diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-07-24 17:46:24 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-24 17:46:24 +0200 |
| commit | e6b332aa4a1399e33df68998cf8351bccaee3fc4 (patch) | |
| tree | 3fd8ebf02b0af5334b203055e22e4fe139f0cbf4 /python/ndpi_example.py | |
| parent | 523f22b942b1649272e7b89000d25db6278aa1b0 (diff) | |
Add support for flow client/server information (#1671)
In a lot of places in ndPI we use *packet* source/dest info
(address/port/direction) when we are interested in *flow* client/server
info, instead.
Add basic logic to autodetect this kind of information.
nDPI doesn't perform any "flow management" itself but this task is
delegated to the external application. It is then likely that the
application might provide more reliable hints about flow
client/server direction and about the TCP handshake presence: in that case,
these information might be (optionally) passed to the library, disabling
the internal "autodetect" logic.
These new fields have been used in some LRU caches and in the "guessing"
algorithm.
It is quite likely that some other code needs to be updated.
Diffstat (limited to 'python/ndpi_example.py')
| -rw-r--r-- | python/ndpi_example.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/python/ndpi_example.py b/python/ndpi_example.py index 8606ae84b..f3f07a879 100644 --- a/python/ndpi_example.py +++ b/python/ndpi_example.py @@ -14,7 +14,7 @@ If not, see <http://www.gnu.org/licenses/>. """ from collections import namedtuple -from ndpi import NDPI, NDPIFlow +from ndpi import NDPI, NDPIFlow, ffi import argparse import socket import dpkt @@ -131,7 +131,7 @@ if __name__ == "__main__": key = ppkt_to_flow_key(ppkt) try: # Try a Flow update flow = flow_cache[key] - flow.detected_protocol = nDPI.process_packet(flow.ndpi_flow, ppkt.ip_bytes, time_ms) + flow.detected_protocol = nDPI.process_packet(flow.ndpi_flow, ppkt.ip_bytes, time_ms, ffi.NULL) flow.pkts += 1 flow.bytes += len(packet) except KeyError: # New Flow @@ -139,7 +139,7 @@ if __name__ == "__main__": flow.index = flow_count flow_count += 1 flow.ndpi_flow = NDPIFlow() # We create an nDPIFlow object per Flow - flow.detected_protocol = nDPI.process_packet(flow.ndpi_flow, ppkt.ip_bytes, time_ms) + flow.detected_protocol = nDPI.process_packet(flow.ndpi_flow, ppkt.ip_bytes, time_ms, ffi.NULL) flow.pkts += 1 flow.bytes += len(packet) flow_cache[key] = flow |