How can we prevent ndpid to fire some events ?

utoni / nDPId

Tiny nDPI based deep packet inspection daemons / toolkit.

GNU General Public License v3.0

67 stars 15 forks source link

How can we prevent ndpid to fire some events ? #26

Open fateme81 opened 1 year ago

fateme81 commented 1 year ago

I only need some of the events from nDPId not all of them ! All i want is only FLOW_EVENT_END logs in Unix-Domain socket.

utoni commented 1 year ago

You can still ignore them. In the future there may be an nDPId command line parameter to control this kind of things. But first I need to figure how to do that in a way that it does not break flow handling.

utoni commented 1 year ago

Please also note that FLOW_EVENT_END is only fired for TCP. For UDP based protocols e.g. QUIC you need to wait for a FLOW_EVENT_IDLE.