nDPI/example at efccc7d5e4baa7c3a96c8ddea76bea217a2ecf79 - vrr/nDPI

vrr/nDPI

mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-13 23:14:12 +00:00

History

Ivan Nardi efccc7d5e4 Rework flow breed (#2926 ) Right now, there is, in essence, a static mapping between flow protocols and flow breeds. Make it dynamic: allow to have different flows, with the same classification but differents breeds. This is the same logic that we already have for categories.... Preliminary work to support breed in category lists. API change from the app POV: to get the flow breed don't use anymore `ndpi_get_proto_breed()`, but access directly `struct ndpi_proto->breed` The functions `ndpi_domain_classify_*()` and `ndpi_get_host_domain_suffix()` now have a `u_int32_t` parameter as `class_id` (instead of `u_int_16_t`), with the following logic: ``` class_id = (breed << 16) \| category ``` instead of the old: ``` class_id = category ``` Please note that this change is back-compatible: if you are not interested into breeds, you don't need to update the application code.		2025-09-02 16:54:34 +02:00
..
calls.conf	STUN: fix monitoring (#2639 )	2024-12-06 20:19:28 +01:00
categories.txt	IPv6: add support for custom categories (#2126 )	2023-10-29 12:56:44 +01:00
config.txt	Fix test configuration	2025-06-03 12:53:23 +02:00
ja4_fingerprints.csv	Add (kind of) support for loading a list of JA4C malicious fingerprints (#2678 )	2025-01-14 12:05:03 +01:00
Makefile.dpdk.in	Removed Makefile references to legacy code. (#1589 )	2022-06-08 13:37:11 +02:00
Makefile.in	Add a configuration file to ndpiReader (#2629 )	2024-11-27 08:24:31 +01:00
mining_hosts.txt	Implemented custom category loading.	2018-04-26 21:10:59 +02:00
ndpi2timeline.py	ipaddr2list.py, ndpi2timeline.py: reformatted (#2509 )	2024-07-18 20:35:47 +02:00
ndpiReader.c	Rework flow breed (#2926 )	2025-09-02 16:54:34 +02:00
ndpiSimpleIntegration.c	Check `ndpi_finalize_initialization()` return value (#2884 )	2025-06-14 11:31:23 +02:00
obfuscation.conf	Improved configuration to enable/disable export of flow risk info (#2780 )	2025-03-25 21:35:01 +01:00
only_classification.conf	RTP: payload type info should be set only for real RTP flows (#2742 )	2025-02-22 13:35:40 +01:00
protos.txt	tests: add an example of custom rule with nDPI fingerprint	2025-08-31 19:10:05 +02:00
protos_huge.txt	Add a configuration to test a huge number of custom protocols (#2865 )	2025-06-03 20:46:58 +02:00
reader_util.c	Implemented nDPI fingerprint that is computed using	2025-08-21 10:34:49 +02:00
reader_util.h	Rework flow breed (#2926 )	2025-09-02 16:54:34 +02:00
README.DPDK	Added DPDK support to ndpiReader	2018-11-10 16:10:22 +01:00
risky_domains.txt	Added risky domain flow-risk support	2021-02-21 21:45:46 +01:00
sha1_fingerprints.csv	fuzz: extend fuzzing coverage (#2205 )	2023-12-11 12:48:50 +01:00

README.DPDK

Prerequisites
-------------

You need to install and compile DPDK in your HOME directory as explained in
See http://core.dpdk.org/doc/quick-start/ for DPDK installation and setup

Once DPDK is built make sure to create a symbolic link

$ cd
$ ln -s dpdk-18.08 DPDK

so the build process will use the DPDK directory letting you have multiple
DPDK versions available on your system


Build
-----
Everything will happen automagically but if you want to do it by hand
do: make -f Makefile.dpdk


Run Application
---------------
Supposing to capture packets from device eno1 you can start the
application as follows:

sudo ./build/ndpiReader -c 1 --vdev=net_pcap0,iface=eno1 -- -v 1

NOTE:
- ndpiReader without DPDK support sits in this directory
- ndpiReader with DPDK support can be found inside the ./build directory