From 125787909a6fe8cf089a6494d2db18820ee0b6e9 Mon Sep 17 00:00:00 2001
From: Alfredo Cardigliano <cardigliano@ntop.org>
Date: Tue, 12 Nov 2024 11:53:59 +0100
Subject: [PATCH] Add rowid to engaged alerts for all families

---
 include/Alert.h                    | 4 +++-
 include/NetworkInterface.h         | 4 ++--
 scripts/lua/modules/alerts_api.lua | 2 --
 src/NetworkInterface.cpp           | 2 +-
 src/OtherAlertableEntity.cpp       | 4 ++++
 5 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/include/Alert.h b/include/Alert.h
index e5cdfab16429..ad6a9a0ab12a 100644
--- a/include/Alert.h
+++ b/include/Alert.h
@@ -27,8 +27,10 @@ class Alert {
   time_t tstamp;
   time_t last_update;
   AlertType alert_id;
-  u_int8_t score;
+  u_int64_t rowid; /* used by engaged alert in the in-memory table */
   u_int16_t port;
+  u_int8_t score;
+  bool require_attention;
   std::string subtype;
   std::string json;
   std::string ip;
diff --git a/include/NetworkInterface.h b/include/NetworkInterface.h
index 3a94c646d98b..cca0e20193fd 100644
--- a/include/NetworkInterface.h
+++ b/include/NetworkInterface.h
@@ -85,7 +85,7 @@ class NetworkInterface : public NetworkInterfaceAlertableEntity {
     num_alerts_engaged_error[ALERT_ENTITY_MAX_NUM_ENTITIES],
     num_alerts_engaged_critical[ALERT_ENTITY_MAX_NUM_ENTITIES],
     num_alerts_engaged_emergency[ALERT_ENTITY_MAX_NUM_ENTITIES], flow_serial;
-  u_int64_t alert_serial;
+  std::atomic<u_int64_t> alert_serial;
   /* Counters for active alerts. Changed by multiple concurrent threads */
   std::atomic<u_int64_t>
   num_active_alerted_flows_notice; /* Counts all flow alerts with severity
@@ -1285,7 +1285,7 @@ class NetworkInterface : public NetworkInterfaceAlertableEntity {
   }
   u_int16_t getnDPIProtoByName(const char *name);
   inline u_int32_t getNewFlowSerial() { return (flow_serial++); }
-  inline u_int64_t getNewAlertSerial() { return (++alert_serial); }
+  inline u_int64_t getNewAlertSerial() { return alert_serial.fetch_add(1, std::memory_order_relaxed); }
   bool resetHostTopSites(AddressTree *allowed_hosts, char *host_ip,
                          u_int16_t vlan_id, u_int16_t observationPointId);
   void localHostsServerPorts(lua_State *vm);
diff --git a/scripts/lua/modules/alerts_api.lua b/scripts/lua/modules/alerts_api.lua
index e168a6f4dc80..8c0ffee48163 100644
--- a/scripts/lua/modules/alerts_api.lua
+++ b/scripts/lua/modules/alerts_api.lua
@@ -362,7 +362,6 @@ function alerts_api.trigger(entity_info, type_info, when, cur_alerts)
 
     triggered.ifid = ifid
     triggered.action = "engage"
-    triggered.require_attention = true
 
     -- Emit the notification only if the notification hasn't already been emitted.
     -- This is to avoid alert storms when ntopng is restarted. Indeeed,
@@ -451,7 +450,6 @@ function alerts_api.release(entity_info, type_info, when, cur_alerts)
 
     released.ifid = ifid
     released.action = "release"
-    triggered.require_attention = true
 
     addAlertPoolAndNetworkInfo(entity_info, released)
 
diff --git a/src/NetworkInterface.cpp b/src/NetworkInterface.cpp
index 699872c229e7..feefaa234445 100644
--- a/src/NetworkInterface.cpp
+++ b/src/NetworkInterface.cpp
@@ -366,7 +366,7 @@ void NetworkInterface::init(const char *interface_name) {
   hostAlertsQueue = new (std::nothrow) SPSCQueue<HostAlertReleasedPair>(MAX_HOST_CHECKS_QUEUE_LEN,
 									"hostAlertsQueue");
   flow_serial = 0;
-  alert_serial = 0;
+  alert_serial = 1; /* first assigned rowid is 1 */
 
   /* nDPI handling */
   ndpi_cleanup_needed = false;
diff --git a/src/OtherAlertableEntity.cpp b/src/OtherAlertableEntity.cpp
index 5c4ccb184335..4896c6ec2341 100644
--- a/src/OtherAlertableEntity.cpp
+++ b/src/OtherAlertableEntity.cpp
@@ -37,10 +37,12 @@ OtherAlertableEntity::~OtherAlertableEntity() {}
 
 void OtherAlertableEntity::luaAlert(lua_State *vm, const Alert *alert,
                                     ScriptPeriodicity p) const {
+  lua_push_int64_table_entry(vm, "rowid", alert->alert_id);
   lua_push_int32_table_entry(vm, "alert_id", alert->alert_id);
   lua_push_str_table_entry(vm, "subtype", alert->subtype.c_str());
   lua_push_int32_table_entry(vm, "entity_id", getEntityType());
   lua_push_str_table_entry(vm, "entity_val", getEntityValue().c_str());
+  lua_push_bool_table_entry(vm, "require_attention", alert->require_attention);
   lua_push_int32_table_entry(vm, "score", alert->score);
   lua_push_int32_table_entry(vm, "severity",
                              Utils::mapScoreToSeverity(alert->score));
@@ -84,10 +86,12 @@ bool OtherAlertableEntity::triggerAlert(lua_State *vm, std::string key,
     if (it == engaged_alerts[(u_int)p].end()) {
       Alert alert;
 
+      alert.rowid = getAlertInterface()->getNewAlertSerial();
       alert.tstamp = alert.last_update = now;
       alert.score = score;
       alert.alert_id = alert_id;
       alert.subtype = subtype;
+      alert.require_attention = true;
       alert.json = json;
       alert.ip = ip ? ip : "";
       alert.name = name ? name : "";