl_hs = true, flow_alerted = flow_dropped_counts_increased = false, vrfId = 0; - l7_protocol_guessed = detection_completed = false; - dump_flow_traffic = false, + l7_protocol_guessed = detection_completed = false, + flow_packets_head = flow_packets_tail = NULL, + dump_flow_traffic = false, ndpiDetectedProtocol.app_protocol = NDPI_PROTOCOL_UNKNOWN, ndpiDetectedProtocol.master_protocol = NDPI_PROTOCOL_UNKNOWN, doNotExpireBefore = iface->getTimeLastPktRcvd() + 30 /* sec */; @@ -164,6 +165,10 @@ void Flow::freeDPIMemory() { /* *************************************** */ Flow::~Flow() { + + if(flow_packets_head) + flushBufferedPackets(); + if(cli_host) cli_host->decUses(); if(srv_host) srv_host->decUses(); if(json_info) free(json_info); @@ -469,6 +474,7 @@ void Flow::setDetectedProtocol(ndpi_protocol proto_id, bool forceDetection) { #ifdef NTOPNG_PRO updateFlowShapers(true); #endif + flushBufferedPackets(); iface->luaEvalFlow(this, callback_flow_proto_callback); } @@ -829,11 +835,17 @@ void Flow::update_hosts_stats(struct timeval *tv) { Vlan *vl; NetworkStats *cli_network_stats; + if((!isDetectionCompleted()) && ((tv->tv_sec - get_last_seen()) > 5 /* sec */)) { + /* If we have not found out the protocol until now we can give up at this point */ + ndpi_protocol proto_id = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + setDetectedProtocol(proto_id, true); + } + if((is_idle_flow = isReadyToPurge())) { /* Marked as ready to be purged, will be purged by NetworkInterface::purgeIdleFlows */ set_to_purge(); } - + if(check_tor && (ndpiDetectedProtocol.app_protocol == NDPI_PROTOCOL_SSL)) { char rsp[256]; @@ -901,7 +913,7 @@ void Flow::update_hosts_stats(struct timeval *tv) { } } - + if(cli_host->getMac()) { #ifdef HAVE_OLD_NEDGE cli_host->getMac()->incSentStats(diff_sent_packets, diff_sent_bytes); @@ -922,7 +934,7 @@ void Flow::update_hosts_stats(struct timeval *tv) { if(trafficProfile) trafficProfile->incBytes(diff_sent_bytes+diff_rcvd_bytes); #endif - + update_pools_stats(tv, diff_sent_packets, diff_sent_bytes, diff_rcvd_packets, diff_rcvd_bytes); } #endif @@ -995,12 +1007,12 @@ void Flow::update_hosts_stats(struct timeval *tv) { if((iface->getIfType() == interface_type_ZMQ) && (tdiff_msec < 5000)) { - /* With ZMQ (if collecting sFlow) we might compute inaccurate + /* With ZMQ (if collecting sFlow) we might compute inaccurate throughput when haveing one flow with a single sample so we spread the traffic across at least 5 secs */ ; - } else if(tdiff_msec >= 1000 /* Do not update when less than 1 second (1000 msec) */) { + } else if(tdiff_msec >= 1000 /* Do not update when less than 1 second (1000 msec) */) { // bps u_int64_t diff_bytes_cli2srv = cli2srv_last_bytes - prev_cli2srv_last_bytes; u_int64_t diff_bytes_srv2cli = srv2cli_last_bytes - prev_srv2cli_last_bytes; @@ -1366,7 +1378,7 @@ void Flow::lua(lua_State* vm, AddressTree * ptree, if(dst->get_vlan_id()) lua_push_int_table_entry(vm, "srv.vlan", dst->get_vlan_id()); - + lua_push_int_table_entry(vm, "srv.key", mask_dst_host ? 