2 files changed, 80 insertions, 20 deletions

diff --git a/dependencies/nDPIsrvd.h b/dependencies/nDPIsrvd.h
index 29523e24a..13d9ed0bd 100644
--- a/dependencies/nDPIsrvd.h
+++ b/dependencies/nDPIsrvd.h
@@ -126,7 +126,8 @@ typedef void (*flow_end_callback)(struct nDPIsrvd_socket * const sock, struct nD
 struct nDPIsrvd_address
 {
     socklen_t size;
-    union {
+    union
+    {
         struct sockaddr_in in;
         struct sockaddr_in6 in6;
         struct sockaddr_un un;
@@ -136,7 +137,8 @@ struct nDPIsrvd_address
 
 struct nDPIsrvd_buffer
 {
-    union {
+    union
+    {
         char * text;
         uint8_t * raw;
     } ptr;
@@ -503,8 +505,7 @@ static inline enum nDPIsrvd_connect_return nDPIsrvd_connect(struct nDPIsrvd_sock
 
 static inline enum nDPIsrvd_read_return nDPIsrvd_read(struct nDPIsrvd_socket * const sock)
 {
-    ssize_t bytes_read =
-        read(sock->fd, sock->buffer.ptr.raw + sock->buffer.used, sock->buffer.max - sock->buffer.used);
+    ssize_t bytes_read = read(sock->fd, sock->buffer.ptr.raw + sock->buffer.used, sock->buffer.max - sock->buffer.used);
 
     if (bytes_read == 0)
     {
@@ -557,10 +558,9 @@ static inline struct nDPIsrvd_json_token const * token_get(struct nDPIsrvd_socke
     return NULL;
 }
 
-static inline struct nDPIsrvd_json_token const *
-token_get_next_child(struct nDPIsrvd_socket const * const sock,
-                     struct nDPIsrvd_json_token const * const start,
-                     int * next_index)
+static inline struct nDPIsrvd_json_token const * token_get_next_child(struct nDPIsrvd_socket const * const sock,
+                                                                      struct nDPIsrvd_json_token const * const start,
+                                                                      int * next_index)
 {
     struct nDPIsrvd_json_token const * result = NULL;
 
@@ -575,8 +575,7 @@ token_get_next_child(struct nDPIsrvd_socket const * const sock,
 
     for (int i = *next_index + 2; i < sock->jsmn.tokens_found; i += 2)
     {
-        if (sock->jsmn.tokens[i].parent != start->token_index + 1 ||
-            sock->jsmn.tokens[i].type != JSMN_STRING)
+        if (sock->jsmn.tokens[i].parent != start->token_index + 1 || sock->jsmn.tokens[i].type != JSMN_STRING)
         {
             continue;
         }
@@ -717,6 +716,9 @@ static inline struct nDPIsrvd_flow * nDPIsrvd_get_flow(struct nDPIsrvd_socket *
         TOKEN_VALUE_TO_ULL(tokens[0], &flow->id_as_ull);
         memcpy(flow->flow_key.key, key.key, nDPIsrvd_FLOW_KEY_STRLEN);
         HASH_ADD(hh, sock->flow_table, flow_key, sizeof(flow->flow_key), flow);
+#ifdef ENABLE_MEMORY_PROFILING
+        printf("Flow %llu added: %zu bytes.\n", flow->id_as_ull, sizeof(*flow) + sock->flow_user_data_size);
+#endif
     }
 
     return flow;
@@ -739,6 +741,9 @@ static inline int nDPIsrvd_check_flow_end(struct nDPIsrvd_socket * const sock,
             sock->flow_end_callback(sock, current_flow);
         }
         HASH_DEL(sock->flow_table, current_flow);
+#ifdef ENABLE_MEMORY_PROFILING
+        printf("Flow %llu deleted: %zu bytes.\n", current_flow->id_as_ull, sizeof(*current_flow) + sock->flow_user_data_size);
+#endif
         free(current_flow);
     }
 
