Major change in the logic. Process Apps first and Categories after.

c3d0bf02 · Franco (nextime) Lanza · 093d3799 · c3d0bf02
Commit c3d0bf02 authored Apr 24, 2021 by Franco (nextime) Lanza
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 16 deletions

dpi dpi +20 -16

No files found.
--- a/dpi
+++ b/dpi
@@ -13,7 +13,7 @@ logging.basicConfig(filename="/tmp/dpi.log",
                    filemode='a',
                    format='%(asctime)s,%(msecs)d %(name)s %(levelname)s %(message)s',
                    datefmt='%Y-%m-%d %H:%M:%S',
-                    level=logging.DEBUG)
+                    level=logging.INFO)

 log=logging.getLogger("NexDPI")

@@ -155,7 +155,7 @@ class NexDPI():
      log.info("NexDPI started")
      for flow in online_streamer:

-         self.isknown = False
+         managed=False
         self.fullname=flow.application_name+" "+flow.application_category_name
         triplet=str(flow.dst_ip)+","+str(flow.dst_port)+","+str(flow.src_ip)
         cname = flow.application_category_name
@@ -165,31 +165,35 @@ class NexDPI():

         log.info("RECEIVED: "+cname+" "+aname+" "+sername)

+         if sername in list(Apps.keys()):
+            appd=Apps[sername]
+            if ipv==6:
+               ipset_list = appd['ipset']+"6"
+            else:
+               ipset_list = appd['ipset']
+            if not aname.startswith(tuple(appd['nostart'])):
+               managed=True
+               sh("ipset test "+ipset_list+" "+triplet+" >/dev/null 2>&1 || ipset add "+ipset_list+" "+triplet+" timeout "+appd['timeout']+" > /dev/null 2>&1")
+               log.info("ADD: "+ipset_list+" "+triplet+" "+self.fullname)
+               if aname.startswith(tuple(appd['knowstarts'])):
+                  continue
+
         if cname in list(Cats.keys()):
            if ipv==6:
               ipset_list = Cats[cname]['ipset']+"6"
            else:
               ipset_list = Cats[cname]['ipset']
-            log.info("CHECKCATEGORY: "+str(tuple(Cats[cname]['nostart'])))
+            log.debug("CHECKCATEGORY: "+str(tuple(Cats[cname]['nostart'])))
            if not aname.startswith(tuple(Cats[cname]['nostart'])) and not sername in list(Cats[cname]['noapps']):
+               managed=True
               sh("ipset add "+ipset_list+" "+triplet+" timeout "+Cats[cname]['timeout']+" --exist > /dev/null 2>&1")
               log.info("ADD: "+ipset_list+" "+triplet+" "+self.fullname)
               if sername in list(Cats[cname]['knownapps']):
-                  self.isknown = True
+                  continue 

-         elif sername in list(Apps.keys()):
-            appd=Apps[sername]
-            if ipv==6:
-               ipset_list = appd['ipset']+"6"
-            else:
-               ipset_list = appd['ipset']
-            if not aname.startswith(tuple(appd['nostart'])):
-               sh("ipset test "+ipset_list+" "+triplet+" >/dev/null 2>&1 || ipset add "+ipset_list+" "+triplet+" timeout "+appd['timeout']+" > /dev/null 2>&1")
-               log.info("ADD: "+ipset_list+" "+triplet+" "+self.fullname)
-               if aname.startswith(tuple(appd['knowstarts'])):
-                  self.isknown = True

-         if self.fullname and not self.fullname in UnknownMatch and not self.isknown:
+         # this will 
+         if self.fullname and not self.fullname in UnknownMatch:
            log.warning("UNKNOWN: "+self.fullname)
            UnknownMatch.append(self.fullname)