0 : dst->key()); } else { lua_push_nil_table_entry(vm, "srv.ip"); @@ -2450,7 +2462,7 @@ void Flow::dissectHTTP(bool src2dst_direction, char *payload, u_int16_t payload_ || (!strncmp(payload, "PUT", 3)) ) { char *ua; - + diff_num_http_requests++; /* One new request found */ if(protos.http.last_method) free(protos.http.last_method); @@ -2483,7 +2495,7 @@ void Flow::dissectHTTP(bool src2dst_direction, char *payload, u_int16_t payload_ if(ua) { char buf[128]; u_int i; - + ua = &ua[11]; while(ua[0] == ' ') ua++; @@ -2798,7 +2810,7 @@ void Flow::updateFlowShapers(bool first_update) { (((!NDPI_ISSET(&cli->clientAllowed, ndpiDetectedProtocol.app_protocol)) || (!NDPI_ISSET(&srv->serverAllowed, ndpiDetectedProtocol.app_protocol)))) ) - passVerdict = false; + passVerdict = false; } /* Re-compute the verdict */ @@ -2815,7 +2827,7 @@ void Flow::updateFlowShapers(bool first_update) { (old_srv2cli_out != srv2cli_out))) ((NetfilterInterface *) iface)->setPolicyChanged(); #endif - + #ifdef SHAPER_DEBUG { char buf[1024]; @@ -3131,3 +3143,107 @@ void Flow::setPacketsBytes(time_t now, u_int32_t s2d_pkts, u_int32_t d2s_pkts, } #endif } + +/* ***************************************************** */ + +void Flow::addPacketToDump(const struct pcap_pkthdr *h, const u_char *packet) { + BufferedPacket *b = (BufferedPacket*)malloc(sizeof(BufferedPacket)); + + if(b) { + memcpy((void*)&b->h, (void*)h, sizeof(struct pcap_pkthdr)); + b->packet = (u_char*)malloc(h->caplen); + + if(!b->packet) { + free(b); + return; + } + + memcpy(b->packet, packet, h->caplen); + b->next = NULL; + + if(flow_packets_tail == NULL) { + flow_packets_head = flow_packets_tail = b; + } else { + flow_packets_tail->next = b; + flow_packets_tail = b; + } + } +} + +/* ***************************************************** */ + +void Flow::flushBufferedPackets() { + if(iface->do_dump_unknown_traffic() + && flow_packets_head + && (get_detected_protocol().app_protocol == NDPI_PROTOCOL_UNKNOWN) + ) { + bool do_dump_to_disk = true; + + if(protocol == IPPROTO_TCP) { + u_int8_t mask = TH_SYN | TH_ACK | TH_PUSH; + + /* Initial bytes are in and some data is present */ + if((getTcpFlags() & mask) == mask) + do_dump_to_disk = true; + else + do_dump_to_disk = false; /* Initial flow bytes are missing */ + } else + do_dump_to_disk = true; + + if(do_dump_to_disk) { + char pcap_path[MAX_PATH], hour_path[64]; + time_t when = flow_packets_head->h.ts.tv_sec; + pcap_dumper_t *dumper; + char buf1[32], buf2[32]; + + when -= when % 3600; /* Hourly directories */ + strftime(hour_path, sizeof(hour_path), "%Y/%m/%d/%H", localtime(&when)); + snprintf(pcap_path, sizeof(pcap_path), "%s/%d/pcap/ndpi_unknown/%s/", + ntop->get_working_dir(), iface->get_id(), hour_path); + ntop->fixPath(pcap_path); + Utils::mkdir_tree(pcap_path); + + snprintf(pcap_path, sizeof(pcap_path), "%s/%d/pcap/ndpi_unknown/%s/%s:%u_%s:%u_%u.pcap", + ntop->get_working_dir(), iface->get_id(), hour_path, + cli_host->get_ip()->print(buf1, sizeof(buf1)), ntohs(cli_port), + srv_host->get_ip()->print(buf2, sizeof(buf2)), ntohs(srv_port), + (unsigned int)flow_packets_head->h.ts.tv_sec + ); + + if((dumper = pcap_dump_open(pcap_open_dead(iface->get_datalink(), + 16384 /* MTU */), pcap_path)) == NULL) + ntop->getTrace()->traceEvent(TRACE_WARNING, "Unable to create pcap file %s", pcap_path); + else { + u_int num_pkts = 