diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/configuration_parameters.md | 1 | ||||
| -rw-r--r-- | doc/library_initialization.md | 84 |
2 files changed, 85 insertions, 0 deletions
diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md index 7c8e78ac2..5b7ca257e 100644 --- a/doc/configuration_parameters.md +++ b/doc/configuration_parameters.md @@ -20,6 +20,7 @@ TODO | NULL | "log.level" | 0 | 0 | 3 | Configure the log/debug level. Possible values: 0 = error, 1 = trace, 2 = debug, 3 = extra debug | | NULL | "lru.$CACHE_NAME.size" | See description | 0 | 16777215 | Set the size (in number of elements) of the specified LRU cache (0 = the cache is disabled). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The default value is "32768" for the bittorrent cache, "512" for the zoom cache and "1024" for all the other caches | | NULL | "lru.$CACHE_NAME.ttl" | See description | 0 | 16777215 | Set the TTL (in seconds) for the elements of the specified LRU cache (0 = the elements never explicitly expire). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The default value is "120" for the ookla cache, "60" for the msteams and stun_zoom caches and "0" for all the other caches | +| NULL | "lru.$CACHE_NAME.scope" | 0 | 0 | 1 | Set the scope of the specified LRU cache (0 = the cache is local, 1 = the cache is global). The keyword "$CACHE_NAME" is a placeholder for the cache name and the possible values are: ookla, bittorrent, zoom, stun, tls_cert, mining, msteams, stun_zoom. The global scope con be set only if a global context has been initialized | | "tls" | "certificate_expiration_threshold" | 30 | 0 | 365 | The threshold (in days) used to trigger the `NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE` flow risk | | "tls" | "application_blocks_tracking" | disable | NULL | NULL | Enable/disable processing of TLS Application Blocks (post handshake) to extract statistical information about the flow | | "tls" | "metadata.sha1_fingerprint" | enable | NULL | NULL | Enable/disable computation and export of SHA1 fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_SHA1_CERTIFICATE` is not checked | diff --git a/doc/library_initialization.md b/doc/library_initialization.md new file mode 100644 index 000000000..f70051aa9 --- /dev/null +++ b/doc/library_initialization.md @@ -0,0 +1,84 @@ + + + +A simple, common example + +``` + +struct ndpi_detection_module_struct *ndpi_struct; +ndpi_cfg_error rc; +int ret; + +ndpi_struct = ndpi_init_detection_module(NULL); +if(!ndpi_struct) { + ERROR; +} + +/* Configuration */ + +rc = ndpi_set_config(ndpi_struct, "tls", "certificate_expiration_threshold", "10"); +if(rc != NDPI_CFG_OK) { + ERROR; +} + +/* Finalization */ +ret = ndpi_finalize_initialization(ndpi_struct); +if(ret != 0) { + ERROR; +} + + +/* Initialization done, now you can feed packets to the library */ + + + +/* Cleanup */ + +ndpi_exit_detection_module(ndpi_struct); + + +``` + +A more complex example, with global context and a shared Oookla LRU cache (all the others caches are local) + +``` + +struct ndpi_global_context *g_ctx; +struct ndpi_detection_module_struct *ndpi_structs[num_local_contexts]; +ndpi_cfg_error rc; +int i, ret; + +g_ctx = ndpi_global_init(); +if(!g_ctx) { + ERROR; +} + +for(i = 0; i < num_local_contexts; i++) { + ndpi_structs[i] = ndpi_init_detection_module(g_ctx); + if(!ndpi_struct[i]) { + ERROR; + } + + rc = ndpi_set_config(ndpi_structs[i], NULL, "lru.ookla.scope", "1"); + if(rc != NDPI_CFG_OK) { + ERROR; + } + + ret = ndpi_finalize_initialization(ndpi_structs[i]); + if(ret != 0) { + ERROR; + } +} + +/* Initialization done */ + +/* Cleanup */ + +for(i = 0; i < num_local_contexts; i++) { + ndpi_exit_detection_module(ndpi_structs[i]); +} + +ndpi_global_deinit(g_ctx); + + +``` |