search

ntop / nDPI

Open Source Deep Packet Inspection Software Toolkit
http://www.ntop.org
GNU Lesser General Public License v3.0
3.8k stars 894 forks source link

Number of protocols recognized by nDPI #1153

Closed ofercetown closed 3 years ago

ofercetown commented 3 years ago

Hi,

Just a quick question: It seems that number of protocols managed by nDPI is 188 and limited to 255 ? Is it correct ?

IvanNardi commented 3 years ago

Hi,

Just a quick question: It seems that number of protocols managed by nDPI is 188 and limited to 255 ? Is it correct ?

No, it isn't. The current master manages 255 protocols (look at ndpi_protocol_id_t enum) and I am pretty sure that there is no practical limit on their number.

ofercetown commented 3 years ago

@IvanNardi Thanks for your response. Actually on this page there are 189 of them listed, may be it reflects another branch than the master ?

Maximum number of protocols : seems to be defined by NDPI_MAX_NUM_CUSTOM_PROTOCOLS as (512-255) (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL)

When looking at the history of this file, it seems that from time to time protocols are suppressed and later replaced by new ones. And that is the point confusing me, with nDPI get rid of BattelField, UPNP, HTTP_ACTIVESYNC, PPLIVE, ... For those which are related to discontinued application, it makes sense, but for the others I don't get it...

IvanNardi commented 3 years ago

Thanks for your response. Actually on this page there are 189 of them

I don't know how this page has been generated, but it hasn't been updated in the last 3 years, so the information you can find on it is definitely stale. As clearly reported at the beginning of the page, for a complete and up-to-date list of supported protocols you need to check the code.

NDPI_MAX_NUM_CUSTOM_PROTOCOLS defines the max number of protocols that the user can define using a simple txt file (without touching the source code): see example/protos.txt for a simple example. It is not the number of protocols managed by nDPI.

I don't know the details for each protocols that you have reported, but, generally speaking, there are a lot of reasons for deleting some protocols: they are not being used anymore, they have been "merged" with other protocols (because it is impossible to distinguish one from the other) or their dissection logic is not valid anymore and there is no interest in updating the code...

ofercetown commented 3 years ago

@IvanNardi Thank you for your feedback. Got it. In formation I've got comes from the "git log src/include/ndpi_protocol_ids.h", greping for NDPI_PROTOCOL_FREE