Collect s7comm stats

Author: cardigliano

include/Flow.h

@@ -203,6 +203,7 @@ class Flow : public GenericHashEntry {
   IEC104Stats *iec104;
 #ifdef NTOPNG_PRO
   ModbusStats *modbus;
+  S7CommStats *s7comm;
 #endif
   char *suspicious_dga_domain; /* Stores the suspicious DGA domain for flows
                                   with NDPI_SUSPICIOUS_DGA_DOMAIN */
@@ -553,6 +554,7 @@ class Flow : public GenericHashEntry {
   }
   inline bool isIEC60870() const { return (isProto(NDPI_PROTOCOL_IEC60870));      }
   inline bool isModbus()   const { return (isProto(NDPI_PROTOCOL_MODBUS));        }
+  inline bool isS7Comm()   const { return (isProto(NDPI_PROTOCOL_S7COMM));        }
   inline bool isMDNS() const     { return (isProto(NDPI_PROTOCOL_MDNS));          }
   inline bool isSSDP() const     { return (isProto(NDPI_PROTOCOL_SSDP));          }
   inline bool isNetBIOS() const  { return (isProto(NDPI_PROTOCOL_NETBIOS));       }
@@ -1210,6 +1212,7 @@ class Flow : public GenericHashEntry {
   void updateTCPWinScale(bool src2dst_direction, u_int8_t winscale);
   void updateTCPWin(bool src2dst_direction, u_int16_t win);
   void getModbusInfo(ndpi_serializer *serializer);
+  void getS7CommInfo(ndpi_serializer *serializer);
 
 #if !defined(HAVE_NEDGE)
   inline void updateProfile() { trafficProfile = iface->getFlowProfile(this); }

include/ntop_includes.h

@@ -485,6 +485,7 @@ using namespace clickhouse;
 #ifdef NTOPNG_PRO
 #include "FlowRTP.h"
 #include "ModbusStats.h"
+#include "S7CommStats.h"
 #include "MessageBroker.h"
 #include "NatsBroker.h"
 #endif

src/Flow.cpp

@@ -289,6 +289,7 @@ Flow::Flow(NetworkInterface *_iface,
 
 #ifdef NTOPNG_PRO
   modbus = NULL;
+  s7comm = NULL;
   lateral_movement = false;
   periodicity_status = periodicity_status_unknown;
 #ifndef HAVE_NEDGE
@@ -599,6 +600,7 @@ Flow::~Flow() {
   if(iec104) delete iec104;
 #ifdef NTOPNG_PRO
   if(modbus) delete modbus;
+  if(s7comm) delete s7comm;
 #endif
 
   if(suspicious_dga_domain) free(suspicious_dga_domain);
@@ -3317,6 +3319,7 @@ void Flow::lua(lua_State *vm, AddressTree *ptree,
 
 #ifdef NTOPNG_PRO
     if(modbus) modbus->lua(vm);
+    if(s7comm) s7comm->lua(vm);
 #endif
 
     if(!has_json_info) lua_push_str_table_entry(vm, "moreinfo.json", "{}");
@@ -5692,6 +5695,7 @@ std::string Flow::getFlowInfo(bool isLuaRequest) {
     if(iec104) return (iec104->getFlowInfo());
 #ifdef NTOPNG_PRO
     if(modbus) return (modbus->getFlowInfo());
+    if(s7comm) return (s7comm->getFlowInfo());
 #endif
 
     if(isDNS() && protos.dns.last_query) {
@@ -8021,6 +8025,14 @@ void Flow::getProtocolJSONInfo(ndpi_serializer *serializer) {
     ndpi_serialize_end_of_block(serializer);
     break;
 #endif
+
+#ifdef NTOPNG_PRO
+  case NDPI_PROTOCOL_S7COMM:
+    ndpi_serialize_start_of_block(serializer, "s7comm");
+    getS7CommInfo(serializer);
+    ndpi_serialize_end_of_block(serializer);
+    break;
+#endif
   }
 
   if(getErrorCode() != 0)

src/ParserInterface.cpp

@@ -614,7 +614,7 @@ bool ParserInterface::processFlow(ParsedFlow *zflow) {
     }
 
 #ifdef NTOPNG_PRO
-    if (flow->isModbus()) {
+    if (flow->isModbus() || flow->isS7Comm()) {
       flow->updateOTStats(zflow);
     }
 #endif

src/ZMQParserInterface.cpp

@@ -1107,8 +1107,8 @@ bool ZMQParserInterface::parsePENNtopField(ParsedFlow *const flow,
 #if 0
     ntop->getTrace()->traceEvent(TRACE_NORMAL, "[value: %s][master: %u][app: %u]",
 				 value->string ? value->string : "(int)",
-				 flow->l7_proto.master_protocol,
-				 flow->l7_proto.app_protocol);
+				 flow->l7_proto.proto.master_protocol,
+				 flow->l7_proto.proto.app_protocol);
 #endif
     break;