vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 00:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
nDPI/example
History
Luca Deri 36abf06c6f Swap from Aho-Corasick to an experimental/home-grown algorithm that uses a probabilistic 
approach for handling Internet domain names.

For switching back to Aho-Corasick it is necessary to edit
ndpi-typedefs.h and uncomment the line
// #define USE_LEGACY_AHO_CORASICK

[1] With Aho-Corasick
$ ./example/ndpiReader -G ./lists/ -i tests/pcap/ookla.pcap | grep Memory
nDPI Memory statistics:
nDPI Memory (once):      37.34 KB
Flow Memory (per flow):  960 B
Actual Memory:           33.09 MB
Peak Memory:             33.09 MB

[2] With the new algorithm
$ ./example/ndpiReader -G ./lists/ -i tests/pcap/ookla.pcap | grep Memory
nDPI Memory statistics:
nDPI Memory (once):      37.31 KB
Flow Memory (per flow):  960 B
Actual Memory:           7.42 MB
Peak Memory:             7.42 MB

In essence from ~33 MB to ~7 MB

This new algorithm will enable larger lists to be loaded (e.g. top 1M domans
https://s3-us-west-1.amazonaws.com/umbrella-static/index.html)

In ./lists there are file names that are named as <category>_<string>.list
With -G ndpiReader can load all of them at startup
2023-08-29 17:34:04 +02:00
..
categories.txt Add categories test PCAP 2019-09-27 10:15:20 +02:00
ja3_fingerprints.csv Updated JA3/SSL fingerprints. 2022-07-04 16:05:22 +02:00
Makefile.dpdk.in Removed Makefile references to legacy code. (#1589) 2022-06-08 13:37:11 +02:00
Makefile.in Add support for LTO and Gold linker (#1812) 2022-12-05 10:21:42 +01:00
mining_hosts.txt Implemented custom category loading. 2018-04-26 21:10:59 +02:00
ndpi2timeline.py Implemented nDPI timeline visualizer 2019-12-15 23:35:43 +01:00
ndpiReader.c Swap from Aho-Corasick to an experimental/home-grown algorithm that uses a probabilistic 2023-08-29 17:34:04 +02:00
ndpiSimpleIntegration.c thread_index may by negative. (#1814) 2022-12-05 10:22:05 +01:00
protos.txt ProtonVPN: split the ip list (#2060) 2023-07-27 09:05:22 +02:00
reader_util.c fuzz: extend coverage (#2073) 2023-08-20 15:18:19 +02:00
reader_util.h DNS: extract geolocation information, if available (#2065) 2023-07-31 07:44:43 +02:00
README.DPDK Added DPDK support to ndpiReader 2018-11-10 16:10:22 +01:00
risky_domains.txt Added risky domain flow-risk support 2021-02-21 21:45:46 +01:00
sha1_fingerprints.csv Updated JA3/SSL fingerprints. 2022-07-04 16:05:22 +02:00

README.DPDK 

Prerequisites
-------------

You need to install and compile DPDK in your HOME directory as explained in
See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup

Once DPDK is built make sure to create a symbolic link

$ cd
$ ln -s dpdk-18.08 DPDK

so the build process will use the DPDK directory letting you have multiple
DPDK versions available on your system


Build
-----
Everything will happen automagically but if you want to do it by hand
do: make -f Makefile.dpdk


Run Application
---------------
Supposing to capture packets from device eno1 you can start the
application as follows:

sudo ./build/ndpiReader -c 1 --vdev=net_pcap0,iface=eno1 -- -v 1

NOTE:
- ndpiReader without DPDK support sits in this directory
- ndpiReader with DPDK support can be found inside the ./build directory