vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 00:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Create a specific configuration for classification only (#2689)

Browse source 
In some scenarios, you might not be interested in flow metadata or
flow-risks at all, but you might want only flow (sub-)classification.
Examples: you only want to forward the traffic according to the
classification or you are only interested in some protocol statistics.

Create a new configuration file (for `ndpiReader`, but you can trivially
adapt it for the library itself) allowing exactly that. You can use it
via: `ndpiReader --conf=example/only_classification.conf ...`

Note that this way, the nDPI overhead is lower because it might need
less packets per flow:
* TLS: nDPI processes only the CH (in most cases) and not also the SH
  and certificates
* DNS: only the request is processed (instead of both request and
  response)

We might extend the same "shortcut-logic" (stop processing the flow
immediately when there is a final sub-classification) for others
protocols.

Add the configuration options to enable/disable the extraction of some
TLS metadata.
This commit is contained in:
Ivan Nardi 2025-01-31 15:10:30 +01:00 committed by GitHub
parent 41133638dc
commit ecf0f8ace3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
38 changed files with 695 additions and 328 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tests/cfgs/classification_only/config.txt Normal file
View file

@ -0,0 +1 @@
--conf=../../../example/only_classification.conf