diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-07-22 17:42:23 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-22 17:42:23 +0200 |
| commit | 65e31b0ea34c1b73639dd0d36af3674223b2af2f (patch) | |
| tree | 72361b490a01a62904b0df4ce80becec068268d4 /doc/configuration_parameters.md | |
| parent | 67f5cdafc0a704275d5f51a86b6a01fa36a69389 (diff) | |
FPC: small improvements (#2512)
Add printing of fpc_dns statistics and add a general cconfiguration option.
Rework the code to be more generic and ready to handle other logics.
Diffstat (limited to 'doc/configuration_parameters.md')
| -rw-r--r-- | doc/configuration_parameters.md | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index f2ea40aff..590526868 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -12,6 +12,7 @@ TODO | NULL | "fully_encrypted_heuristic" | enable | NULL | NULL | Enable/disable an heuristic to detect fully encrypted sessions, i.e. flows where every bytes of the payload is encrypted in an attempt to “look like nothing”. This heuristic only analyzes the first packet of the flow. See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf | | NULL | "libgcrypt.init" | 1 | NULL | NULL | Enable/disable initialization of libgcrypt. When using the external libgcrypt (instead of the internal crypto code) the libgcrypt runtime must be initialized. If, for whatever reasons, the application alread does it, nDPI must be told to skip it. Note that, by default, nDPI uses the crypto code and not libgcrypt: in that case this parameter is ignored | | NULL | "dpi.compute_entropy" | 1 | NULL | NULL | Enable/disable computation of flow entropy | +| NULL | "fpc" | enable | NULL | NULL | Enable/disable First Packet Classification | | NULL | "dpi.guess_on_giveup" | 0x03 | 0x00 | 0x03 | Tell the library to guess flow classification, if any DPI algorithms/logics fail. The value is a bitmask. Values: 0x0 = disabled; 0x01 = enable guessing by port; 0x02 = enable guessing by ip | | NULL | "flow_risk_lists.load" | 1 | NULL | NULL | Enable/disable loading of every IP addresses lists used to check any flow risks | | NULL | "flow_risk.anonymous_subscriber.list.icloudprivaterelay.load" | 1 | NULL | NULL | Enable/disable loading of internal iCouldPrivateRealy IP address list used to check `NDPI_ANONYMOUS_SUBSCRIBER` flow risk | |