@@ -778,7 +783,8 @@ static inline enum nDPIsrvd_parse_return nDPIsrvd_parse_line(struct nDPIsrvd_buf
     {
         return PARSE_NEED_MORE_DATA;
     }
-    if (buffer->ptr.text[buffer->json_string_length - 2] != '}' || buffer->ptr.text[buffer->json_string_length - 1] != '\n')
+    if (buffer->ptr.text[buffer->json_string_length - 2] != '}' ||
+        buffer->ptr.text[buffer->json_string_length - 1] != '\n')
     {
         return PARSE_INVALID_CLOSING_CHAR;
     }
@@ -927,4 +933,17 @@ static inline void nDPIsrvd_uthash_free(void * const freeable, size_t const size
 }
 #endif
 
+static inline void nDPIsrvd_write_flow_info(int outfd, struct nDPIsrvd_socket const * const sock, void (*write_cb)(int outfd, struct nDPIsrvd_flow *))
+{
+    struct nDPIsrvd_flow * current_flow;
+    struct nDPIsrvd_flow * ftmp;
+
+    HASH_ITER(hh, sock->flow_table, current_flow, ftmp)
+    {
+        dprintf(outfd, "[Flow %llu]", current_flow->id_as_ull);
+        write_cb(outfd, current_flow);
+        dprintf(outfd, "%c", '\n');
+    }
+}
+
 #endif
diff --git a/examples/c-captured/c-captured.c b/examples/c-captured/c-captured.c
index 42da0677d..ba7cbe53f 100644
--- a/examples/c-captured/c-captured.c
+++ b/examples/c-captured/c-captured.c
@@ -1,7 +1,6 @@
 #include <arpa/inet.h>
 #include <errno.h>
 #include <linux/limits.h>
-#include <ndpi_api.h>
 #include <ndpi_typedefs.h>
 #include <netinet/ip_icmp.h>
 #include <netinet/tcp.h>
@@ -31,7 +30,8 @@ struct packet_data
     nDPIsrvd_ull packet_ts_usec;
     nDPIsrvd_ull packet_len;
     int base64_packet_size;
-    union {
+    union
+    {
         char * base64_packet;
         char const * base64_packet_const;
     };
@@ -39,6 +39,7 @@ struct packet_data
 
 struct flow_user_data
 {
+    nDPIsrvd_ull flow_last_seen_ts_sec;
     uint8_t flow_new_seen;
     uint8_t detection_finished;
     uint8_t guessed;
@@ -382,6 +383,8 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
             perror_ull(TOKEN_VALUE_TO_ULL(TOKEN_GET_SZ(sock, "flow_tot_l4_payload_len"),
                                           &flow_user->flow_tot_l4_payload_len),
                        "flow_tot_l4_payload_len");
+
+            perror_ull(TOKEN_VALUE_TO_ULL(TOKEN_GET_SZ(sock, "flow_last_seen"), &flow_user->flow_last_seen_ts_sec), "flow_last_seen");
         }
 
         if (TOKEN_VALUE_EQUALS_SZ(flow_event_name, "new") != 0)
@@ -424,8 +427,7 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
                     nDPIsrvd_ull numeric_risk_value = 0ull;
 
                     if (TOKEN_KEY_TO_ULL(current, &numeric_risk_value) == CONVERSION_OK &&
-                        numeric_risk_value < NDPI_MAX_RISK &&
-                        has_ndpi_risk(&process_risky, numeric_risk_value) != 0)
+                        numeric_risk_value < NDPI_MAX_RISK && has_ndpi_risk(&process_risky, numeric_risk_value) != 0)
                     {
                         flow_user->risky = 1;
                     }
@@ -475,11 +477,39 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
     return CALLBACK_OK;
 }
 
-static void sighandler(int signum)
+static void nDPIsrvd_write_flow_info_cb(int outfd, struct nDPIsrvd_flow * const flow)
 {
-    (void)signum;
+    struct flow_user_data * const flow_user = (struct flow_user_data *)flow->flow_user_data;
 
-    if (main_thread_shutdown == 0)
+    dprintf(outfd,
+            "[ptr: %p][last-seen: %llu][finished: %u][detected: %u][midstream: %u][risky: %u][total-L4-payload-length: "
+            "%llu][packets-captured: %u]",
+            flow, flow_user->flow_last_seen_ts_sec,
+            flow_user->detection_finished,
+            flow_user->detected,
+            flow_user->flow_new_seen == 0,
+            flow_user->risky,
+            flow_user->flow_tot_l4_payload_len,
+            flow_user->packets != NULL ? utarray_len(flow_user->packets) : 0);
+    syslog(LOG_DAEMON,
+           "[ptr: %p][last-seen: %llu][finished: %u][detected: %u][midstream: %u][risky: %u][total-L4-payload-length: "
+           "%llu][packets-captured: %u]",
+           flow, flow_user->flow_last_seen_ts_sec,
+           flow_user->detection_finished,
+           flow_user->detected,
+           flow_user->flow_new_seen == 0,
+           flow_user->risky,
+           flow_user->flow_tot_l4_payload_len,
+           flow_user->packets != NULL ? utarray_len(flow_user->packets) : 0);
+}
+
+static void sighandler(int signum)
+{
+    if (signum == SIGUSR1)
+    {
+        nDPIsrvd_write_flow_info(2, sock, nDPIsrvd_write_flow_info_cb);
+    }
+    else if (main_thread_shutdown == 0)
     {
         main_thread_shutdown = 1;
     }
@@ -519,7 +549,8 @@ static void print_usage(char const * const arg0)
         "\t-R\tRisky - Dump risky flows to a PCAP file. See additional help below.\n"
         "\t-M\tMidstream - Dump midstream flows to a PCAP file.\n"
         "\t-E\tEmpty - Ignore flows w/o any layer 4 payload\n\n"
-        "\tPossible options for `-R' (can be specified multiple times, processed from left to right, ~ disables a risk):\n"
+        "\tPossible options for `-R' (can be specified multiple times, processed from left to right, ~ disables a "
+        "risk):\n"
         "\t  \tExample: -R0 -R~15 would enable all risks except risk with id 15\n";
 
     fprintf(stderr, usage, arg0);
@@ -600,7 +631,9 @@ static int parse_options(int argc, char ** argv)
                 if (optarg[0] == '~')
                 {
                     unset_ndpi_risk(&process_risky, risk);
-                } else {
+                }
+                else
+                {
                     set_ndpi_risk(&process_risky, risk);
                 }
                 break;
@@ -666,8 +699,14 @@ static int parse_options(int argc, char ** argv)
 
 static int mainloop(void)
 {
+    sigset_t sigusr1_block;
+
+    sigemptyset(&sigusr1_block);
+    sigaddset(&sigusr1_block, SIGUSR1);
+
     while (main_thread_shutdown == 0)
     {
+        sigprocmask(SIG_BLOCK, &sigusr1_block, NULL);
         errno = 0;
         enum nDPIsrvd_read_return read_ret = nDPIsrvd_read(sock);
         if (read_ret != READ_OK)
@@ -682,6 +721,7 @@ static int mainloop(void)
             syslog(LOG_DAEMON | LOG_ERR, "nDPIsrvd parse failed with: %s", nDPIsrvd_enum_to_string(parse_ret));
             return 1;
         }
+        sigprocmask(SIG_UNBLOCK, &sigusr1_block, NULL);
     }
 
     return 0;
@@ -712,6 +752,7 @@ int main(int argc, char ** argv)
         return 1;
     }
 
+    signal(SIGUSR1, sighandler);
     signal(SIGINT, sighandler);
     signal(SIGTERM, sighandler);
     signal(SIGPIPE, sighandler);