diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-09-19 19:31:21 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-09-19 19:39:49 +0200 |
| commit | 08f263e40981483e96fab9d7c864722abe45df0d (patch) | |
| tree | 939dfce1c2f18a37cb355de5413f8b9852a220e7 /README.md | |
| parent | 015a739efda638737adeed521ca5ba43708949f0 (diff) | |
nDPId: Reduced flow-updates for TCP flows to 1/4 of the timeout value.
* nDPId: Fixed broken validation tests.
* nDPId: Removed TICK_RESOLUTION, not required anymore.
* c-collectd: Improved total layer4 payload calculation/update handling.
* c-collectd: Updated RRD Graph script according to total layer4 payload changes.
* py-flow-info.py: Fixed several bugs and syntax errors.
* Python scripts: Added dirname(argv[0]) as search path for nDPIsrvd.py.
* nDPIsrvd&nDPId-test: Fixed missing EPOLLERR check.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -114,7 +114,7 @@ Flow Events: all events related to a flow 2. end: a TCP connections terminates 3. idle: a flow timed out, because there was no packet on the wire for a certain amount of time 4. update: inform nDPIsrvd or other apps about a long-lasting flow, whose detection was finished a long time ago but is still active - 5. analyse: provide some information about extracted features of a flow (disabled per default, enabled with `-A`) + 5. analyse: provide some information about extracted features of a flow (Experimental; disabled per default, enable with `-A`) 6. guessed: `libnDPI` was not able to reliable detect a layer7 protocol and falls back to IP/Port based detection 7. detected: `libnDPI` sucessfully detected a layer7 protocol 8. detection-update: `libnDPI` dissected more layer7 protocol data (after detection already done) @@ -261,7 +261,6 @@ Format: `subopt` (unit, comment): description * `max-flows-per-thread` (N, caution advised): affects max. memory usage * `max-idle-flows-per-thread` (N, safe): max. allowed idle flows which memory get's free'd after `flow-scan-interval` - * `tick-resolution` (ns, untested): timestamp resolution (applies to **all** timestamps!) * `max-reader-threads` (N, safe): amount of packet processing threads, every thread can have a max. of `max-flows-per-thread` flows * `daemon-status-interval` (ms, safe): specifies how often daemon event `status` will be generated * `compression-scan-interval` (ms, untested): specifies how often `nDPId` should scan for inactive flows ready for compression @@ -274,6 +273,7 @@ Format: `subopt` (unit, comment): description * `tcp-max-post-end-flow-time` (ms, caution advised): a TCP flow that received a FIN or RST will wait that amount of time before flow tracking will be stopped and the flow memory free'd * `max-packets-per-flow-to-send` (N, safe): max. `packet-flow` events that will be generated for the first N packets of each flow * `max-packets-per-flow-to-process` (N, caution advised): max. packets that will be processed by `libnDPI` + * `max-packets-per-flow-to-analyze` (N, safe): max. packets to analyze before sending an `analyse` event, requires `-A` # test |