modules not loading on nDPI >r8323

[syadnom]

I've pulled in nDPI release 8323 which does build and load, but it does nothing, no inspection. I can get 5761 built with the mainline nDPI sources and they work.

(debian 7)

[betolj]

Hi,

Unfortunately this module is incompatible with nf_conntrack_netlink. And, unless you recompile the kernel with the patch, the module nf_conntrack_netlink can not be loaded into memory (but you will have problems with conntrack tool).

rmmod nf_conntrack_netlink modprobe xt_ndpi

[syadnom]

betolj, so if I recompile the kernel with the patch, then I netfilter will be able to mark packets? All I really need is to mark routed packets with DSCP tags based on nDPI.

[syadnom]

betolj, I've install deb6 to match watch this was built against. I can't get the kernel patch to take 'patch -p1 <patchfile', the hunks are all failing. kernel 2.6.32. did you apply this patch differently somehow?

[betolj]

The kernel patch works only for kernel 3.x series.

I will make several fixes as soon and protocol id bugfix too. Wait a little bit.

[betolj]

The "ndpi-netfilter" projects with logical structure based on "ewildgoose" model don't work well nowadays.

1. Only one exclusive "conntrack notify" call: For this reason, it cann't be used in conjunction with nfnetlink. But, when you remove the nfnetlink kernel module, the conntrack application wont works anymore.
2. The web host detection depends on http or ssl protocols enabled: Youtube or Facebook protocols are not external modules (like /usr/src/nDPI/src/lib/protocols/*).

I finished xt_ndpi fixes today:

• Remove "conntrack notifier" from source code and include a new ndpi flow garbage collector for 3.x kernel series. Now, no longer need remove the nfnetlink kernel module to install xt_ndpi.
• Enable http and ssl protocol for youtube, facebook and others.

My tests, showed satisfactory results. https://github.com/betolj/ndpi-netfilter