search

betolj / ndpi-netfilter

GNU General Public License v2.0
126 stars 69 forks source link

nDPI 1.7 #16

Closed adrienb4 closed 8 years ago

adrienb4 commented 8 years ago

Hi

I have compile nDPI with your last release, but when I want to use it, I get this error message :

root@iwilive:~# iptables -I OUTPUT -m ndpi --facebook -j DROP
iptables: Invalid argument. Run `dmesg' for more information.

dmesg : x_tables: ip_tables: ndpi.0 match: invalid size 28 (kernel) != (user) 32

Have you a solution ?

betolj commented 8 years ago

I can't reproduce this error. Try to rebuild everything again.

Do "make clean" first and rebuild with "make && make modules_install" and copy ipt/libxt_ndpi.so again.

2015-11-23 8:10 GMT-03:00 Adrien BERNARD notifications@github.com:

Hi

I have compile nDPI with your last release, but when I want to use it, I get this error message :

root@iwilive:~# iptables -I OUTPUT -m ndpi --facebook -j DROP iptables: Invalid argument. Run `dmesg' for more information.

dmesg : x_tables: ip_tables: ndpi.0 match: invalid size 28 (kernel) != (user) 32

Have you a solution ?

— Reply to this email directly or view it on GitHub https://github.com/betolj/ndpi-netfilter/issues/16.

kong156 commented 8 years ago

I got this one and it's working. Nothing wrong about it on Ubuntu 15.04 with latest ndpi/ndpi-netfilter sources.

adrienb4 commented 8 years ago

Same thing. See the attached file. ndpi.txt

Debian 8.0 / i386

adrienb4 commented 8 years ago

I have updated my last comment. Debian 8 / i386

adrienb4 commented 8 years ago

On Debian 6 / i386 : 

root@e-wi:/opt/local/ndpi-netfilter# NDPI_PATH=/opt/local/ndpi-netfilter/nDPI make
make -C ipt
make[1]: Entering directory `/opt/local/ndpi-netfilter/ipt'
if test -d ndpi_cpy; then \
        cp /opt/local/ndpi-netfilter/nDPI/src/* ndpi_cpy -R; \
    else \
        mkdir ndpi_cpy; \
        cp /opt/local/ndpi-netfilter/nDPI/src/* ndpi_cpy -R; \
    fi
make libxt_ndpi.so
make[2]: Entering directory `/opt/local/ndpi-netfilter/ipt'
make[2]: `libxt_ndpi.so' is up to date.
make[2]: Leaving directory `/opt/local/ndpi-netfilter/ipt'
rm -r ndpi_cpy
make[1]: Leaving directory `/opt/local/ndpi-netfilter/ipt'
make -C src
make[1]: Entering directory `/opt/local/ndpi-netfilter/src'
if test -d ndpi_cpy; then \
        cp /opt/local/ndpi-netfilter/nDPI/src/* ndpi_cpy -R; \
    else \
        mkdir ndpi_cpy; \
        cp /opt/local/ndpi-netfilter/nDPI/src/* ndpi_cpy -R; \
    fi
cp ndpi_cpy/../../nDPI-patch/src/* ndpi_cpy/ -R;
cp ndpi_cpy/lib/third_party/src/*.c ndpi_cpy/lib -R;
cp ndpi_cpy/lib/third_party/include/*.h ndpi_cpy/lib -R;
cp ndpi_cpy/lib/third_party/include/*.h ndpi_cpy/include -R;
sed -i "s/^\s*void ndpi_free_flow/\/\/void ndpi_free_flow/" ndpi_cpy/include/ndpi_api.h;
make -C /lib/modules/2.6.32-5-686/build M=$PWD;
make[2]: Entering directory `/usr/src/linux-headers-2.6.32-5-686'
  CC [M]  /opt/local/ndpi-netfilter/src/main.o
/opt/local/ndpi-netfilter/src/main.c: In function 'ndpi_mt_init':
/opt/local/ndpi-netfilter/src/main.c:774: warning: ISO C90 forbids mixed declarations and code
/opt/local/ndpi-netfilter/src/main.c:774: warning: unused variable 'all'
  CC [M]  /opt/local/ndpi-netfilter/src/ndpi_cpy/lib/ndpi_main.o
/opt/local/ndpi-netfilter/src/ndpi_cpy/lib/ndpi_main.c: In function 'atoi':
/opt/local/ndpi-netfilter/src/ndpi_cpy/lib/ndpi_main.c:56: error: implicit declaration of function 'kstrtoint'
/opt/local/ndpi-netfilter/src/ndpi_cpy/lib/ndpi_main.c: In function 'ndpi_l4_detection_process_packet':
/opt/local/ndpi-netfilter/src/ndpi_cpy/lib/ndpi_main.c:3191: warning: label 'ret_protocols' defined but not used
make[5]: *** [/opt/local/ndpi-netfilter/src/ndpi_cpy/lib/ndpi_main.o] Error 1
make[4]: *** [_module_/opt/local/ndpi-netfilter/src] Error 2
make[3]: *** [sub-make] Error 2
make[2]: *** [all] Error 2
make[2]: Leaving directory `/usr/src/linux-headers-2.6.32-5-686'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/opt/local/ndpi-netfilter/src'
make: *** [all] Error 2

