compile successfully under CentOS 8 / Stream but works with lots of error

os: CentOS Stream kernel: Linux 4.18.0-310.el8.x86_64 #1 SMP Tue Jun 8 00:24:50 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

my commit: https://github.com/ttys3/nDPI/commit/8909f366294acc9775b83d649230be2241e54c26

hope this could help others.

flow_info-3.2-centos8.patch

commit 8909f366294acc9775b83d649230be2241e54c26
Author: ttyS3
Date:   Thu Jun 17 02:03:34 2021 +0800

    fix: fixup compability with CentOS8 / CentOS Stream

    Refs:

    https://github.com/aircrack-ng/rtl8812au/issues/301#issuecomment-476853270

    https://github.com/vel21ripn/nDPI/issues/103

diff --git a/ndpi-netfilter/src/main.c b/ndpi-netfilter/src/main.c
index 082439f3..79951e3a 100644
--- a/ndpi-netfilter/src/main.c
+++ b/ndpi-netfilter/src/main.c
@@ -164,7 +164,7 @@ static inline const struct net_device *xt_out(const struct xt_action_param *par)
 #endif
 #endif

-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,18,0)
 #define nf_ct_l3proto_try_module_get(a) 0
 #define nf_ct_l3proto_module_put(a)
 #endif
@@ -843,7 +843,7 @@ ndpi_alloc_flow (struct nf_ct_ext_ndpi *ct_ndpi)
 }
 #ifndef NF_CT_CUSTOM

-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,18,0)
 static struct nf_ct_hook ndpi_nf_ct_hook={NULL,NULL,NULL};
 static struct nf_ct_hook *ndpi_nf_ct_hook_old=NULL;
 #endif
@@ -2762,7 +2762,7 @@ static void replace_nf_destroy(void)
 {
    spin_lock(&ndpi_hook_mutex);
    {
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4,19,0)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,18,0)
    ndpi_nf_ct_destroy = rcu_dereference_protected(nf_ct_destroy,lockdep_is_held(&ndpi_hook_mutex));
    BUG_ON(ndpi_nf_ct_destroy == NULL);
         rcu_assign_pointer(nf_ct_destroy, ndpi_destroy_conntrack);
@@ -2785,7 +2785,7 @@ static void restore_nf_destroy(void)
 {
    spin_lock(&ndpi_hook_mutex);
    {
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4,19,0)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,18,0)
    void (*destroy)(struct nf_conntrack *);
    destroy = rcu_dereference_protected(nf_ct_destroy,lockdep_is_held(&ndpi_hook_mutex));
    BUG_ON(destroy != ndpi_destroy_conntrack);
diff --git a/ndpi-netfilter/src/ndpi_main_common.h b/ndpi-netfilter/src/ndpi_main_common.h
index 2e343513..f39e6c26 100644
--- a/ndpi-netfilter/src/ndpi_main_common.h
+++ b/ndpi-netfilter/src/ndpi_main_common.h
@@ -22,7 +22,7 @@ extern struct kmem_cache *ct_info_cache;
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0)
 #define ACCESS_OK(a,b,c) access_ok(b,c)
 #else
-#define ACCESS_OK(a,b,c) access_ok(a,b,c)
+#define ACCESS_OK(a,b,c) access_ok(b,c)
 #endif

 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5,4,0)

thanks for the tips:

I can understand what kind of mutant this linux4.18.0-240.1.1.el8_3 is! Judging by the code, it is close to vanilla 5.x kernels. Try replacing lines in main.c 167 and 846
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,19,0)
on
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,18,0)
Replace lines in main.c 2748 and 2771
#if LINUX_VERSION_CODE <KERNEL_VERSION (4,19,0)
on
#if LINUX_VERSION_CODE <KERNEL_VERSION (4,18,0)

Originally posted by @vel21ripn in https://github.com/vel21ripn/nDPI/issues/103#issuecomment-753522073

test it is ok:

  root in homenas in ~/nDPI/ndpi-netfilter on  flow_info-3.2-centos8 [✘+?] 
❯ iptables -m ndpi --help              
iptables v1.8.4

Usage: iptables -[ACD] chain rule-specification [options]
    iptables -I chain [rulenum] rule-specification [options]
    iptables -R chain rulenum rule-specification [options]
    iptables -D chain rulenum [options]
    iptables -[LS] [chain [rulenum]] [options]
    iptables -[FZ] [chain] [options]
    iptables -[NX] chain
    iptables -E old-chain-name new-chain-name
    iptables -P chain target [options]
    iptables -h (print this help information)