0; + PacketDumper *pkt_dumper; + + while(flow_packets_head) { + struct buffered_packet *tmp; + + pcap_dump((u_char*)dumper, &(flow_packets_head->h), flow_packets_head->packet); + free(flow_packets_head->packet); + tmp = flow_packets_head; + flow_packets_head = flow_packets_head->next; + free(tmp); + num_pkts++; + } + + pcap_dump_close(dumper); + ntop->getTrace()->traceEvent(TRACE_INFO, "Dumped %u packets onto file %s", num_pkts, pcap_path); + + pkt_dumper = iface->getPacketDumper(); + if(pkt_dumper) pkt_dumper->incUnknownPacketDump(num_pkts); + } + } + } + + /* Even if we do not dump this flow, packets needs to be freed */ + while(flow_packets_head) { + struct buffered_packet *tmp; + + free(flow_packets_head->packet); + tmp = flow_packets_head; + flow_packets_head = flow_packets_head->next; + free(tmp); + } +} diff --git a/src/Lua.cpp b/src/Lua.cpp index 27e2404e49..a37fa29ece 100644 --- a/src/Lua.cpp +++ b/src/Lua.cpp @@ -1195,6 +1195,7 @@ static int ntop_shutdown(lua_State* vm) { /* ****************************************** */ +#ifdef HAVE_NEDGE static int ntop_set_routing_mode(lua_State* vm) { bool routing_enabled; @@ -1209,9 +1210,11 @@ static int ntop_set_routing_mode(lua_State* vm) { return(CONST_LUA_OK); } +#endif /* ****************************************** */ +#ifdef HAVE_NEDGE static int ntop_is_routing_mode(lua_State* vm) { ntop->getTrace()->traceEvent(TRACE_DEBUG, "%s() called", __FUNCTION__); @@ -1219,6 +1222,7 @@ static int ntop_is_routing_mode(lua_State* vm) { return(CONST_LUA_OK); } +#endif /* ****************************************** */ diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp index 6657821081..29d6277d9b 100644 --- a/src/NetworkInterface.cpp +++ b/src/NetworkInterface.cpp @@ -487,6 +487,11 @@ bool NetworkInterface::updateDumpTrafficDiskPolicy(void) { dump_to_disk = retval; dump_unknown_traffic = retval_u; + + if(dump_to_disk || dump_unknown_traffic) { + if(!pkt_dumper) + pkt_dumper = new PacketDumper(this); + } return retval; } @@ -1322,6 +1327,7 @@ void NetworkInterface::dumpPacketDisk(const struct pcap_pkthdr *h, const u_char dump_reason reason) { if(pkt_dumper == NULL) pkt_dumper = new PacketDumper(this); + if(pkt_dumper) pkt_dumper->dumpPacket(h, packet, reason, getDumpTrafficSamplingRate(), getDumpTrafficMaxPktsPerFile(), @@ -1405,9 +1411,9 @@ bool NetworkInterface::processPacket(u_int32_t bridge_iface_idx, /* When captive portal is disabled, use the auto_assigned_pool_id as the default MAC pool */ if(host_pools - && (ntop->getPrefs()->get_auto_assigned_pool_id() != NO_HOST_POOL_ID) - && (!ntop->getPrefs()->isCaptivePortalEnabled()) - && (srcMac->locate() == located_on_lan_interface)) { + && (ntop->getPrefs()->get_auto_assigned_pool_id() != NO_HOST_POOL_ID) + && (!ntop->getPrefs()->isCaptivePortalEnabled()) + && (srcMac->locate() == located_on_lan_interface)) { if(!host_pools->findMacPool(srcMac->get_mac(), vlan_id, &mac_pool) || (mac_pool == NO_HOST_POOL_ID)) { mac_str = Utils::formatMac(srcMac->get_mac(), bufMac, sizeof(bufMac)); host_pools->addToPool(mac_str, ntop->getPrefs()->get_auto_assigned_pool_id(), 0); @@ -1421,9 +1427,9 @@ bool NetworkInterface::processPacket(u_int32_t bridge_iface_idx, #ifndef