Reworked flow aggregation

include/AggregatedFlowsStats.h

@@ -63,6 +63,9 @@ class AggregatedFlowsStats {
   inline char* getInfoKey() { return (info_key ? info_key : (char *)""); };
   inline const char* getCliIP(char* buf, u_int len) { return (client ? client->getIP(buf, len) : (char *)""); };
   inline const char* getSrvIP(char* buf, u_int len) { return (server ? server->getIP(buf, len) : (char *)""); };
+  inline IpAddress* getClientIPaddr() { return(client ? client->getIPaddr() : NULL); }
+  inline IpAddress* getServerIPaddr() { return(server ? server->getIPaddr() : NULL); }
+
   inline const char* getCliName(char* buf, u_int len) {
     return (client ? client->getHostName(buf, len) : (char *)"");
   };
@@ -106,7 +109,13 @@ class AggregatedFlowsStats {
   void incFlowStats(const IpAddress* _client, const IpAddress* _server,
                            u_int64_t bytes_sent, u_int64_t bytes_rcvd,
                            u_int32_t score);
+};
 
+struct aggregated_stats {
+  std::unordered_map<u_int64_t, AggregatedFlowsStats *> count;
+  std::unordered_map<string, AggregatedFlowsStats *> info_count;
+  IpAddress *ip_addr;
+  u_int16_t vlan_id;
 };
 
 #endif /* _FLOWS_STATS_H_ */

include/Flow.h

@@ -919,6 +919,7 @@ class Flow : public GenericHashEntry {
   void sumStats(nDPIStats *ndpi_stats, FlowStats *stats);
   bool dump(time_t t, bool last_dump_before_free);
   bool match(AddressTree *ptree);
+  bool matchFlowIP(IpAddress *ip, u_int16_t vlan_id);
   void dissectHTTP(bool src2dst_direction, char *payload,
                    u_int16_t payload_len);
   void dissectDNS(bool src2dst_direction, char *payload, u_int16_t payload_len);

include/FlowsHostInfo.h

@@ -37,6 +37,7 @@ class FlowsHostInfo {
   char* getHostName(char* buf, u_int16_t buf_len);
   const char* getIP(char* buf, u_int16_t buf_len);
   const char* getIPHex(char* buf, u_int16_t buf_len);
+  inline IpAddress* getIPaddr() { return(ip); }
   bool isHostInMem();
   u_int16_t getVLANId();
   Host* getHost();

include/IpAddress.h

@@ -76,9 +76,7 @@ class IpAddress {
     else
       return (false);
   };
-  inline bool equal(const IpAddress* const _ip) const {
-    return (this->compare(_ip) == 0);
-  };
+  inline bool equal(const IpAddress* const _ip) const { return((this->compare(_ip) == 0) ? true : false); };
   int compare(const IpAddress* const ip) const;
   inline u_int32_t key() const { return (ip_key); };
   inline void set(u_int32_t _ipv4) {

include/NetworkInterface.h

@@ -138,12 +138,11 @@ class NetworkInterface : public NetworkInterfaceAlertableEntity {
                              been enqueued for dump */
 
   /* CustomScript VMs */
-  LuaEngine *customFlowLuaScript_proto, /* Called when nDPI has detected the
-                                           protocol */
-      *customFlowLuaScript_periodic,    /* Called periodically on flows    */
-      *customFlowLuaScript_end; /* Called when the flow ends                  */
+  LuaEngine *customFlowLuaScript_proto, /* Called when nDPI has detected the protocol */
+    *customFlowLuaScript_periodic, /* Called periodically on flows    */
+    *customFlowLuaScript_end;      /* Called when the flow ends       */
   LuaEngine *customHostLuaScript; /* Called periodically on hosts */
-
+  
   /* Queues for the execution of flow user scripts */
   SPSCQueue<FlowAlert *> *flowAlertsQueue;
   SPSCQueue<HostAlertReleasedPair> *hostAlertsQueue;
@@ -426,17 +425,8 @@ class NetworkInterface : public NetworkInterfaceAlertableEntity {
                           u_int16_t protocol,
                           bool get_port);
   void sort_and_filter_flow_stats(lua_State *vm,
-				  std::unordered_map<u_int64_t, AggregatedFlowsStats *> *count,
-				  std::unordered_map<string, AggregatedFlowsStats *> *count_info,
+				  struct aggregated_stats *stats,
 				  AnalysisCriteria filter_type);
-
-  bool filters_flows(AggregatedFlowsStats *fs, char *search_filter, AnalysisCriteria filter_type, char *host_ip_filter );
-  bool verify_search_filter(AggregatedFlowsStats* fs, char* filter, AnalysisCriteria filter_type);
-  bool verify_search_filter_on_client(AggregatedFlowsStats* fs, char* filter);
-  bool verify_search_filter_on_server(AggregatedFlowsStats* fs, char* filter);
-
-  bool verify_host_ip_filter(AggregatedFlowsStats *fs, char *filter, string vlan);
-
   void build_lua_rsp(lua_State *vm, AggregatedFlowsStats *fs, u_int filter_type,
                      u_int32_t size, u_int *num, bool set_resp);
   void build_protocol_flow_stats_lua_rsp(lua_State *vm, AggregatedFlowsStats *fs,

include/Utils.h

@@ -318,6 +318,7 @@ class Utils {
   static void swap32(u_int32_t *a, u_int32_t *b);
   static void swapfloat(float *a, float *b);
   static char* createRandomString(char *buf, size_t buf_len);
+  static IpAddress* parseHostString(char *host_ip, u_int16_t *vlan_id /* out */);
 };
 
 #endif /* _UTILS_H_ */

include/ntop_typedefs.h

@@ -1212,6 +1212,7 @@ typedef struct {
 } RadiusTraffic;
 
 typedef enum {
+  unknown_criteria,
   application_criteria = 1,
   client_criteria,
   server_criteria,
@@ -1220,4 +1221,5 @@ typedef enum {
   info_criteria
 } AnalysisCriteria;
 
+
 #endif /* _NTOP_TYPEDEFS_H_ */

src/Flow.cpp

@@ -8256,3 +8256,18 @@ bool Flow::isDPIDetectedFlow() {
     return(false);
   }
 }
+
+/* **************************************************** */
+
+bool Flow::matchFlowIP(IpAddress *ip, u_int16_t vlan_id) {
+  if(get_vlan_id() != vlan_id) return(false);
+
+  if((!get_cli_ip_addr()) || (!get_srv_ip_addr()))
+    return(false);
+
+  if(get_cli_ip_addr()->equal(ip) || get_srv_ip_addr()->equal(ip))
+    return(true);
+  else
+    return(false);
+}
+

src/HTTPserver.cpp

@@ -1681,9 +1681,9 @@ void HTTPserver::parseACL(char *const acl, u_int acl_len) {
 
 /* ****************************************** */
 
+#ifdef NO_SSL_DL
 static unsigned char ssl_session_ctx_id[] = PACKAGE_NAME "-" NTOPNG_GIT_RELEASE;
 
-#ifdef NO_SSL_DL
 int handle_ssl_verify(int ok, X509_STORE_CTX *ctx) {
   X509 *cert;
   char buf[256];