1 files changed, 86 insertions, 0 deletions
diff --git a/ndpid.conf.example b/ndpid.conf.example
new file mode 100644
index 000000000..61255a04e
--- /dev/null
+++ b/ndpid.conf.example
@@ -0,0 +1,86 @@
+[general]
+# Set the network interface from which packets are captured and processed.
+# Leave it empty to let nDPId choose the default network interface.
+#netif       = eth0
+
+# Set a Berkeley Packet Filter.
+# This will work for libpcap as well as with PF_RING.
+#bpf         = udp or tcp
+
+#pidfile     = /tmp/ndpid.pid
+#user        = nobody
+#group       = daemon
+#riskdomains = /path/to/libnDPI/example/risky_domains.txt
+#protocols   = /path/to/libnDPI/example/protos.txt
+#categories  = /path/to/libnDPI/example/categories.txt
+#ja3         = /path/to/libnDPI/example/ja3_fingerprints.csv
+#sha1        = /path/to/libnDPI/example/sha1_fingerprints.csv
+
+# Collector endpoint as UNIX socket (usually nDPIsrvd)
+#collector   = /run/nDPIsrvd/collector
+# Collector endpoint as UDP socket (usually a custom application)
+#collector   = 127.0.0.1:7777
+
+# Set a name for this nDPId instance
+#alias       = myhostname
+
+# Process only internal initial connections
+#internal    = true
+
+# Process only external initial connections
+#external    = true
+
+# Enable zLib compression of flow memory for long lasting flows
+compression = true
+
+# Enable "analyse" events, which can be used for machine learning
+analysis    = true
+
+# Force poll() on systems that support epoll() as well
+#poll        = false
+
+# Enable PF_RING packet capture instead of libpcap
+#pfring      = false
+
+[tuning]
+max-flows-per-thread            = 2048
+max-idle-flows-per-thread       = 64
+max-reader-threads              = 10
+daemon-status-interval          = 600000000
+#memory-profiling-log-interval   = 5
+compression-scan-interval       = 20000000
+compression-flow-inactivity     = 30000000
+flow-scan-interval              = 10000000
+generic-max-idle-time           = 600000000
+icmp-max-idle-time              = 120000000
+tcp-max-idle-time               = 180000000
+udp-max-idle-time               = 7440000000
+tcp-max-post-end-flow-time      = 120000000
+max-packets-per-flow-to-send    = 15
+max-packets-per-flow-to-process = 32
+max-packets-per-flow-to-analyse = 32
+error-event-threshold-n         = 16
+error-event-threshold-time      = 10000000
+
+# Please note that the following options are libnDPI related and can only be set via config file,
+# not as commnand line parameter.
+# See libnDPI/doc/configuration_parameters.md for detailed information.
+
+[ndpi]
+packets_limit_per_flow      = 32
+flow.direction_detection    = enable
+flow.track_payload          = disable
+tcp_ack_payload_heuristic   = disable
+fully_encrypted_heuristic   = enable
+libgcrypt.init              = 1
+dpi.compute_entropy         = 1
+fpc                         = disable
+dpi.guess_on_giveup         = 0x03
+flow_risk_lists.load        = 1
+flow_risk.crawler_bot.list.load = 1
+log.level                   = 0
+
+[protos]
+tls.certificate_expiration_threshold = 7
+tls.application_blocks_tracking      = enable
+stun.max_packets_extra_dissection    = 8