mirror of
https://github.com/optim-enterprises-bv/nDPId.git
synced 2025-10-29 09:22:23 +00:00
efed6f196e
Read and parse configuration files. Fixes #41. * supports nDPId / nDPIsrvd via command line parameter `-f` * nDPId: read general/tuning and libnDPI settings * support for settings risk domains libnDPI option via config file or via `-R` (Fixes #45, thanks to @UnveilTech) * added some documentation in the config file * adjusted Systemd and Debian packaging to make use of config files Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
87 lines
2.8 KiB
Plaintext
87 lines
2.8 KiB
Plaintext
[general]
|
|
# Set the network interface from which packets are captured and processed.
|
|
# Leave it empty to let nDPId choose the default network interface.
|
|
#netif = eth0
|
|
|
|
# Set a Berkeley Packet Filter.
|
|
# This will work for libpcap as well as with PF_RING.
|
|
#bpf = udp or tcp
|
|
|
|
#pidfile = /tmp/ndpid.pid
|
|
#user = nobody
|
|
#group = daemon
|
|
#riskdomains = /path/to/libnDPI/example/risky_domains.txt
|
|
#protocols = /path/to/libnDPI/example/protos.txt
|
|
#categories = /path/to/libnDPI/example/categories.txt
|
|
#ja3 = /path/to/libnDPI/example/ja3_fingerprints.csv
|
|
#sha1 = /path/to/libnDPI/example/sha1_fingerprints.csv
|
|
|
|
# Collector endpoint as UNIX socket (usually nDPIsrvd)
|
|
#collector = /run/nDPIsrvd/collector
|
|
# Collector endpoint as UDP socket (usually a custom application)
|
|
#collector = 127.0.0.1:7777
|
|
|
|
# Set a name for this nDPId instance
|
|
#alias = myhostname
|
|
|
|
# Process only internal initial connections
|
|
#internal = true
|
|
|
|
# Process only external initial connections
|
|
#external = true
|
|
|
|
# Enable zLib compression of flow memory for long lasting flows
|
|
compression = true
|
|
|
|
# Enable "analyse" events, which can be used for machine learning
|
|
analysis = true
|
|
|
|
# Force poll() on systems that support epoll() as well
|
|
#poll = false
|
|
|
|
# Enable PF_RING packet capture instead of libpcap
|
|
#pfring = false
|
|
|
|
[tuning]
|
|
max-flows-per-thread = 2048
|
|
max-idle-flows-per-thread = 64
|
|
max-reader-threads = 10
|
|
daemon-status-interval = 600000000
|
|
#memory-profiling-log-interval = 5
|
|
compression-scan-interval = 20000000
|
|
compression-flow-inactivity = 30000000
|
|
flow-scan-interval = 10000000
|
|
generic-max-idle-time = 600000000
|
|
icmp-max-idle-time = 120000000
|
|
tcp-max-idle-time = 180000000
|
|
udp-max-idle-time = 7440000000
|
|
tcp-max-post-end-flow-time = 120000000
|
|
max-packets-per-flow-to-send = 15
|
|
max-packets-per-flow-to-process = 32
|
|
max-packets-per-flow-to-analyse = 32
|
|
error-event-threshold-n = 16
|
|
error-event-threshold-time = 10000000
|
|
|
|
# Please note that the following options are libnDPI related and can only be set via config file,
|
|
# not as commnand line parameter.
|
|
# See libnDPI/doc/configuration_parameters.md for detailed information.
|
|
|
|
[ndpi]
|
|
packets_limit_per_flow = 32
|
|
flow.direction_detection = enable
|
|
flow.track_payload = disable
|
|
tcp_ack_payload_heuristic = disable
|
|
fully_encrypted_heuristic = enable
|
|
libgcrypt.init = 1
|
|
dpi.compute_entropy = 1
|
|
fpc = disable
|
|
dpi.guess_on_giveup = 0x03
|
|
flow_risk_lists.load = 1
|
|
flow_risk.crawler_bot.list.load = 1
|
|
log.level = 0
|
|
|
|
[protos]
|
|
tls.certificate_expiration_threshold = 7
|
|
tls.application_blocks_tracking = enable
|
|
stun.max_packets_extra_dissection = 8
|