Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add custom protocol #30

Closed
rsweerarathna opened this issue Jul 13, 2016 · 7 comments
Closed

Add custom protocol #30

rsweerarathna opened this issue Jul 13, 2016 · 7 comments

Comments

@rsweerarathna
Copy link

rsweerarathna commented Jul 13, 2016
edited
Loading

Hi,
How can i define a custom protocol and drop that protocol with netfilter? I have a set of URLs and IPs and i need to define those URLs and IPs as a one protocol and drop them all using single netfilter rule. How can i do this?
@rsweerarathna rsweerarathna changed the title Custom protoca Add custom protocol Jul 13, 2016
@betolj
Copy link
Owner

betolj commented Jul 19, 2016

You cant do this, yet.
I think that: the best way to filter url is made with proxy servers, like squid (in userspace)

@betolj betolj closed this as completed Jul 19, 2016
@rightkick
Copy link

I think what rsweerarathna has in mind is the custom protocol definitions that you can set with ndpi on ntop-ng.

@rsweerarathna
Copy link
Author

Hi betolj,
I have change nDPI code to identify the IFLIX as a protocol. It works with ndpiReader example and identifies all the flows as screenshot attached.
make_output.txt
. I changed only two files as mentioned in ntop/nDPI#127
After changing these files i replace your netfilter module "ndpi_content_match.c.inc" and "ndpi_protocol_ids.h" with my updated files.
Now it's giving some errors which attached here. Can you please help me to fix them? or just let me know what are the source files i should update to fix this.

Regards,
screenshot from 2016-10-08 22 09 03
make_output.txt

Shamin weerarathna.

@rsweerarathna
Copy link
Author

I had ndpi-netfiler older version.
Now i installed the latest ndpi-netfilter code and then replace that two files. now it's giving some different error. see the screenshot.
screenshot from 2016-10-09 10 40 26

@betolj
Copy link
Owner

betolj commented Oct 11, 2016

There are still remnants of old nDPI version.
For example: the TDS protocol has been moved/replaced to MSSQL_TDS.

So, don't try to use the old project directory.
Unpack and build again in another directory and move your files for this
path too.

2016-10-09 1:18 GMT-04:00 rsweerarathna notifications@github.com:

I had ndpi-netfiler older version.
Now i installed the latest ndpi-netfilter code and then replace that two
files. now it's giving some different error. see the screenshot.
[image: screenshot from 2016-10-09 10 40 26]
https://cloud.githubusercontent.com/assets/17285987/19218097/e1e01784-8e0d-11e6-90cf-2e6be8550dfe.png


You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
#30 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AEBma_Zmw2JWiSdFUx4oaBRthVpirPLpks5qyHkcgaJpZM4JLKAy
.

@betolj
Copy link
Owner

betolj commented Oct 11, 2016

The latest version now includes OCS.
But, if there are new changes (custom protocol), you need to fix this manually. You can't overwrite the file directly. The older structure is incompatible.

@betolj
Copy link
Owner

betolj commented Oct 11, 2016

It's need to include the nDPI ID in the file "/usr/src/ndpi-netfilter/src/xt_ndpi.h" too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@betolj @rightkick @rsweerarathna