Coder Social home page Coder Social logo

Debug of NDPI about ndpi-netfilter HOT 3 OPEN

betolj avatar betolj commented on June 27, 2024
Debug of NDPI

from ndpi-netfilter.

Comments (3)

betolj avatar betolj commented on June 27, 2024

The debug_printf function was used in old ndpi_init_detection_module api.

Unfortunately, i have a little free time. But, in this weekend I will check the problem related for SSL connections.

from ndpi-netfilter.

Sacriyana avatar Sacriyana commented on June 27, 2024

I was thinking of the NDPI_LOG macro in the nDPI code.

I search to have the same level detection of ndpiReader (the little programme which comes with nDPI) in the kernel. But now, I have made some search (but no significative) and I will continue this week. If I find a solution, I tell you.
Do you know a solution to avoid set the detection of all protocol without rules in Iptables. I have tried only iptables -t mangle -A (PREROUTING || POSTROUTING) -ndpi --dpi_check but all packets are categorized as ""unknown". Yet if I add some rules on SSL, HTTP or GOOGLE, I have some detection.
It's very weird. So, I will compare the ndpiReader detection process and your code.

from ndpi-netfilter.

betolj avatar betolj commented on June 27, 2024

There are several differences between ndpiReader and ndpi-netfilter.

In ndpiReader the detection is made in sniffer mode (using libpcap) - so, by default, this application can inspect everything on network interface.

But, in ndpi-netfilter the inspection is made by netfilter flow (into proper firewall chain) - using the "flow struct". For this reason, we need to identify all packets directions. So, the dpi_check is used only to map all possibles flows to ndpi detection - no protocol is enabled at this moment.

All protocols are disabled when xt_ndpi module is loaded. For performance reason, the protocol is enabled only by firewall rule (with the ndpi_enable_protocols function).

-- line 821 in main.c code

    for (i = 0; i <= NDPI_LAST_IMPLEMENTED_PROTOCOL; i++){
            atomic_set (&protocols_cnt[i], 0);

            // Set HTTP based protocols
            if ((i > 118 && i < 127) || (i > 139 && i < 146) || (i > 175 && i <= 218 ) || i == 70 || i == 133) nfndpi_protocols_http[i]=1;
            else nfndpi_protocols_http[i]=0;
    }

    /* disable all protocols */
    NDPI_BITMASK_RESET(protocols_bitmask);
    ndpi_set_protocol_detection_bitmask2(ndpi_struct, &protocols_bitmask);

from ndpi-netfilter.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.