Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ndpi filter does not detect potocol inside http_proxy #54

Closed
didgaudin opened this issue Apr 15, 2019 · 11 comments
Closed

ndpi filter does not detect potocol inside http_proxy #54

didgaudin opened this issue Apr 15, 2019 · 11 comments

Comments

@didgaudin
Copy link

Hi,
i am trying the module and make some test with ndpiReader and xt_ndpi.
ndpiReader can detect Youtube, facebook, .. inside http_proxy but xt_ndpi detect only http_proxy.
Is there a particular parameter to activate this feature?
@vel21ripn
Copy link
Owner

Please send a sample of traffic in pcap format to vel21ripn at gmail dot com or a link to it. This will significantly speed up the process of detecting errors.

@vel21ripn
Copy link
Owner

Thanks for the traffic sample.
I already forgot that in the old versions of the kernel there was support for /proc/net/conntrack.
Please do not use it. I plan to completely remove this feature for two reasons: proc/net/ conntack is not supported in new kernels (4.8.0+) and it requires a patch for the kernel. In the new ndpi-netfilter branch, a patch for the kernel is an optional requirement.
There is a more correct way. Read nDPI / ndpi-netfilter / FLOW_INFO.txt
I'll see how your sample traffic is determined in the ndpi-netfilter in the next couple of days.

@didgaudin
Copy link
Author

Thnks for your help.
I know the /proc/net/conntrack is deprecated.. My kernel is still now an 4.1 for my routeurs (pcengines).
I will use the proc flow info file.
If you wan more sample, let me know.

@vel21ripn
Copy link
Owner

The code to support profs/conntrack has not changed since version 1.7.
There have been a lot of changes in the new versions.
I'll see if this code can be fixed.

@vel21ripn vel21ripn mentioned this issue Apr 16, 2019
Closed
@vel21ripn
Copy link
Owner

I got a difference in the work of ndpiReader and ndpi-netfilter.
I will try to correct the errors in the near future.

@didgaudin
Copy link
Author

Ok
Thanks.

@vel21ripn
Copy link
Owner

Fixed a stupid bug. See commit 5acad50
I can't verify the correctness of the data in /proc/net/conntrack.

@didgaudin
Copy link
Author

Ok, I test this patch.

@didgaudin
Copy link
Author

Great !!!
I have do some test and it works. I continue testing the module.
I will send you a patch to compile with the 4.1.52 kernel to your gmail address
Thanks

@clebig
Copy link

clebig commented May 6, 2019

Thanks for the traffic sample.
I already forgot that in the old versions of the kernel there was support for /proc/net/conntrack.
Please do not use it. I plan to completely remove this feature for two reasons: proc/net/ conntack is not supported in new kernels (4.8.0+) and it requires a patch for the kernel. In the new ndpi-netfilter branch, a patch for the kernel is an optional requirement.
There is a more correct way. Read nDPI / ndpi-netfilter / FLOW_INFO.txt
I'll see how your sample traffic is determined in the ndpi-netfilter in the next couple of days.

What do you mean by /proc/net/conntrack not supported anymore in 4.8+ kernels ? do you mean ip_conntrack ? nf_conntrack ? everything related to conntracks in procfs ?

@vel21ripn
Copy link
Owner

The proc/net/ip_conntrack has been removed as obsolete.
The proc/net/nf_conntrack has been rewritten. It is possible to do a backporting of the output of the protocol information, but I do not have time for this.
IMHO proc/net/xt_ndpi/flows is a more correct way to get information about the protocol.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@didgaudin @vel21ripn @clebig