| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
* c-collectd gives the user control over collectd-exec instance name
* added missing collectd type `flow_l4_icmp_count`
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* nDPIsrvd services usually do not care about layer4 data length,
payload length is quite more essential for further processing
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* daemon.sh script to simplify daemon testing
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* default values "stolen" from nf_conntrack
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* basicially C&P from nDPI reader_utils but with some more sanity checks
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* fixed inconsistent processing of remaining flows during nDPId shutdown phase
* fixed multiple `detected' flow events
(instead only `detection-update' flow events can occur after a `detected' flow event)
* fixed nDPIsrvd.py invalid message buffer handling
* improved run_tests.sh so only valid pcap capture files are getting processed
(and some more cosmetics + logging)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* added another Python search path and try-catch ModuleNotFoundError again
* run_tests.sh checks for OpenBSD netcat (required for -q)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* generate DAEMON_EVENT_INIT as well as DAEMON_EVENT_SHUTDOWN
* process remaining flows before shutdown (and generate events)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
re-using most of nDPId/nDPIsrvd core)
* improved Makefile.old install targets
* splitted nDPIsrvd_parse into nDPIsrvd_parse_line and nDPIsrvd_parse_all for the sake of readability
* minor Python script improvments (check for nDPIsrvd.py on multiple locations, may be superseeded by setuptools in the future)
* some paths needs to be absolute (chdir() during daemonize) and therefor additional checks introduced
* test run script checks and fails if certain files are are missing (PCAP file <=> result output file)
* removed not very useful "internal format error" JSON serialization if a BUG for same exists
* fixed invalid l4 type statistics counters for nDPIsrvd-collectd
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
| |
will help to reduce the average memory consumption.
How? After the detection finished, internal ndpi structs can be free'd as they are not needed anymore.
* Set the amount of max. packets to process via subopt.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
* fixed invalid flow event schema type
* added run_tests.sh to generate/diff JSON dumps
* renamed lot's of vars/fns in nDPId.c/nDPIsrvd.c, so nDPId-test.c can include "*.c"
* improved CMake dependency checks
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* Fixed memory holes in nDPId structs.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
* nDPId supports looading of custom nDPI protocol/category files
* extended JSON schemas according to nDPI / nDPId JSON serializing
* removed memory holes in nDPId
* extended examples/c-captured
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
* nDPIsrvd.h does flow mgmt out of the box
* dissect received JSON strings via callback
* added new JSON key/values for packet-flows (usecTimestamp/L3/L4 info)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
to also increase NETWORK_BUFFER_LENGTH_DIGITS to 5.
* Fixed ARM32 xcompile warnings; Other GCC versions, other uint64_t's..
* Replaced ridiculous nDPIsrvd_JSON_BYTES with NETWORK_BUFFER_LENGTH_DIGITS.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
information).
* Making Compare&Fetch mandatory.
* Added some more Compare&Fetch to prevent TSAN complaining about data races.
Fixed possible but more ore less harmless data races during shutdown process.
* Shrink SIGNAL handler to a minimum. SYSV Signal handling and MT-safety is awkward.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* instance alias is now mandatory (will be required for future use-cases)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* fixed incorrect handling of skipped flows
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
* only IPv4 supported for now
* refactored nDPId's internal IP address storage
* use fresh ndpi_free_flow_data() to free nDPI's dynamic allocated data
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
Two reasons:
* reduce heap memory allocations
* nDPId flow info struct may be inflated in the future (more bytes to compress)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* serialize and send datalink layer type
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
Switching back to blocking mode works as a quick fix but is not sufficient.
See comments.
* nDPId prints more accurate error messages if command line argument validation failed
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
needs further testing..)
* Added pcap diff script
* Added \n to JSON string end (useful for debugging and readability)
* Use first host/server name character for hash calculation as well
* Removed error'ing EPOLLHUP handling in nDPIsrvd (connection closing will be detected via read())
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
but works).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
socket paths
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* Added missing IPv4 / IPv6 datalink layer (if no layer2 protocol used).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
changed (hacky).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* This event will be triggered when nDPI detection has some new information for us (hopefully).
* Detection change is based on hashing with 32-bit murmur3 certain members of the ndpi flow struct.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
accurate detection.
* set default user used for setuid()
* added 2 TODOs
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
libgcrypt support).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
(carefully) tuning some daemon options.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
worth to mention
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
- set errno to 0 if it is checked right after a libc call
- ignore SIGPIPE as we want to avoid signal handling where possible
- fixed another issue in nDPIsrvd/c-json-stdout which caused buffering errors
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
replaying pcap files)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|