From 36abf06c6f59b66bde48e7b3028b4823ecc6ed85 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 29 Aug 2023 17:34:04 +0200 Subject: Swap from Aho-Corasick to an experimental/home-grown algorithm that uses a probabilistic approach for handling Internet domain names. For switching back to Aho-Corasick it is necessary to edit ndpi-typedefs.h and uncomment the line // #define USE_LEGACY_AHO_CORASICK [1] With Aho-Corasick $ ./example/ndpiReader -G ./lists/ -i tests/pcap/ookla.pcap | grep Memory nDPI Memory statistics: nDPI Memory (once): 37.34 KB Flow Memory (per flow): 960 B Actual Memory: 33.09 MB Peak Memory: 33.09 MB [2] With the new algorithm $ ./example/ndpiReader -G ./lists/ -i tests/pcap/ookla.pcap | grep Memory nDPI Memory statistics: nDPI Memory (once): 37.31 KB Flow Memory (per flow): 960 B Actual Memory: 7.42 MB Peak Memory: 7.42 MB In essence from ~33 MB to ~7 MB This new algorithm will enable larger lists to be loaded (e.g. top 1M domans https://s3-us-west-1.amazonaws.com/umbrella-static/index.html) In ./lists there are file names that are named as _.list With -G ndpiReader can load all of them at startup --- src/include/ndpi_typedefs.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/include/ndpi_typedefs.h') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 523ba4aec..75df402ef 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -31,7 +31,7 @@ /* Used by both nDPI core and patricia code under third-party */ #include "ndpi_patricia_typedefs.h" -#define USE_LEGACY_AHO_CORASICK +// #define USE_LEGACY_AHO_CORASICK #ifndef NDPI_CFFI_PREPROCESSING #ifndef u_char @@ -1101,6 +1101,9 @@ typedef enum { Crypto Currency e.g Bitcoin, Litecoin, Etherum ..et. */ NDPI_PROTOCOL_CATEGORY_CRYPTO_CURRENCY = 106, + + /* Gambling websites */ + NDPI_PROTOCOL_CATEGORY_GAMBLING = 107, /* IMPORTANT -- cgit v1.2.3