Added event validation functions and fixed Python scripts.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

4 files changed, 31 insertions, 10 deletions

diff --git a/contrib/nDPIsrvd.py b/contrib/nDPIsrvd.py
index 517b5e9f3..3214952b5 100644
--- a/contrib/nDPIsrvd.py
+++ b/contrib/nDPIsrvd.py
@@ -129,14 +129,14 @@ class PcapPacket:
 def JsonParseBytes(json_bytes):
     return json.loads(json_bytes.decode('ascii', errors='replace'), strict=False)
 
-def validateEventName(json_dict):
+def validateFlowEventName(json_dict):
     if type(json_dict) is not dict:
         raise RuntimeError('Argument is not a dictionary!')
 
-    event_str = None
+    event_str = 'Unknown'
 
     if 'flow_event_name' in json_dict:
-        event = j['flow_event_name'].lower()
+        event = json_dict['flow_event_name'].lower()
         if event == 'new':
             event_str = 'New flow'
         elif event == 'end':
@@ -152,6 +152,25 @@ def validateEventName(json_dict):
         elif event == 'not-detected':
             event_str = 'Not detected'
         else:
-            return None
+            raise RuntimeError('Unknown flow event name: `{}\'.'.format(event))
+
+    return event_str
+
+def validatePacketEventName(json_dict):
+    if type(json_dict) is not dict:
+        raise RuntimeError('Argument is not a dictionary!')
+
+    event_str = 'Unknown'
+
+    if 'packet_event_name' in json_dict:
+        event = json_dict['packet_event_name'].lower()
+        if event == 'invalid':
+            event_str = 'Invalid'
+        elif event == 'packet':
+            event_str = 'Packet'
+        elif event == 'packet-flow':
+            event_str = 'Packet Flow'
+        else:
+            raise RuntimeError('Unknown packet event name: `{}\'.'.format(event))
 
     return event_str
diff --git a/examples/py-flow-info/flow-info.py b/examples/py-flow-info/flow-info.py
index 638c76581..61f25429d 100755
--- a/examples/py-flow-info/flow-info.py
+++ b/examples/py-flow-info/flow-info.py
@@ -11,10 +11,12 @@ from nDPIsrvd import nDPIsrvdSocket, TermColor
 def parse_json_str(json_str):
 
     j = nDPIsrvd.JsonParseBytes(json_str[0])
-
-    event_str = validateEventName(j)
-    if event_str is None:
-        raise RuntimeError('unknown flow event name: {}'.format(event))
+    event_str = nDPIsrvd.validateFlowEventName(j)
+    if event_str is 'Unknown':
+        if nDPIsrvd.validatePacketEventName(j) is 'Unknown':
+            raise RuntimeError('Missing flow_event_name in the JSON string.')
+        else:
+            return
 
     ndpi_proto_categ = ''
     ndpi_frisk = ''
diff --git a/examples/py-flow-undetected-to-pcap/flow-undetected-to-pcap.py b/examples/py-flow-undetected-to-pcap/flow-undetected-to-pcap.py
index 8a4c2fe93..26eac3ff5 100755
--- a/examples/py-flow-undetected-to-pcap/flow-undetected-to-pcap.py
+++ b/examples/py-flow-undetected-to-pcap/flow-undetected-to-pcap.py
@@ -30,7 +30,7 @@ def parse_json_str(json_str):
             return
         elif event == 'end' or event == 'idle':
             del FLOWS[flow_id]
-        elif event == 'detected':
+        elif event == 'detected' or event == 'detection-update':
             FLOWS[flow_id].detected()
         elif event == 'guessed' or event == 'not-detected':
             if event == 'guessed':
diff --git a/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py b/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py
index 65b543ca6..5636b25d5 100755
--- a/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py
+++ b/examples/py-risky-flow-to-pcap/risky-flow-to-pcap.py
@@ -30,7 +30,7 @@ def parse_json_str(json_str):
             return
         elif event == 'end' or event == 'idle':
             del FLOWS[flow_id]
-        elif event == 'detected' or event == 'guessed' or event == 'not-detected':
+        elif event == 'detected' or event == 'detection-update' or event == 'guessed' or event == 'not-detected':
             if 'ndpi' in j and 'flow_risk' in j['ndpi']:
                 print('Risky flow with id {}, PCAP dump returned: {}'.format(flow_id, FLOWS[flow_id].fin('risky')))