scottk/nDPId
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-11-02 19:27:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added additional (minimalistic) detection information to flow updates.

Browse Source 
This will only affect flows with the state `FT_FINISHED' (detection done).

 * nDPIsrvd.py: force use of JSON schema Draft 7 validator
 * flow-dash.py: gather/use total processed layer4 payload size
 * flow-info.py: added additional event filter
 * flow-info.py: prettified flow events printing whose detection is in progress
 * py-semantic-validation.py: added validation checks for FT_FINISHED
 * updated flow event JSON schema

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
2022-02-04 00:32:04 +01:00
parent f9e4c58854
commit 6fd6dff14d
253 changed files with 25007 additions and 24891 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
examples/py-flow-dashboard/flow-dash.py
View File

@@ -24,6 +24,11 @@ def nDPIsrvd_worker_onFlowCleanup(instance, current_flow, global_user_data):
shared_flow_dict['current-flows'] -= 1
if flow_id not in shared_flow_dict:
return True
shared_flow_dict['total-l4-bytes'] += shared_flow_dict[flow_id]['total-l4-bytes']
if shared_flow_dict[flow_id]['is_detected'] is True:
shared_flow_dict['current-detected-flows'] -= 1
@@ -47,7 +52,7 @@ def nDPIsrvd_worker_onJsonLineRecvd(json_dict, instance, current_flow, global_us
nsock, shared_flow_dict = global_user_data
shared_flow_dict['total-events'] += 1
shared_flow_dict['total-bytes'] = nsock.received_bytes
shared_flow_dict['total-json-bytes'] = nsock.received_bytes
if 'basic_event_name' in json_dict:
shared_flow_dict['total-base-events'] += 1
@@ -74,10 +79,14 @@ def nDPIsrvd_worker_onJsonLineRecvd(json_dict, instance, current_flow, global_us
shared_flow_dict[flow_id]['is_not_detected'] = False
shared_flow_dict[flow_id]['is_midstream'] = False
shared_flow_dict[flow_id]['is_risky'] = False
shared_flow_dict[flow_id]['total-l4-bytes'] = 0
shared_flow_dict['total-flows'] += 1
shared_flow_dict['current-flows'] += 1
if 'flow_tot_l4_payload_len' in json_dict:
shared_flow_dict[flow_id]['total-l4-bytes'] = json_dict['flow_tot_l4_payload_len']
if 'midstream' in json_dict and json_dict['midstream'] != 0:
if shared_flow_dict[flow_id]['is_midstream'] is False:
shared_flow_dict['total-midstream-flows'] += 1
@@ -93,6 +102,13 @@ def nDPIsrvd_worker_onJsonLineRecvd(json_dict, instance, current_flow, global_us
if 'flow_event_name' not in json_dict:
return True
if json_dict['flow_state'] == 'finished' and \
json_dict['ndpi']['proto'] != 'Unknown' and \
shared_flow_dict[flow_id]['is_detected'] is False:
shared_flow_dict['total-detected-flows'] += 1
shared_flow_dict['current-detected-flows'] += 1
shared_flow_dict[flow_id]['is_detected'] = True
if json_dict['flow_event_name'] == 'new':
shared_flow_dict['total-flow-new-events'] += 1
@@ -155,11 +171,20 @@ def nDPIsrvd_worker(address, shared_flow_dict):
.format(address[0]+':'+str(address[1])
if type(address) is tuple else address))
nsock = nDPIsrvdSocket()
nsock.connect(address)
nsock.loop(nDPIsrvd_worker_onJsonLineRecvd,
nDPIsrvd_worker_onFlowCleanup,
(nsock, shared_flow_dict))
try:
while True:
try:
nsock = nDPIsrvdSocket()
nsock.connect(address)
nsock.loop(nDPIsrvd_worker_onJsonLineRecvd,
nDPIsrvd_worker_onFlowCleanup,
(nsock, shared_flow_dict))
except nDPIsrvd.SocketConnectionBroken:
sys.stderr.write('Lost connection to {} .. reconnecting\n'
.format(address[0]+':'+str(address[1])
if type(address) is tuple else address))
except KeyboardInterrupt:
pass
if __name__ == '__main__':
@@ -185,7 +210,8 @@ if __name__ == '__main__':
shared_flow_dict['total-base-events'] = 0
shared_flow_dict['total-daemon-events'] = 0
shared_flow_dict['total-bytes'] = 0
shared_flow_dict['total-json-bytes'] = 0
shared_flow_dict['total-l4-bytes'] = 0
shared_flow_dict['total-flows'] = 0
shared_flow_dict['total-detected-flows'] = 0
shared_flow_dict['total-risky-flows'] = 0