HAVE_OLD_NEDGE dstMac->incRcvdStats(1, rawsize); #endif -} + } - decode_ip: +decode_ip: if(iph != NULL) { /* IPv4 */ if(ipsize < 20) { @@ -1617,7 +1623,6 @@ bool NetworkInterface::processPacket(u_int32_t bridge_iface_idx, flow->incStats(src2dst_direction, rawsize, payload, payload_len, l4_proto, &h->ts); #endif #endif - } /* Protocol Detection */ @@ -1632,9 +1637,14 @@ bool NetworkInterface::processPacket(u_int32_t bridge_iface_idx, struct ndpi_id_struct *cli = (struct ndpi_id_struct*)flow->get_cli_id(); struct ndpi_id_struct *srv = (struct ndpi_id_struct*)flow->get_srv_id(); - if(flow->get_packets() >= NDPI_MIN_NUM_PACKETS) + if(flow->get_packets() >= NDPI_MIN_NUM_PACKETS) { + if(dump_unknown_traffic && (!isSampledTraffic())) { + flow->addPacketToDump(h, packet); + flow->flushBufferedPackets(); + } + flow->setDetectedProtocol(ndpi_detection_giveup(ndpi_struct, ndpi_flow), false); - else + } else flow->setDetectedProtocol(ndpi_detection_process_packet(ndpi_struct, ndpi_flow, ip, ipsize, (u_int32_t)packet_time, cli, srv), false); @@ -1653,60 +1663,60 @@ bool NetworkInterface::processPacket(u_int32_t bridge_iface_idx, switch(ndpi_get_lower_proto(flow->get_detected_protocol())) { case NDPI_PROTOCOL_DHCP: /* TODO case NDPI_PROTOCOL_DHCPV6: */ - { - Mac *mac = (*srcHost)->getMac(); + { + Mac *mac = (*srcHost)->getMac(); - if(payload_len > 240) { - if(mac && (payload[0] == 0x01)) /* Request */ - mac->setDhcpHost(); + if(payload_len > 240) { + if(mac && (payload[0] == 0x01)) /* Request */ + mac->setDhcpHost(); - for(int i = 240; igetTrace()->traceEvent(TRACE_WARNING, "[DHCP] [id=%u][len=%u]", id, len); + ntop->getTrace()->traceEvent(TRACE_WARNING, "[DHCP] [id=%u][len=%u]", id, len); #endif - if(id == 12 /* Host Name */) { - char name[64], buf[24], *client_mac, key[64]; - int j; + if(id == 12 /* Host Name */) { + char name[64], buf[24], *client_mac, key[64]; + int j; - j = ndpi_min(len, sizeof(name)-1); - strncpy((char*)name, (char*)&payload[i+2], j); - name[j] = '\0'; + j = ndpi_min(len, sizeof(name)-1); + strncpy((char*)name, (char*)&payload[i+2], j); + name[j] = '\0'; - client_mac = Utils::formatMac(&payload[28], buf, sizeof(buf)); - ntop->getTrace()->traceEvent(TRACE_INFO, "[DHCP] %s = '%s'", client_mac, name); + client_mac = Utils::formatMac(&payload[28], buf, sizeof(buf)); + ntop->getTrace()->traceEvent(TRACE_INFO, "[DHCP] %s = '%s'", client_mac, name); - snprintf(key, sizeof(key), DHCP_CACHE, get_id()); - ntop->getRedis()->hashSet(key, client_mac, name); - } else if(id == 55 /* Parameters List (Fingerprint) */) { - if((*srcHost)->getMac()) { - char fingerprint[64], buf[32]; - u_int idx, offset = 0; + snprintf(key, sizeof(key), DHCP_CACHE, get_id()); + ntop->getRedis()->hashSet(key, client_mac, name); + } else if(id == 55 /* Parameters List (Fingerprint) */) { + if((*srcHost)->getMac()) { + char fingerprint[64], buf[32]; + u_int idx, offset = 0; - len = ndpi_min(len, sizeof(buf)/2); + len = ndpi_min(len, sizeof(buf)/2); - for(idx=0; idxgetTrace()->traceEvent(TRACE_WARNING, "%s = %s", mac->print(buf, sizeof(buf)),fingerprint); -#endif - mac->setFingerprint((char*)flow->get_ndpi_flow()->protos.dhcp.fingerprint); + for(idx=0; idxgetTrace()->traceEvent(TRACE_WARNING, "%s = %s", mac->print(buf, sizeof(buf)),fingerprint); +#endif + mac->setFingerprint((char*)flow->get_ndpi_flow()->protos.dhcp.fingerprint); + } + } else if(id == 0xFF) + break; /* End of options */ + + i += len + 2; } } - break; + } + break; case NDPI_PROTOCOL_NETBIOS: if(*srcHost) { @@ -1716,7 +1726,7 @@ bool NetworkInterface::processPacket(u_int32_t bridge_iface_idx, if(((payload[2] & 0x80) /* NetBIOS Response */ || ((payload[2] & 0x78) == 0x28 /* NetBIOS Registration */)) && (ndpi_netbios_name_interpret((char*)&payload[12], name, sizeof(name)) > 0) && (!strstr(name, "__MSBROWSE__")) - ) { + ) { if(name[0] == '*') { int limit = min(payload_len-57, (int)sizeof(name)-1); @@ -1856,19 +1866,23 @@ bool NetworkInterface::processPacket(u_int32_t bridge_iface_idx, } } #endif - - bool dump_if_unknown = dump_unknown_traffic - && (!flow->isDetectionCompleted() || - flow->get_detected_protocol().app_protocol == NDPI_PROTOCOL_UNKNOWN); - - if(dump_if_unknown - || dump_all_traffic - || flow->dumpFlowTraffic()) { - if(dump_to_disk) dumpPacketDisk(h, packet, dump_if_unknown ? UNKNOWN : GUI); - if(dump_to_tap) dumpPacketTap(h, packet, GUI); - } } - + + bool dump_if_unknown = dump_unknown_traffic + && ((!flow->isDetectionCompleted()) + && (flow->get_detected_protocol().app_protocol == NDPI_PROTOCOL_UNKNOWN)); + + if(dump_if_unknown + || dump_all_traffic + || flow->dumpFlowTraffic()) { + if(dump_to_disk && (!isSampledTraffic())) { + // dumpPacketDisk(h, packet, dump_if_unknown ? UNKNOWN : GUI); + flow->addPacketToDump(h, packet); + } + + if(dump_to_tap) dumpPacketTap(h, packet, GUI); + } + incStats(ingressPacket, when->tv_sec, iph ? ETHERTYPE_IP : ETHERTYPE_IPV6, flow->get_detected_protocol().app_protocol, rawsize, 1, 24 /* 8 Preamble + 4 CRC + 12 IFG */); @@ -4886,7 +4900,9 @@ void NetworkInterface::lua(lua_State *vm) { _tcpPacketStats.lua(vm, "tcpPacketStats"); if(!isView()) { - if(pkt_dumper) pkt_dumper->lua(vm); + if(pkt_dumper) + pkt_dumper->lua(vm); + #ifdef NTOPNG_PRO #ifndef HAVE_OLD_NEDGE if(flow_profiles) flow_profiles->lua(vm); diff --git a/src/PacketDumper.cpp b/src/PacketDumper.cpp index 95cd79f1d0..2a01fc7230 100644 --- a/src/PacketDumper.cpp +++ b/src/PacketDumper.cpp @@ -29,7 +29,8 @@ PacketDumper::PacketDumper(NetworkInterface *i) { iface = i, file_id = 1, sampling_rate = 1; dump_end = 0, dumper = NULL; num_sampled_packets = num_dumped_packets = 0; - sec_start = 0, max_pkts_per_file = 0, max_sec_per_file = 0; + num_dumped_unknown_packets = num_dumped_unknown_files = 0; + sec_start = 0, max_pkts_per_file = 0, max_sec_per_file = 0; num_pkts_cur_file = 0; if((name[0] == 'l') && (name[1] == 'o')) diff --git a/src/PcapInterface.cpp b/src/PcapInterface.cpp index d202eb6b2e..5192c25849 100644 --- a/src/PcapInterface.cpp +++ b/src/PcapInterface.cpp @@ -63,6 +63,9 @@ PcapInterface::PcapInterface(const char *name) : NetworkInterface(name) { ifname = strdup(&slash[1]); free(old); } + + /* Re-reading prefs as name has changed */ + loadDumpPrefs(); ntop->getTrace()->traceEvent(TRACE_NORMAL, "Reading packets from pcap file %s...", ifname); read_pkts_from_pcap_dump = true, purge_idle_flows_hosts = false;