-
Notifications
You must be signed in to change notification settings - Fork 907
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add First Packet Classification capability #2322
Comments
This is good to have,I like to implement this feature, if you can guide me. |
@mmanoj , very sorry for the delay.
If you are still interested, we can discuss about the details |
@IvanNardi Thx for the reply, Yes I'm interested and done some initial work with nDPIsimple integration as well.Can we discuss in detail with some actionable steps, so we can focus on the step by step implementation. |
|
Thanks for the update,I will work on below plan. Please clarify below point: Is current nDPI DNS dissectors support to capture DNS answer (A/AAAA) record and IP address associated with it or need to develop that part? anyway I will lookup the code as well. Step #2. I will work on enhancing the new IP Lists. Please advice is above approach is fine or need any changes. |
Let's start with some basic helpers and with FPC based on flow addresses. See: ntop#2322
It already does it. The plan sounds good. Please, take a close look at #2488: once it is merged, it provides basic common code (and output...) that you might find useful... |
Thank you very much for the FPC base code,I will go through the fpc brach for details. this is how I'm going to capture the first packet in nDPI simple Integration code::tcp = (struct ndpi_tcphdr *)l4_ptr; #Then: Is above logic and understanding if fine ? Please advice. |
Let's start with some basic helpers and with FPC based on flow addresses. See: ntop#2322
Can you please advice what is the best way to retrieve the category of the FPC protocol, I'm going to add that also to LRU cache as it's useful for blocking certain categories than individual protocols. I try below under fpc_update() method but not work as expected. ndpi_proto->category = ndpi_get_flow_category(flow); |
I done the base work for Action #2 LRU cache, can I send the file(s) to review? |
Yes, please! These are busy days.. I'll take a look at it (and at your previous messages...) at the end of the week |
Thanks for feedback and appreciate your support.I will attached the files instead pull request lets review the overall flow and structure of my FPC LRU cache implementation.Once review will proceed with DNS FPC. |
ndpi_fpc_lru_cache.zip Note:During testing I noticed ndpi_str->fpc_cache not initialized.Need more debugging for that. |
@mmanoj , could you push your code as a Pull Request, please? It will drastically improve the review process... Thanks |
Thanks for the feedback, I will arrange it by today. |
Please have a look pull request #2497 |
Use DNS information to get a better First Packet Classification. See: #2322 --------- Co-authored-by: Nardi Ivan <nardi.ivan@gmail.com>
Can we make FPC feature configurable, maybe through conditional compilation
|
@mmaatuq , you can already enable/disable FPC via "fpc" configuration parameter. You can take a look a the tests under |
thanks for this |
In some contexts/deployments (load-balancing or QoS involved, routing on different interfaces based on classification...) is quite important to have a flow classification on the very FIRST packet of the flow, even if that classification is not as precise as it could be if more packets are analyzed.
Note that, for TCP, "first packet" means (usually) the SYN packet...
The text was updated successfully, but these errors were encountered: