Added exporters limits to ntopng licenses

ntop · Jul 15, 2024 · cc18f96 · cc18f96
1 parent 3362145
commit cc18f96
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 23 deletions.
diff --git a/include/Ntop.h b/include/Ntop.h
@@ -108,6 +108,8 @@ class Ntop {
 #endif
   FifoSerializerQueue *internal_alerts_queue;
   Recipients recipients; /* Handle notification recipients */
+  u_int8_t num_flow_exporters;
+  u_int16_t num_flow_intefaces;
 #ifdef NTOPNG_PRO
   AssetManagement am;
 #ifdef HAVE_KAFKA
@@ -572,6 +574,10 @@ class Ntop {
 #ifdef NTOPNG_PRO
   inline AlertExclusions *getAlertExclusions() { return alert_exclusions; }
 #endif
+  u_int8_t getNumFlowExporters() { return num_flow_exporters; }
+  u_int16_t getNumFlowExportersInterfaces() { return num_flow_intefaces; }
+  bool incNumFlowExporters();
+  bool incNumFlowExportersInterfaces();
 
   inline u_int getNumCPUs() { return (num_cpus); }
   inline void setNumCPUs(u_int num) { num_cpus = num; }

diff --git a/src/Ntop.cpp b/src/Ntop.cpp
@@ -91,6 +91,7 @@ Ntop::Ntop(const char *appName) {
 
   /* Flow alerts exclusions */
 #ifdef NTOPNG_PRO
+  num_flow_exporters = num_flow_intefaces = 0;
   alertExclusionsReloadInProgress = true;
   alert_exclusions = alert_exclusions_shadow = NULL;
 #endif
@@ -4170,6 +4171,34 @@ void Ntop::reloadMessageBroker() {
 
   connectMessageBroker();
 }
+
+/* ******************************************* */
+
+bool Ntop::incNumFlowExporters() {
+  bool ok = true;
+  m.lock(__FILE__, __LINE__);
+  if (num_flow_exporters < get_max_num_flow_exporters())
+    num_flow_exporters++;
+  else
+    ok = false;
+  m.unlock(__FILE__, __LINE__);
+
+  return ok;
+}
+
+/* ******************************************* */
+
+bool Ntop::incNumFlowExportersInterfaces() {
+  bool ok = true;
+  m.lock(__FILE__, __LINE__);
+  if (num_flow_intefaces < get_max_num_flow_exporters_interfaces())
+    num_flow_intefaces++;
+  else
+    ok = false;
+  m.unlock(__FILE__, __LINE__);
+
+  return ok;
+}
 #endif /* NTOPNG_PRO */
 
 /* ******************************************* */
diff --git a/src/ParserInterface.cpp b/src/ParserInterface.cpp
@@ -70,6 +70,21 @@ bool ParserInterface::processFlow(ParsedFlow *zflow) {
 
   if ((zflow->vlan_id == 0) && ntop->getPrefs()->do_simulate_vlans())
     zflow->vlan_id = rand() % SIMULATE_VLANS_MAX_VALUE;
+#ifdef NTOPNG_PRO
+  if (zflow->device_ip) {
+    bool are_limits_okay = true;
+    /* First of all check the device IP, because if the max number is reached,
+      * the flow is going to be dropped
+      */
+    if (!flow_interfaces_stats)
+      flow_interfaces_stats = new (std::nothrow) FlowInterfacesStats();
+    are_limits_okay = flow_interfaces_stats->checkExporters(zflow->device_ip, zflow->inIndex);
+    if (!are_limits_okay) {
+      ntop->getTrace()->traceEvent(TRACE_NORMAL, "Flow dropped due to limits to the license. Exporters limit: %d | Interfaces limit: %d", get_max_num_flow_exporters(), get_max_num_flow_exporters_interfaces());
+      return false;
+    }
+  }
+#endif
 
   if (!isSubInterface()) {
     bool processed = false;
@@ -212,7 +227,7 @@ bool ParserInterface::processFlow(ParsedFlow *zflow) {
     private_flow_id = ndpi_quick_hash((const unsigned char*)zflow->getSIPCallId(), len);
   } else
     private_flow_id = 0;
-
+    
   /* Updating Flow */
   flow = getFlow(UNKNOWN_PKT_IFACE_IDX,
 		 srcMac, dstMac, zflow->vlan_id, zflow->observationPointId,
@@ -472,32 +487,30 @@ bool ParserInterface::processFlow(ParsedFlow *zflow) {
     guessed_protocol.master_protocol = ndpi_map_ndpi_id_to_user_proto_id(get_ndpi_struct(), guessed_protocol.master_protocol);
 
 #ifdef NTOPNG_PRO
-    if (zflow->device_ip) {
-      // if(ntop->getPrefs()->is_flow_device_port_rrd_creation_enabled() &&
-      // ntop->getPro()->has_valid_license()) {
+  if (zflow->device_ip) {
       if (!flow_interfaces_stats)
         flow_interfaces_stats = new (std::nothrow) FlowInterfacesStats();
 
-      if (flow_interfaces_stats) {
-        flow_interfaces_stats->incStats(now, zflow->device_ip, zflow->inIndex, flow->getStatsProtocol(),
-					zflow->pkt_sampling_rate * zflow->out_pkts,
-					zflow->pkt_sampling_rate * zflow->out_bytes,
-					zflow->pkt_sampling_rate * zflow->in_pkts,
-					zflow->pkt_sampling_rate * zflow->in_bytes);
-	/* If the SNMP device is actually an host with an SNMP agent, then traffic
-	   can enter and leave it from the same interface (think to a management
-	   interface). For this reason it is important to check the outIndex and
-	   increase its counters only if it is different from inIndex to avoid
-	   double counting. */
-
-        if (zflow->outIndex != zflow->inIndex)
-          flow_interfaces_stats->incStats(now, zflow->device_ip, zflow->outIndex, flow->getStatsProtocol(),
-					  zflow->pkt_sampling_rate * zflow->in_pkts,
-					  zflow->pkt_sampling_rate * zflow->in_bytes,
-					  zflow->pkt_sampling_rate * zflow->out_pkts,
-					  zflow->pkt_sampling_rate * zflow->out_bytes);
-      }
+    if (flow_interfaces_stats) {
+      flow_interfaces_stats->incStats(now, zflow->device_ip, zflow->inIndex, flow->getStatsProtocol(),
+        zflow->pkt_sampling_rate * zflow->out_pkts,
+        zflow->pkt_sampling_rate * zflow->out_bytes,
+        zflow->pkt_sampling_rate * zflow->in_pkts,
+        zflow->pkt_sampling_rate * zflow->in_bytes);
+/* If the SNMP device is actually an host with an SNMP agent, then traffic
+    can enter and leave it from the same interface (think to a management
+    interface). For this reason it is important to check the outIndex and
+    increase its counters only if it is different from inIndex to avoid
+    double counting. */
+
+    if (zflow->outIndex != zflow->inIndex)
+      flow_interfaces_stats->incStats(now, zflow->device_ip, zflow->outIndex, flow->getStatsProtocol(),
+        zflow->pkt_sampling_rate * zflow->in_pkts,
+        zflow->pkt_sampling_rate * zflow->in_bytes,
+        zflow->pkt_sampling_rate * zflow->out_pkts,
+        zflow->pkt_sampling_rate * zflow->out_bytes);
     }
+  }
 #endif
 
     flow->setFlowVerdict(zflow->getFlowVerdict());