Sample code for custom ndpi mod

ntop · Nov 18, 2024 · 0fc4b1f · 0fc4b1f
1 parent 8cc741d
commit 0fc4b1f
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 4 deletions.
diff --git a/userland/examples_ft/ftflow.c b/userland/examples_ft/ftflow.c
@@ -58,6 +58,7 @@
 #ifdef HAVE_NDPI
 #define PRINT_NDPI_INFO /* Note: this requires linking the nDPI library */
 #include "ndpi_api.h"
+//#define CUSTOM_NDPI
 #endif
 
 pfring *pd = NULL;
@@ -473,6 +474,10 @@ int main(int argc, char* argv[]) {
   pthread_t time_thread;
   u_int8_t ignore_hw_hash = 0;
   char *filter = NULL;
+#ifdef CUSTOM_NDPI
+  struct ndpi_detection_module_struct *ndpi_mod;
+  NDPI_PROTOCOL_BITMASK all;
+#endif
 
   while ((c = getopt(argc,argv,"c:dEf:g:hHi:p:qvF:s:S:tV7")) != '?') {
     if ((c == 255) || (c == -1)) break;
@@ -544,12 +549,14 @@ int main(int argc, char* argv[]) {
   if (device == NULL) device = DEFAULT_DEVICE;
   bind2node(bind_core);
 
+#ifndef CUSTOM_NDPI
   if (enable_l7)
     ft_flags |= PFRING_FT_TABLE_FLAGS_DPI;
 
 #ifdef PRINT_NDPI_INFO
   if (enable_l7_extra)
     ft_flags |= PFRING_FT_TABLE_FLAGS_DPI_EXTRA;
+#endif
 #endif
 
   if (ignore_hw_hash)
@@ -562,6 +569,18 @@ int main(int argc, char* argv[]) {
     return -1;
   }
 
+#ifdef CUSTOM_NDPI
+  if (enable_l7) {
+    ndpi_mod = ndpi_init_detection_module(NULL);
+    ndpi_set_config(ndpi_mod, NULL, "dpi.guess_on_giveup", "0");
+    NDPI_BITMASK_SET_ALL(all);
+    ndpi_set_protocol_detection_bitmask2(ndpi_mod, &all);
+    ndpi_finalize_initialization(ndpi_mod);
+
+    pfring_ft_set_ndpi_handle(ft, ndpi_mod);
+  }
+#endif
+
   if (slice_duration > 0)
     pfring_ft_flow_set_flow_slicing(ft, slice_duration);
 

diff --git a/userland/examples_ft/ftflow_pcap.c b/userland/examples_ft/ftflow_pcap.c
@@ -50,6 +50,7 @@
 #ifdef HAVE_NDPI
 #define PRINT_NDPI_INFO /* Note: this requires linking the nDPI library */
 #include "ndpi_api.h"
+//#define CUSTOM_NDPI
 #endif
 
 pcap_t *pd = NULL;
@@ -200,8 +201,8 @@ void processFlow(pfring_ft_flow *flow, void *user){
 
     ndpi_init_serializer(&serializer, ndpi_serialization_format_json);
 
-    ndpi_proto.master_protocol = v->l7_protocol.master_protocol;
-    ndpi_proto.app_protocol = v->l7_protocol.app_protocol;
+    ndpi_proto.proto.master_protocol = v->l7_protocol.master_protocol;
+    ndpi_proto.proto.app_protocol = v->l7_protocol.app_protocol;
     ndpi_proto.category = v->l7_protocol.category;
 
     ndpi_flow2json(ndpi_struct, ndpi_flow,
@@ -272,7 +273,11 @@ int main(int argc, char* argv[]) {
   u_int32_t ft_flags = 0;
   char *categories_file = NULL;
   int rc; 
-
+#ifdef CUSTOM_NDPI
+  struct ndpi_detection_module_struct *ndpi_mod;
+  NDPI_PROTOCOL_BITMASK all;
+#endif
+
   startTime.tv_sec = 0;
 
   while ((c = getopt(argc,argv,"c:dhi:vf:p:q7F:")) != '?') {
@@ -321,11 +326,13 @@ int main(int argc, char* argv[]) {
   }
 
   if (enable_l7) {
+#ifndef CUSTOM_NDPI
     ft_flags |= PFRING_FT_TABLE_FLAGS_DPI;
-    ft_flags |= PFRING_FT_DECODE_TUNNELS;
 #ifdef PRINT_NDPI_INFO
     ft_flags |= PFRING_FT_TABLE_FLAGS_DPI_EXTRA;
 #endif
+#endif
+    ft_flags |= PFRING_FT_DECODE_TUNNELS;
   }
 
   ft = pfring_ft_create_table(ft_flags, 0, 0, 0, 0);
@@ -335,6 +342,18 @@ int main(int argc, char* argv[]) {
     return -1;
   }
 
+#ifdef CUSTOM_NDPI
+  if (enable_l7) {
+    ndpi_mod = ndpi_init_detection_module(NULL);
+    ndpi_set_config(ndpi_mod, NULL, "dpi.guess_on_giveup", "0");
+    NDPI_BITMASK_SET_ALL(all);
+    ndpi_set_protocol_detection_bitmask2(ndpi_mod, &all);
+    ndpi_finalize_initialization(ndpi_mod);
+
+    pfring_ft_set_ndpi_handle(ft, ndpi_mod);
+  }
+#endif
+
   pfring_ft_set_flow_export_callback(ft, processFlow, NULL);
 
   /* Uncomment to call a function as soon as a L7 protocol is detected */