diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2020-07-15 18:37:33 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2020-07-15 18:37:33 +0200 |
| commit | 6068a99a566258c1ca9b9617680ac078719a878f (patch) | |
| tree | 7aa955fa1eb8eb9ad2d796f9488cf0628b807847 /nDPId.c | |
| parent | 5364603fbaed780bc51459d4c1ab283f7fc006e1 (diff) | |
serialize flow risk, send information about how much raw pkts are sent to the json endpoint, send also a json thread init complete event
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'nDPId.c')
| -rw-r--r-- | nDPId.c | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -209,6 +209,7 @@ static int log_to_stderr = 0; static char json_sockpath[UNIX_PATH_MAX] = "/tmp/ndpid-collector.sock"; static void free_workflow(struct nDPId_workflow ** const workflow); +static void serialize_and_send(struct nDPId_reader_thread * const reader_thread); static void jsonize_flow_event(struct nDPId_reader_thread * const reader_thread, struct nDPId_flow_info const * const flow, enum flow_event event); @@ -604,13 +605,14 @@ static void jsonize_flow(struct nDPId_workflow * const workflow, struct nDPId_fl ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_packet_id", flow->packets_processed); ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_first_seen", flow->first_seen); ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_last_seen", flow->last_seen); - ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_l4_data_len", flow->total_l4_data_len); + ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_tot_l4_data_len", flow->total_l4_data_len); ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_min_l4_data_len", flow->min_l4_data_len); ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_max_l4_data_len", flow->max_l4_data_len); ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_avg_l4_data_len", (flow->packets_processed > 0 ? flow->total_l4_data_len / flow->packets_processed : 0)); ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "midstream", flow->is_midstream_flow); + ndpi_serialize_risk(&workflow->ndpi_serializer, flow->ndpi_flow); if (jsonize_l3_l4_dpi(workflow, flow) != 0) { @@ -623,6 +625,7 @@ static void jsonize_flow(struct nDPId_workflow * const workflow, struct nDPId_fl static int connect_to_json_socket(struct nDPId_reader_thread * const reader_thread) { + struct nDPId_workflow * const workflow = reader_thread->workflow; struct sockaddr_un saddr; close(reader_thread->json_sockfd); @@ -655,6 +658,16 @@ static int connect_to_json_socket(struct nDPId_reader_thread * const reader_thre reader_thread->json_sock_reconnect = 0; + if (ndpi_serialize_string_int32(&workflow->ndpi_serializer, "thread_id", reader_thread->array_index) != 0 || + ndpi_serialize_string_boolean(&workflow->ndpi_serializer, "init_complete", 1) != 0) + { + syslog(LOG_DAEMON | LOG_ERR, + "[%8llu, %d] JSON serialize buffer failed", + reader_thread->workflow->packets_captured, + reader_thread->array_index); + } + serialize_and_send(reader_thread); + return 0; } @@ -821,6 +834,7 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa } ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "flow_id", flow->flow_id); ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_packet_id", flow->packets_processed); + ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "max_packets", MAX_PACKETS_PER_FLOW_TO_SEND); } ndpi_serialize_string_int32(&workflow->ndpi_serializer, "packet_event_id", event); |