I forget something ?

betolj commented 8 years ago

Ok. I install debian 8.2 (i386) and confirmed this bug. My tests works on x86_64 arch.

adrienb4 commented 8 years ago

You think its may be simple to correct this bug ?

betolj commented 8 years ago

More or less.. The problem is that the nDPI team removed the kernel directives of source code. So, i need to fix this manually.

adrienb4 commented 8 years ago

Nice, just when I have to integrate nDPI in 70 firewall in debian i386 :D

betolj commented 8 years ago

I'll upload fix soon... wait i little bit (today).

betolj commented 8 years ago

Fix applied.

adrienb4 commented 8 years ago

Cool i't ok :) I tried to build nDPI to Debian 6 / i386. I got this error : 

/opt/ndpi-netfilter-master/src/ndpi_cpy/lib/ndpi_main.c: In function 'atoi':
/opt/ndpi-netfilter-master/src/ndpi_cpy/lib/ndpi_main.c:56: error: implicit declaration of function 'kstrtoint'

Any ideas to solve this ?

Thank

Adrien

betolj commented 8 years ago

Whats the kernel version?

2015-11-24 6:59 GMT-03:00 Adrien BERNARD notifications@github.com:

Cool i't ok :) I tried to build nDPI to Debian 6 / i386. I got this error :

/opt/ndpi-netfilter-master/src/ndpi_cpy/lib/ndpi_main.c: In function 'atoi': /opt/ndpi-netfilter-master/src/ndpi_cpy/lib/ndpi_main.c:56: error: implicit declaration of function 'kstrtoint'

Any ideas to solve this ?

Thank

Adrien

— Reply to this email directly or view it on GitHub https://github.com/betolj/ndpi-netfilter/issues/16#issuecomment-159213802 .

adrienb4 commented 8 years ago 
root@xx:/opt/ndpi-netfilter-master# uname -a
Linux xx 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686 GNU/Linux
betolj commented 8 years ago

Try again.

2015-11-24 7:02 GMT-03:00 Adrien BERNARD notifications@github.com:

root@e-wi:/opt/ndpi-netfilter-master# uname -a Linux e-wi 2.6.32-5-686 #1 SMP Tue May 13 16:33:32 UTC 2014 i686 GNU/Linux

— Reply to this email directly or view it on GitHub https://github.com/betolj/ndpi-netfilter/issues/16#issuecomment-159214574 .

adrienb4 commented 8 years ago

yes !! It's working :P I have some warning during compilation. I think is not werry important. Can you confirm ? See attached file. ndpi.txt

betolj commented 8 years ago

Yes. They are little warnings. Nothing to worry.

Take a look in this alternatives for L7 filter:

  1. Snort x openappid http://blog.snort.org/2014/03/firing-up-openappid.html http://searchsecurity.techtarget.com/definition/OpenAppID http://menghanihitesh.blogspot.com.br/2014/07/installing-snort-and-openappid.html
  2. Suricata Application Support https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Protocol_Anomalies_Detection http://www.poona.me/2014/01/suricata-app-layer-changes-new-keyword.html https://home.regit.org/2012/10/defend-your-network-from-word/

Run this in inline mode and we have a big alternative.

adrienb4 commented 8 years ago

Thank you for your great work. Actualy i have 490 routers/firewalls (with Debian 6 and OpenWRT OS). The iptables module will block some traffic behind Wifi HotSpot. I saw Snort, but is it filtering some packets ? You can close the issue and continue in private if you wish.

Thank

Adrien