Commands:
Either long or short options are allowed.
  --append  -A chain        Append to chain
  --check   -C chain        Check for the existence of a rule
  --delete  -D chain        Delete matching rule from chain
  --delete  -D chain rulenum
                Delete rule rulenum (1 = first) from chain
  --insert  -I chain [rulenum]
                Insert in chain as rulenum (default 1=first)
  --replace -R chain rulenum
                Replace rule rulenum (1 = first) in chain
  --list    -L [chain [rulenum]]
                List the rules in a chain or all chains
  --list-rules -S [chain [rulenum]]
                Print the rules in a chain or all chains
  --flush   -F [chain]      Delete all rules in  chain or all chains
  --zero    -Z [chain [rulenum]]
                Zero counters in chain or all chains
  --new     -N chain        Create a new user-defined chain
  --delete-chain
         -X [chain]     Delete a user-defined chain
  --policy  -P chain target
                Change policy on chain to target
  --rename-chain
         -E old-chain new-chain
                Change chain name, (moving any references)
Options:
    --ipv4  -4      Nothing (line is ignored by ip6tables-restore)
    --ipv6  -6      Error (line is ignored by iptables-restore)
[!] --proto -p proto    protocol: by number or name, eg. `tcp'
[!] --source    -s address[/mask][...]
                source specification
[!] --destination -d address[/mask][...]
                destination specification
[!] --in-interface -i input name[+]
                network interface name ([+] for wildcard)
 --jump -j target
                target for rule (may load target extension)
  --goto      -g chain
                   jump to chain with no return
  --match   -m match
                extended match (may load extension)
  --numeric -n      numeric output of addresses and ports
[!] --out-interface -o output name[+]
                network interface name ([+] for wildcard)
  --table   -t table    table to manipulate (default: `filter')
  --verbose -v      verbose mode
  --wait    -w [seconds]    maximum wait to acquire xtables lock before give up
  --wait-interval -W [usecs]    wait time to try to acquire xtables lock
                default is 1 second
  --line-numbers        print line numbers when listing
  --exact   -x      expand numbers (display exact values)
[!] --fragment  -f      match second or further fragments only
  --modprobe=<command>      try to insert modules using this command
  --set-counters PKTS BYTES set the counter during insert/append
[!] --version   -V      print package version.

ndpi match options:
  --error            Match error detecting process
  --have-master      Match if master protocol detected
  --match-master     Match master protocol only
  --match-proto      Match protocol only
  --host  str        Match server host name
  --cert  str        Match SSL server certificate name
  --host-or-cert str Match host name or SSL server certificate name
                     Use /str/ for regexp match.
Special protocol names:
  --all              Match any known protocol
  --unknown          Match unknown protocol packets
Enabled protocols: ( option --proto protoname[,protoname...])

  activision           afp                  aimini               ajp                  
  amazon               amazonalexa          amazonvideo          amongus              
  amqp                 anydesk              apple                appleicloud          
  appleitunes          applejuice           applepush            applesiri            
  applestore           armagetron           ayiya                bgp                  
  bittorrent           bjnp                 bloomberg            capwap               
  checkmk              ciscoskinny          ciscovpn             citrix               
  cloudflare           cnn                  coap                 collectd             
  corba                cpha                 crossfire            csgo                 
  datasaver            dce_rpc              deezer               dhcp                 
  dhcpv6               diameter             direct_download_link directconnect        
  discord              disneyplus           dnp3                 dns                  
  dnscrypt             dofus                doh_dot              drda                 
  dropbox              dtls                 eaq                  ebay                 
  edonkey              egp                  facebook             fasttrack            
  fiesta               fix                  florensia            forticlient          
  ftp_control          ftp_data             genshinimpact        git                  
  github               gmail                gnutella             google               
  googledocs           googledrive          googlehangoutduo     googlemaps           
  googleplus           googleservices       gre                  gtp                  
  guildwars            h323                 halflife2            hotmail              
  hotspotshield        hp                   http                 http_connect         
  http_proxy           hulu                 iax                  icecast              
  icmp                 icmpv6               iec60870             iflix                
  igmp                 imap                 imaps                imo                  
  instagram            ip_in_ip             ipp                  ipsec                
  irc                  jabber               kakaotalk            kakaotalk_voice      
  kerberos             kontiki              lastfm               ldap                 
  linkedin             lisp                 llmnr                lotusnotes           
  maplestory           mdns                 megaco               memcached            
  messenger            mgcp                 microsoft            microsoft365         
  mining               modbus               mongodb              mpeg_ts              
  mqtt                 ms_onedrive          mssql-tds            mysql                
  nats                 nestlogsink          netbios              netflix              
  netflow              nfs                  nintendo             noe                  
  ntop                 ntp                  ocs                  ookla                
  opendns              openft               openvpn              oracle               
  ospf                 pandora              pastebin             pinterest            
  playstation          playstore            pop3                 pops                 
  postgresql           ppstream             pptp                 ps_vue               
  qq                   qqlive               quic                 radius               
  rdp                  reddit               redis                remotescan           
  rsync                rtcp                 rtmp                 rtp                  
  rtsp                 rx                   s7comm               sap                  
  sctp                 sflow                shoutcast            signal               
  sina(weibo)          sip                  skype                skypecall            
  slack                smbv1                smbv23               smpp                 
  smtp                 smtps                snapchat             snapchatcall         
  snmp                 soap                 socks                someip               
  sopcast              soulseek             soundcloud           spotify              
  ssdp                 ssh                  starcraft            stealthnet           
  steam                stun                 syslog               targusdataspeed      
  teams                teamspeak            teamviewer           telegram             
  telnet               teredo               tftp                 thunder              
  tiktok               tinc                 tls                  tor                  
  truphone             tuenti               tumblr               tvuplayer            
  twitch               twitter              ubntac2              ubuntuone            
  usenet               vevo                 vhua                 viber                
  vmware               vnc                  vrrp                 warcraft3            
  waze                 webex                websocket            wechat               
  whatsapp             whatsappcall         whatsappfiles        whois-das            
  wikipedia            windowsupdate        wireguard            worldofkungfu        
  worldofwarcraft      wsd                  xbox                 xdmcp                
  yahoo                youtube              youtubeupload        zabbix               
  zattoo               zeromq               zoom

