vrr/nDPI

Fork 0

mirror of https://github.com/vel21ripn/nDPI.git synced 2026-04-28 23:19:42 +00:00

Commit graph

Author	SHA1	Message	Date
Ivan Nardi	39f3cd9558	test: rework main script The issue about `config.txt` files is that they contains paths: * to configuration files, which are in the source tree * to the dynamic plugins, which are in the build tree Solution: * copy all configuration files into the build tree * all those paths are about the build tree * tests run from the build tree, no from the source tree anymore	2025-12-08 17:51:32 +01:00
Luca Deri	3f2f1f8ce4	Added ability to define protocol dissectors in shared libraries (#3047 ) * Added ability to define protocol dissectors in shred libraries and load them at runtime --------- Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>	2025-12-04 15:26:15 +01:00
Ivan Nardi	ecf0f8ace3	Create a specific configuration for classification only (#2689 ) In some scenarios, you might not be interested in flow metadata or flow-risks at all, but you might want only flow (sub-)classification. Examples: you only want to forward the traffic according to the classification or you are only interested in some protocol statistics. Create a new configuration file (for `ndpiReader`, but you can trivially adapt it for the library itself) allowing exactly that. You can use it via: `ndpiReader --conf=example/only_classification.conf ...` Note that this way, the nDPI overhead is lower because it might need less packets per flow: * TLS: nDPI processes only the CH (in most cases) and not also the SH and certificates * DNS: only the request is processed (instead of both request and response) We might extend the same "shortcut-logic" (stop processing the flow immediately when there is a final sub-classification) for others protocols. Add the configuration options to enable/disable the extraction of some TLS metadata.	2025-01-31 15:10:30 +01:00

Author

SHA1

Message

Date

Ivan Nardi

39f3cd9558

test: rework main script

The issue about `config.txt` files is that they contains paths:
* to configuration files, which are in the source tree
* to the dynamic plugins, which are in the build tree

Solution:
* copy all configuration files into the build tree
* all those paths are about the build tree
* tests run from the build tree, no from the source tree anymore

2025-12-08 17:51:32 +01:00

Luca Deri

3f2f1f8ce4

Added ability to define protocol dissectors in shared libraries (#3047 )

* Added ability to define protocol dissectors in shred libraries and load them at runtime

---------

Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>

2025-12-04 15:26:15 +01:00

Ivan Nardi

ecf0f8ace3

Create a specific configuration for classification only (#2689 )

In some scenarios, you might not be interested in flow metadata or
flow-risks at all, but you might want only flow (sub-)classification.
Examples: you only want to forward the traffic according to the
classification or you are only interested in some protocol statistics.

Create a new configuration file (for `ndpiReader`, but you can trivially
adapt it for the library itself) allowing exactly that. You can use it
via: `ndpiReader --conf=example/only_classification.conf ...`

Note that this way, the nDPI overhead is lower because it might need
less packets per flow:
* TLS: nDPI processes only the CH (in most cases) and not also the SH
  and certificates
* DNS: only the request is processed (instead of both request and
  response)

We might extend the same "shortcut-logic" (stop processing the flow
immediately when there is a final sub-classification) for others
protocols.

Add the configuration options to enable/disable the extraction of some
TLS metadata.

2025-01-31 15:10:30 +01:00

3 commits