[general]
# Set the network interface from which packets are captured and processed.
# Leave it empty to let nDPId choose the default network interface.
#netif       = eth0

# Set a Berkeley Packet Filter.
# This will work for libpcap as well as with PF_RING.
#bpf         = udp or tcp

#pidfile     = /tmp/ndpid.pid
#user        = nobody
#group       = daemon
#riskdomains = /path/to/libnDPI/example/risky_domains.txt
#protocols   = /path/to/libnDPI/example/protos.txt
#categories  = /path/to/libnDPI/example/categories.txt
#ja3         = /path/to/libnDPI/example/ja3_fingerprints.csv
#sha1        = /path/to/libnDPI/example/sha1_fingerprints.csv

# Collector endpoint as UNIX socket (usually nDPIsrvd)
#collector   = /run/nDPIsrvd/collector
# Collector endpoint as UDP socket (usually a custom application)
#collector   = 127.0.0.1:7777

# Set a name for this nDPId instance
#alias       = myhostname

# Process only internal initial connections (src->dst)
#internal    = true

# Process only external initial connections (dst->src)
#external    = true

# Enable zLib compression of flow memory for long lasting flows
compression = true

# Enable "analyse" events, which can be used for machine learning.
# The daemon will generate some statistical values for every single flow.
# An "analyse" event is thrown after "max-packets-per-flow-to-analyse".
# Please note that the daemon will require a lot more heap memory for every flow.
#analysis    = true

# Force poll() on systems that support epoll() as well
#poll        = false

# Enable PF_RING packet capture instead of libpcap
#pfring      = false

[tuning]
max-flows-per-thread            = 2048
max-idle-flows-per-thread       = 64
max-reader-threads              = 10
daemon-status-interval          = 600000000
#memory-profiling-log-interval   = 5
compression-scan-interval       = 20000000
compression-flow-inactivity     = 30000000
flow-scan-interval              = 10000000
generic-max-idle-time           = 600000000
icmp-max-idle-time              = 120000000
tcp-max-idle-time               = 180000000
udp-max-idle-time               = 7440000000
tcp-max-post-end-flow-time      = 120000000
max-packets-per-flow-to-send    = 15
max-packets-per-flow-to-process = 32
max-packets-per-flow-to-analyse = 32
error-event-threshold-n         = 16
error-event-threshold-time      = 10000000

# Please note that the following options are libnDPI related and can only be set via config file,
# not as commnand line parameter.
# See libnDPI/doc/configuration_parameters.md for detailed information.

[ndpi]
packets_limit_per_flow      = 32
flow.direction_detection    = enable
flow.track_payload          = disable
tcp_ack_payload_heuristic   = disable
fully_encrypted_heuristic   = enable
libgcrypt.init              = 1
dpi.compute_entropy         = 1
fpc                         = disable
dpi.guess_on_giveup         = 0x03
flow_risk_lists.load        = 1
flow_risk.crawler_bot.list.load = 1
log.level                   = 0

[protos]
tls.certificate_expiration_threshold = 7
tls.application_blocks_tracking      = enable
stun.max_packets_extra_dissection    = 8