nDPId

mirror of https://github.com/optim-enterprises-bv/nDPId.git synced 2025-11-01 18:57:48 +00:00

Author	SHA1	Message	Date
Toni Uhlig	5b9965ce63	Added host_server_name length to hash to send a detection update if length changed (hacky). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-09-26 00:35:37 +02:00
Toni Uhlig	6c0ac8b045	Added new flow event: FLOW_EVENT_DETECTION_UPDATE * This event will be triggered when nDPI detection has some new information for us (hopefully). * Detection change is based on hashing with 32-bit murmur3 certain members of the ndpi flow struct. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-09-25 20:43:23 +02:00
Toni Uhlig	370ca7c00d	Process extra packets with nDPI, still not perfect but results in a more accurate detection. * set default user used for setuid() * added 2 TODOs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-09-24 23:41:12 +02:00
Toni Uhlig	ec1ffb6723	nDPId: Change user/group after init. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-09-21 19:34:17 +02:00
Toni Uhlig	70febd225b	nDPId: Print compiled-in libgcrypt version (if libndpi was compiled with libgcrypt support). Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-31 16:13:04 +02:00
Toni Uhlig	93fa7fcabf	nDPId: Improved command line option parsing, app usage and subopts for (carefully) tuning some daemon options. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-26 17:24:12 +02:00
Toni Uhlig	bae579e926	nDPId: subopt parsing skeleton Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-19 20:16:11 +02:00
Toni Uhlig	4c9e099d0f	added pkt_type and pkt_ipoffset to json serialization Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-19 19:52:38 +02:00
Toni Uhlig	9990865362	minor improvments regarding flow guessing on flow end/idle and other not worth to mention Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-16 00:22:18 +02:00
Toni Uhlig	84448d5e4e	error handling enhancements Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-15 13:05:49 +02:00
Toni Uhlig	be4366b0e1	several fixes and improvments - set errno to 0 if it is checked right after a libc call - ignore SIGPIPE as we want to avoid signal handling where possible - fixed another issue in nDPIsrvd/c-json-stdout which caused buffering errors Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-14 17:40:02 +02:00
Toni Uhlig	a377008644	nDPId: removed unused code, process remaining flows on shutdown (useful for replaying pcap files) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-14 14:37:50 +02:00
Toni Uhlig	52945ff903	set detection_completed = 1 if guessed/not-detected event thrown Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-13 10:55:08 +02:00
Toni Uhlig	3f783f9f01	improved TCP-FIN/TCP-RST and TCP-keepalive/-idle timeout handling Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-13 09:49:14 +02:00
Toni Uhlig	dcd206abfd	replaced deprecated pcap_lookupdev with pcap_findalldevs	2020-08-12 12:57:24 +02:00
Toni Uhlig	dc61464135	moved PACKET_EVENT_PAYLOAD_FLOW after FLOW_EVENT_NEW (and before FLOW_EVENT_END/IDLE) Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-09 22:58:35 +02:00
Toni Uhlig	530ec3ccf7	event consistency: call ndpi_dpi2json only for GUESSED, DETECTED, NOT-DETECTED flow events - force generation of GUESSED, NOT-DETECTED events on flow idle/end if detection finished Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-08 13:51:44 +02:00
Toni Uhlig	79e4fc9bfe	nDPId: do not serialize flow riskm twice Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-07 14:12:21 +02:00
Toni Uhlig	0c2b2a9750	added python flow info script, improved IPv4/IPv6 string conversion Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-06 16:48:45 +02:00
Toni Uhlig	6031b07eb4	added utils module to share some code parts with other apps Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-05 16:03:28 +02:00
Toni Uhlig	88aa768184	nDPId daemonize / pidfile support + improved syslog logging Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-05 12:05:32 +02:00
Toni Uhlig	8a6021268e	introduced NETWORK_BUFFER_MAX_SIZE to replace BUFSIZ as this might change depending on the arch/libc used Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-04 17:29:31 +02:00
Toni Uhlig	115438bf44	print snprintf retval and buffer size if buffer preparation failed Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-04 16:18:53 +02:00
Toni Uhlig	3fd32fb337	clang-format Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-04 10:28:56 +02:00
Toni Uhlig	913c8d5a18	moved more default config options into config.h Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-04 01:55:21 +02:00
Toni Uhlig	88b85cecb8	merged some pre-processor macros which are used in multiple executables Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-04 01:35:32 +02:00
Toni Uhlig	f99ddb5bce	prefix every generated json string with the length of itself in bytes Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-08-03 21:42:58 +02:00
Toni Uhlig	ef7c11a750	added %zu format string, so CC won't complain if size types used Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-16 20:30:36 +02:00
Toni Uhlig	6068a99a56	serialize flow risk, send information about how much raw pkts are sent to the json endpoint, send also a json thread init complete event Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-15 18:37:33 +02:00
Toni Uhlig	5364603fba	added packet based events Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-14 21:27:41 +02:00
Toni Uhlig	e7406606c1	shutdown socket reading end as we just want to send json strings and never read something Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-13 16:09:08 +02:00
Toni Uhlig	48dc26140a	replaced fprintf with syslog calls Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-11 16:17:12 +02:00
Toni Uhlig	1085608ad4	removed obsolete DISABLE_JSONIZER mode Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-11 15:33:17 +02:00
Toni Uhlig	c6952a5995	removed obsolete EXTRA_VERBOSE mode Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-11 15:24:21 +02:00
Toni Uhlig	cfcaa4eb81	use a string mapping table for event id to name conversion Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-11 15:22:40 +02:00
Toni Uhlig	d8122ca762	more write after read race conditions fixed Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-10 22:58:51 +02:00
Toni Uhlig	e1debd9198	fixed some race conditions Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-10 22:45:12 +02:00
Toni Uhlig	c2aa13c010	compare&fetch for global flow_id counter, set missing variable on new flow, added struct padding for alignment Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-10 22:07:26 +02:00
Toni Uhlig	f490056fa7	care more about DISABLE_JSONIZER Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-10 20:59:44 +02:00
Toni Uhlig	a9aa4f1236	clang-format and set BreakBeforeBraces to Allmanz Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-10 20:48:23 +02:00
Toni Uhlig	7867c3979d	json formatting/ stringification overhaul Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-10 20:40:16 +02:00
Toni Uhlig	d99bd825b2	send json string to sink, added basic json event serialization fn call Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-09 22:40:46 +02:00
Toni Uhlig	c0dd561ba0	renamed: jsonize_basic_event_error -> jsonize_format_error Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-08 00:01:06 +02:00
Toni Uhlig	1fe7832b7a	jsonize_basic_event // jsonize_basic_event_error Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-07 23:59:14 +02:00
Toni Uhlig	97aababa97	send JSON string on a per thread basis to a remote sink, means that no expensive locking required Signed-off-by: Toni Uhlig <matzeton@googlemail.com>	2020-07-05 15:17:40 +02:00

1 2 3 4

195 Commits