vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-10 09:19:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
8741 commits 26 branches 19 tags 450 MiB
Commit graph

872 commits

Author SHA1 Message Date
Alfredo Cardigliano
c3d3984285 Add more info to flow serialize (json) 2020-02-26 13:23:07 +01:00
Alfredo Cardigliano
dbe07bbfcd Score computation fix (external alerts) 2020-02-24 12:27:48 +01:00
emanuele-f
a428bb665f Add work completion indicator to ht_stats/stats/5min dump 2020-02-21 17:43:07 +01:00
Simone Mainardi
5b70db90ad Handles deadlines for flow user scripts 2020-02-19 10:46:44 +01:00
emanuele-f
7a582753bf Fix domain-based custom protocols match on ZMQ interfaces 2020-02-17 18:50:51 +01:00
emanuele-f
15898e8dad Flow dissection code cleanup. 
The Flow API is now composed of the following methods:
  - Flow::setDetectedProtocol to manually set a protocol on the flow
    and terminate the dissection
  - Flow::processPacket to run the nDPI dissection on the raw packets
  - Flow::endProtocolDissection to terminate or give up the dissection

Also fixes the flow sampling rate preference, which was never used.
 2020-02-17 17:36:06 +01:00
Luca Deri
8786c9fb30 Added support for ALPN and Client Supported TLS Protocols reported by nDPI 2020-02-17 16:29:24 +01:00
Simone Mainardi
330379cb89 Fixes active alerted flows less than idle alerted flows 2020-02-14 17:49:40 +01:00
Simone Mainardi
6b8d926729 Fixes flows from pcap files not dumped to database 
Fixes #3412
 2020-02-14 11:44:56 +01:00
emanuele-f
107c9e50f2 Add shadow dns query to prevent use after free 2020-02-14 11:01:05 +01:00
emanuele-f
3635c7e36c 54a4ef8b30 2020-02-13 14:39:03 +01:00
Simone Mainardi
f7d79e50f9 Implements anti stall when dumping flows (MySQL, nIndex, ES, ...) 
Implements #3411
 2020-02-13 11:36:48 +01:00
Luca Deri
aea228e376 Compilation fixes 2020-02-08 10:16:56 +00:00
Simone Mainardi
bbeb491534 Fixes certain DNS flows with multiple queries not reset 2020-02-07 20:29:44 +01:00
emanuele-f
7105cb8a65 Add score and user script config link into the flow details additional status 2020-02-07 20:02:19 +01:00
emanuele-f
e3d3d3992f Replace an existing flow alert if a more critical problem is found 
Also add the flow score into the database
 2020-02-07 19:20:57 +01:00
emanuele-f
0a0a3c4537 Rework flow status accounting 2020-02-07 19:17:07 +01:00
Simone Mainardi
38ee7f8439 Fixes for idle transitions not performed 
Fixes #3394

Commit also affects #3106 as now DNS flows are adjusted
periodically when they contain more than one query
 2020-02-07 19:13:45 +01:00
emanuele-f
5882926b0b Host score increment fix for PCAP dump interfaces 2020-02-07 11:32:22 +01:00
Luca Deri
f1d8fb00f4 Handled partial protocol detection 2020-02-06 22:01:32 +01:00
Luca
30f52179d9 Fixes #3106 2020-02-06 19:21:05 +01:00
Simone Mainardi
05750cf3ef Fixes and cleanup 2020-02-05 18:07:54 +01:00
emanuele-f
8d51dae0e5 Implement Misbehaving vs Alerted flows chart 2020-01-27 15:37:36 +01:00
Luca Deri
e55854aaff Initial work on host bins 2020-01-27 11:55:00 +01:00
Simone Mainardi
ca2322531c Fixes 3WH computation with ECE and CWR flags 
Fixes #3255
 2020-01-20 11:53:41 +01:00
emanuele-f
566b9ece0b Score changes 
- Move score from status definition to user scripts
- Separate flow score counter from the peers score
- Create a new HostScore class to hold the score data
 2020-01-16 18:11:14 +01:00
emanuele-f
01d5d83f21 Account host score also on volatile flows (e.g. scans) 
Such flows may go idle too early and miss the minute.lua iteration
 2020-01-16 14:08:49 +01:00
Simone Mainardi
5fbb370134 Fixes sync issues between threads 
Fixes #3246
 2020-01-15 19:20:34 +01:00
emanuele-f
c336cca0e7 Improve host score calculation 2020-01-15 18:42:48 +01:00
emanuele-f
d7528e1628 Score improvements 
The score is now calculated differently on the client and on the server of the flow.
The hosts flow is updated every minute and charted.
It's now possible to trigger an alert when the score threshold is exceeded
 2020-01-15 12:34:16 +01:00
Alfredo Cardigliano
55b1ca75a9 Replace anomalous with misbehaving to avoid inconsistencies (fix #2866) 2020-01-14 15:49:19 +01:00
emanuele-f
93a96eb214 Code cleanup 2020-01-13 15:20:38 +01:00
Simone Mainardi
7960bdfa38 Adds ports information to flow alerts 
Implements #3216
 2020-01-13 12:18:43 +01:00
Simone Mainardi
0ef0c27f66 Refines scan detection by not checking ECE or CWR 2020-01-09 14:55:57 +01:00
Simone Mainardi
fec159f63a Fix for syn scan alerts detection 2020-01-09 10:21:29 +01:00
Simone Mainardi
76391ff6a5 Resores flow alerts for view interfaces 2020-01-08 18:18:00 +01:00
Simone Mainardi
8cb1db967a Improvements to the probing traffic detection algorithm 2020-01-08 10:46:53 +01:00
Luca Deri
57e6a93065 Improved scheduling algorithm to guarantee minimum service time when number of entries allow 
Updated (C)
 2020-01-06 23:36:36 +01:00
Simone Mainardi
0ade3cc8ed Handles TCP fast-open 3WH with data piggybacked in ACK 
Handles https://lwn.net/Articles/508865/
 2020-01-03 12:22:15 +01:00
Simone Mainardi
417c4a3146 Reworks handling of TCP flags for both ZMQ and packet interfaces 
This commit allows simplifies the code and also allows flags-based alerts
to be triggered for packet and non-packet interfaces

Fixes #3167
 2020-01-02 19:21:44 +01:00
Simone Mainardi
8a169991cb Minor method name change 2020-01-02 15:18:49 +01:00
Simone Mainardi
0fc220bd0a Removes unused cli2srv_direction Flow class member 2020-01-02 15:04:49 +01:00
Luca
92ea3cf5a0 TLS certificate improvements 2020-01-02 09:36:31 +01:00
emanuele-f
9d9fbd2aee Fix broken flows purging 2020-01-01 12:18:13 +01:00
emanuele-f
87c336a4aa Reduce cpu usage due to the loading of flow.lua 
The FlowAlertCheckLuaEngine is now cached into the (reused) vm, so it is reloaded
only when needed (e.g. a script on disk changes).
 2019-12-31 18:27:14 +01:00
Simone Mainardi
b44de6e18d Implements discarded probing traffic counters and timeseries 2019-12-31 16:01:24 +01:00
Simone Mainardi
2abb8cfde5 Reworks flow scripts deadlines 2019-12-27 20:50:53 +01:00
Luca Deri
c5fbb49bfd Fix for memory corruption in flow initialization 2019-12-26 23:00:45 +01:00
emanuele-f
8b7d711a36 Add option to disable flow user scripts invocation 2019-12-23 18:03:19 +01:00
Simone Mainardi
6901aed387 Fixes possibly wrong DNS protocol category 2019-12-23 15:34:10 +01:00