utoni
commented
1 year ago I think that having packet/tunnel dissection in the core library would be useful, at least for me. It's sad that this valuable dissection code is only part of ndpiReader. So I have to check ndpiReader (or the git history) regularly and look for changes. But my biggest concern is that some dissection code might be tied to libpcap which would be bad as the core library should not be linked against it.
Not sure about flow tracking in the core library. It's possible as the required API functions are already there. But I could imagine that different developers want to use different tracking mechanisms e.g. I am using layer3 src/dst address, protocol type and layer4 src/dst port to build the hash value, other developers might want other criteria for flow tracking.
It might be useful to have some kind of packet dissection and flow management provided directly from nDPI itself. Not sure of the extension of this topic: some "basic" code only? Advanced detunneling features? Ipv6? I am pretty sure that any "serious" integrator want to use its own session manager, but a simple one could be helpful anyway...and it would allow to drastically simplify the application examples (
ndpiReaderandndpiSimpleIntegration), focusing on the "core" part.