aboutsummaryrefslogtreecommitdiff
path: root/nDPId.c
Commit message (Collapse)AuthorAge
...
* Added internal/external packet processing modes.Toni Uhlig2021-01-06
| | | | | | | | * only IPv4 supported for now * refactored nDPId's internal IP address storage * use fresh ndpi_free_flow_data() to free nDPI's dynamic allocated data Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Declared nDPI id and flow structs in nDPId flow info struct.Toni Uhlig2020-12-30
| | | | | | | | Two reasons: * reduce heap memory allocations * nDPId flow info struct may be inflated in the future (more bytes to compress) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Set an optional bpf filter string for pcap based packet capture.Toni Uhlig2020-12-29
| | | | | | * serialize and send datalink layer type Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPIsrvd: Distributor clients which are too slow can cause buffer bloat.Toni Uhlig2020-12-19
| | | | | | | | | Switching back to blocking mode works as a quick fix but is not sufficient. See comments. * nDPId prints more accurate error messages if command line argument validation failed Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPId option validation is now less restrictiveToni Uhlig2020-12-14
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Let travis use pcap files from nDPI to produce some JSON output. (disabled, ↵Toni Uhlig2020-12-01
| | | | | | | | | | | needs further testing..) * Added pcap diff script * Added \n to JSON string end (useful for debugging and readability) * Use first host/server name character for hash calculation as well * Removed error'ing EPOLLHUP handling in nDPIsrvd (connection closing will be detected via read()) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Moved datalink layer processing into a separate function.Toni Uhlig2020-11-18
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* More detailed `nanosleep() before close()' description.Toni Uhlig2020-11-11
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Improved default capture device handling if none set via `-i'.Toni Uhlig2020-11-08
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Make sure that DAEMON_EVENT_SHUTDOWN gets transmitted before close() (hacky, ↵Toni Uhlig2020-11-08
| | | | | | but works). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPId/nDPIsrvd: change_user_group does now chown/chmod collector/distributor ↵Toni Uhlig2020-10-07
| | | | | | socket paths Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPId: Fixed BUG if flow was guessed but "Unknown" detected protocol serialized.Toni Uhlig2020-10-01
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added additional datalink header check for DLT_NULL/IPv6.Toni Uhlig2020-09-28
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added alias support for an nDPId instance.Toni Uhlig2020-09-27
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added daemon events.Toni Uhlig2020-09-27
| | | | | | * Added missing IPv4 / IPv6 datalink layer (if no layer2 protocol used). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added host_server_name length to hash to send a detection update if length ↵Toni Uhlig2020-09-26
| | | | | | changed (hacky). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Added new flow event: FLOW_EVENT_DETECTION_UPDATEToni Uhlig2020-09-25
| | | | | | | * This event will be triggered when nDPI detection has some new information for us (hopefully). * Detection change is based on hashing with 32-bit murmur3 certain members of the ndpi flow struct. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* Process extra packets with nDPI, still not perfect but results in a more ↵Toni Uhlig2020-09-24
| | | | | | | | | accurate detection. * set default user used for setuid() * added 2 TODOs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPId: Change user/group after init.Toni Uhlig2020-09-21
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPId: Print compiled-in libgcrypt version (if libndpi was compiled with ↵Toni Uhlig2020-08-31
| | | | | | libgcrypt support). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPId: Improved command line option parsing, app usage and subopts for ↵Toni Uhlig2020-08-26
| | | | | | (carefully) tuning some daemon options. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPId: subopt parsing skeletonToni Uhlig2020-08-19
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* added pkt_type and pkt_ipoffset to json serializationToni Uhlig2020-08-19
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* minor improvments regarding flow guessing on flow end/idle and other not ↵Toni Uhlig2020-08-16
| | | | | | worth to mention Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* error handling enhancementsToni Uhlig2020-08-15
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* several fixes and improvmentsToni Uhlig2020-08-14
| | | | | | | | - set errno to 0 if it is checked right after a libc call - ignore SIGPIPE as we want to avoid signal handling where possible - fixed another issue in nDPIsrvd/c-json-stdout which caused buffering errors Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPId: removed unused code, process remaining flows on shutdown (useful for ↵Toni Uhlig2020-08-14
| | | | | | replaying pcap files) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* set detection_completed = 1 if guessed/not-detected event thrownToni Uhlig2020-08-13
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* improved TCP-FIN/TCP-RST and TCP-keepalive/-idle timeout handlingToni Uhlig2020-08-13
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* replaced deprecated pcap_lookupdev with pcap_findalldevsToni Uhlig2020-08-12
|
* moved PACKET_EVENT_PAYLOAD_FLOW after FLOW_EVENT_NEW (and before ↵Toni Uhlig2020-08-09
| | | | | | FLOW_EVENT_END/IDLE) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* event consistency: call ndpi_dpi2json only for GUESSED, DETECTED, ↵Toni Uhlig2020-08-08
| | | | | | | | NOT-DETECTED flow events - force generation of GUESSED, NOT-DETECTED events on flow idle/end if detection finished Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPId: do not serialize flow riskm twiceToni Uhlig2020-08-07
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* added python flow info script, improved IPv4/IPv6 string conversionToni Uhlig2020-08-06
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* added utils module to share some code parts with other appsToni Uhlig2020-08-05
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* nDPId daemonize / pidfile support + improved syslog loggingToni Uhlig2020-08-05
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* introduced NETWORK_BUFFER_MAX_SIZE to replace BUFSIZ as this might change ↵Toni Uhlig2020-08-04
| | | | | | depending on the arch/libc used Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* print snprintf retval and buffer size if buffer preparation failedToni Uhlig2020-08-04
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* clang-formatToni Uhlig2020-08-04
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* moved more default config options into config.hToni Uhlig2020-08-04
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* merged some pre-processor macros which are used in multiple executablesToni Uhlig2020-08-04
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* prefix every generated json string with the length of itself in bytesToni Uhlig2020-08-03
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* added %zu format string, so CC won't complain if size types usedToni Uhlig2020-07-16
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* serialize flow risk, send information about how much raw pkts are sent to ↵Toni Uhlig2020-07-15
| | | | | | the json endpoint, send also a json thread init complete event Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* added packet based eventsToni Uhlig2020-07-14
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* shutdown socket reading end as we just want to send json strings and never ↵Toni Uhlig2020-07-13
| | | | | | read something Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* replaced fprintf with syslog callsToni Uhlig2020-07-11
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* removed obsolete DISABLE_JSONIZER modeToni Uhlig2020-07-11
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* removed obsolete EXTRA_VERBOSE modeToni Uhlig2020-07-11
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
* use a string mapping table for event id to name conversionToni Uhlig2020-07-11
| | | | Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Powered by cgit, Themed by Ted Yin.