| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Read and parse configuration files. Fixes #41.
* supports nDPId / nDPIsrvd via command line parameter `-f`
* nDPId: read general/tuning and libnDPI settings
* support for settings risk domains libnDPI option via config file or via `-R` (Fixes #45, thanks to @UnveilTech)
* added some documentation in the config file
* adjusted Systemd and Debian packaging to make use of config files
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
flow events. Fixes #39.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
* added new CMake option `ENABLE_MEMORY_STATUS` to restore the old behavior
(and increase performance)
* splitted `ENABLE_MEMORY_PROFILING` into `ENABLE_MEMORY_STATUS` and `ENABLE_MEMORY_PROFILING`
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* incorporated API changes from 41eef9246c6a3055e3876e3dd7aeaadecb4b76c0
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
`/proc/net/if_inet6`.
* fixes a compatibility issue with Mac OSX
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* set min required nDPI version to 4.9.0
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* incorporated API changes from nDPI
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
* a "detection-update" event was thrown even if nothing changed
* in some cases "not-detected" events were spammed if detection not completed
* tell `libnDPI` how many packets per flow we want to dissect
* `nDPId-test` validates total active flows in the right way
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* CI: ArchLinux build should now instrument `-Werror`
* CI: Increased OpenWrt build verbosity
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* fixed/improved c-captured logging
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* fix ndpi data anylsis struct min/max issue
* py-flow-info cosmetics in printing some information
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
after the first packet. Nonsense.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* caused by recently added serializing some nDPI data even packet processing is still ongoing
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* Fixed risk hash value calculation, which was only done lower 32 bits.
* Reduced default reader threads count to two if cross compiling.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
* Add MacOS to Github CI builds.
* Fixed libnDPI-4.8 CI build.
* Fixed missing include for `struct sockaddr*`.
* Reworked IPv4 address and netmask retrieval.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Finalize Event I/O abstraction layer.
* Fix possible fd leakage, Gitlab-CI build and error logging.
* Fixed possible uninitialized signalfd variable.
* Fixed possible memory leak.
* Fixed some SonarCloud complaints.
* Fixed nDPId-test nDPIsrvd-arpa-mockup stuck indefinitely.
* Add nDPId / nDPIsrvd command line option to use poll() on Linux instead of the default epoll().
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* changed nDPI version hints / requirements
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* nDPId-test may also verify the correct encoding/decoding
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* fixes loading of gambling lists which increased nDPId's memory usage *a lot*
* nDPId: handle EINTR correctly
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
e.g. jobserver)
* fixed invalid CMake `test -r ...`
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* fix CI issues
Signed-off-by: lns <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
* added custom nDPI logging callback
Signed-off-by: lns <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: lns <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
to `pkt_datalink`.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
* py-semantic-validation: Decode base64 raw packet data as well
* nDPIsrvd.py: Added PACKETS_PLEN_MAX
* nDPIsrvd.py: Improved JSON parse error/exception handling
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
Fixed a race condition in the memory wrapper as well.
* nDPId: Instead of sending too long JSON strings, log an error and some parts.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
serializer.
* nDPId-test: Increased the max-packets-per-flow-to-send from 3 to 5.
This is quite useful for TCP as the first 3 packets are usually part of the three-way-handshake.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
* nDPId/nDPIsrvd/c-examples: Parameter parsing needs to be improved
if `strdup()` in combination with static strings is used.
* Other non-critical fixes.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* The issue can result in an error message like:
`Base64 encoding failed with: Buffer too small.`
and also in too big JSON strings generated by nDPId
which nDPIsrvd does not like as it's length is
greater than `NETWORK_BUFFER_MAX_SIZE`.
* nDPId will now obey `NETWORK_BUFFER_MAX_SIZE` while
trying to base64 encode raw packet data.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
abused.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
* c-analysed: fixed quoting bug
* nDPId: fixed invalid iat storing/serialisation
* nDPId: free data analysis after event was sent
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Signed-off-by: lns <matzeton@googlemail.com>
|
| |
|
|
|
|
|
| |
* nDPIsrvd.h: iterate over JSON arrays
* nDPId: calculate l3 payload packet entropies for analysis
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Still not perfect, but the code before was not even able to deal with JSON arrays.
Use common "speaking" function names for all functions in nDPIsrvd.h
* Provide a more or less generic and easy extendable JSON walk function.
* Modified C examples to align with the changed C API.
* c-collectd: Reduced lot's of code duplication by providing mapping tables.
* nDPId: IAT array requires one slot less (first packet has always an IAT of 0).
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
|
|
| |
* store packet directions
* merged direction based IATs
* merged direction based PKTLENs
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|