mirror of
https://github.com/vel21ripn/nDPI.git
synced 2026-04-28 06:59:40 +00:00
83d85775a8
Application should keep calling nDPI until flow state became
`NDPI_STATE_CLASSIFIED`.
The main loop in the application is simplified to something like:
```
res = ndpi_detection_process_packet(...);
if(res->state == NDPI_STATE_CLASSIFIED) {
/* Done: you can get finale classification and all metadata.
nDPI doesn't need more packets for this flow */
} else {
/* nDPI needs more packets for this flow. The provided
classification is not final and more metadata might be
extracted.
If `res->state` is `NDPI_STATE_PARTIAL`, partial/initial
classification is available in `res->proto`
as usual but it can be updated later.
*/
}
/*
Example A (QUIC flow):
pkt 1: proto QUIC state NDPI_STATE_PARTIAL
pkt 2: proto QUIC/Youtube state NDPI_STATE_CLASSIFIED
Example B (GoogleMeet call):
pkt 1: proto STUN state NDPI_STATE_PARTIAL
pkt N: proto DTLS state NDPI_STATE_PARTIAL
pkt N+M: proto DTLS/GoogleCall state NDPI_STATE_CLASSIFIED
Example C (standard TLS flow):
pkt 1: proto Unknown state NDPI_STATE_INSPECTING
pkt 2: proto Unknown state NDPI_STATE_INSPECTING
pkt 3: proto Unknown state NDPI_STATE_INSPECTING
pkt 4: proto TLS/Facebook state NDPI_STATE_PARTIAL
pkt N: proto TLS/Facebook state NDPI_STATE_CLASSIFIED
*/
}
```
You can take a look at `ndpiReader` for a slightly more complex example.
API changes:
* remove the third parameter from `ndpi_detection_giveup()`. If you need
to know if the classification flow has been guessed, you can access
`flow->protocol_was_guessed`
* remove `ndpi_extra_dissection_possible()`
* change some prototypes from accepting `ndpi_protocol foo` to
`ndpi_master_app_protocol bar`. The update is trivial: from `foo` to
`foo.proto`
|
||
|---|---|---|
| .. | ||
| ndpi | ||
| DEV_GUIDE.md | ||
| dev_requirements.txt | ||
| ndpi_example.py | ||
| README.md | ||
| requirements.txt | ||
| setup.py | ||
| tests.py | ||
ndpi
This package contains Python bindings for nDPI. nDPI is an Open and Extensible LGPLv3 Deep Packet Inspection Library.
ndpi is implemented using CFFI (out-of-line API mode). Consequently, it is fast and PyPy compliant.
Installation
Build nDPI
git clone --branch dev https://github.com/ntop/nDPI.git
cd nDPI
./autogen.sh
./configure
make
sudo make install
Install ndpi package
cd python
# IMPORTANT: nDPI Bindings requires Python version >= 3.7
python3 -m pip install --upgrade pip
python3 -m pip install -r dev_requirements.txt
python3 -m pip install .
Usage
API
from ndpi import NDPI, NDPIFlow
nDPI = NDPI()
# You per flow processing here
# ...
ndpi_flow = NDPIFlow()
nDPI.process_packet(ndpi_flow, ip_bytes, time_ms)
nDPI.giveup(ndpi_flow) # If you want to guess it instead (DPI fallback)
Example Application
ndpi_example.py is provided to demonstrate how ndpi can be integrated within your Python application.
Using nDPI 4.3.0-3532-8dd70b70
usage: ndpi_example.py [-h] [-u] input
positional arguments:
input input pcap file path
optional arguments:
-h, --help show this help message and exit
-u, --include-unknowns
Example with a Skype capture file
python3 ndpi_example.py -u ../tests/pcap/skype.pcap
Related projects
The provided example is for demo purposes only, For additional features (live capture, multiplatform support, multiprocessing, ML based classification, system visibility, etc.), please check nDPI based framework, NFStream.
License
This project is licensed under the LGPLv3 License - see the License file for details.