From d72a760ac3895dd8a0bd3e55d4b51f9e22e04e6c Mon Sep 17 00:00:00 2001
From: Nardi Ivan <nardi.ivan@gmail.com>
Date: Tue, 9 Jan 2024 08:41:44 +0100
Subject: New API for library configuration

This is the first step into providing (more) configuration options in nDPI.

The idea is to have a simple way to configure (most of) nDPI: only one
function (`ndpi_set_config()`) to set any configuration parameters
(in the present or on in the future) and we try to keep this function
prototype as agnostic as possible.

You can configure the library:
* via API, using `ndpi_set_config()`
* via a configuration file, in a text format

This way, anytime we need to add a new configuration parameter:
* we don't need to add two public functions (a getter and a setter)
* we don't break API/ABI compatibility of the library; even changing
the parameter type (from integer to a list of integer, for example)
doesn't break the compatibility.

The complete list of configuration options is provided in
`doc/configuration_parameters.md`.

As a first example, two configuration knobs are provided:
* the ability to enable/disable the extraction of the sha1 fingerprint of
the TLS certificates.
* the upper limit on the number of packets per flow that will be subject
to inspection
---
 doc/configuration_parameters.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 doc/configuration_parameters.md

(limited to 'doc/configuration_parameters.md')

diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md
new file mode 100644
index 000000000..77ce00236
--- /dev/null
+++ b/doc/configuration_parameters.md
@@ -0,0 +1,10 @@
+
+# Configuration knobs
+
+TODO
+
+| Protocol     | Parameter                                 | Default value | Min value | Max value | Description | Notes  |
+| ------       | ------                                    | ------        | ------    | ------    | ------      | ------ |
+| NULL         | "packets_limit_per_flow"                  | 32            | 0         | 255       | The upper limit on the number of packets per flow that will be subject to DPI, after which classification will be considered complete (0 = no limit) |
+| NULL         | "filename.config"                         | NULL          | NULL      | NULL      | Name of the file containing a list of configuration knobs itself (one per line)!. Useful to configure nDPI via text file instead of via API |
+| "tls"        | "metadata.sha1_fingerprint.enable"        | 1             | NULL      | NULL      | Enable/disable computation and export of SHA1 fingerprint for TLS flows. Note that if it is disable, the flow risk `NDPI_MALICIOUS_SHA1_CERTIFICATE` is not checked |
-- 
cgit v1.2.3