test mangle

iptables -t mangle -A PREROUTING -m ndpi --all
iptables -t mangle -A PREROUTING -m ndpi --error -j LOG --log-prefix "preerrorxxx:"

iptables -t mangle -A OUTPUT -m ndpi --all
iptables -t mangle -A POSTROUTING -m ndpi --error -j LOG --log-prefix "posterrorxxx:"

 iptables -v -n -L -t mangle
Chain PREROUTING (policy ACCEPT 517K packets, 561M bytes)
 pkts bytes target     prot opt in     out     source               destination         
  211 42007            all  --  *      *       0.0.0.0/0            0.0.0.0/0            ndpi all protocols
 1361 1193K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            ndpi error LOG flags 0 level 4 prefix "preerrorxxx:"

Chain INPUT (policy ACCEPT 164K packets, 318M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 353K packets, 243M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 103K packets, 309M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0            ndpi all protocols

Chain POSTROUTING (policy ACCEPT 457K packets, 552M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1303 1193K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            ndpi error LOG flags 0 level 4 prefix "posterrorxxx:"

watch the log:

sudo journalctl -k -f | grep errorxxx

and I got something like:

Jun 17 02:29:04 homenas kernel: posterrorxxx:IN= OUT=enp4s0 SRC=192.168.8.123 DST=192.168.8.100 LEN=1720 TOS=0x08 PREC=0x40 TTL=64 ID=24424 DF PROTO=TCP SPT=22 DPT=48164 WINDOW=341 RES=0x00 ACK PSH URGP=0 
Jun 17 02:29:04 homenas kernel: posterrorxxx:IN= OUT=enp4s0 SRC=192.168.8.123 DST=192.168.8.100 LEN=4184 TOS=0x08 PREC=0x40 TTL=64 ID=24426 DF PROTO=TCP SPT=22 DPT=48164 WINDOW=341 RES=0x00 ACK PSH URGP=0 
Jun 17 02:29:04 homenas kernel: posterrorxxx:IN= OUT=enp4s0 SRC=192.168.8.123 DST=192.168.8.100 LEN=4184 TOS=0x08 PREC=0x40 TTL=64 ID=24429 DF PROTO=TCP SPT=22 DPT=48164 WINDOW=341 RES=0x00 ACK PSH URGP=0 
Jun 17 02:29:04 homenas kernel: posterrorxxx:IN= OUT=enp4s0 SRC=192.168.8.123 DST=192.168.8.100 LEN=3652 TOS=0x08 PREC=0x40 TTL=64 ID=24432 DF PROTO=TCP SPT=22 DPT=48164 WINDOW=341 RES=0x00 ACK PSH URGP=0 
Jun 17 02:29:04 homenas kernel: posterrorxxx:IN= OUT=enp4s0 SRC=192.168.8.123 DST=192.168.8.100 LEN=612 TOS=0x08 PREC=0x40 TTL=64 ID=24435 DF PROTO=TCP SPT=22 DPT=48164 WINDOW=341 RES=0x00 ACK PSH URGP=0

PROTO=TCP SPT=22, obviously it is ssh protocol, but it has error.

I see that the TOS is TOS=0x08, it this error normal ?

could this be the reason ?

  root in homenas in ~/nDPI/ndpi-netfilter on  flow_info-3.2-centos8 [✘+?] took 12s 
❯ make modules_install
make -C src modules_install
make[1]: Entering directory '/root/nDPI/ndpi-netfilter/src'
grep: /lib/modules/4.18.0-310.el8.x86_64/build/source/include/linux/skbuff.h: No such file or directory
make -C /lib/modules/4.18.0-310.el8.x86_64/build M=$PWD modules_install;
make[2]: Entering directory '/usr/src/kernels/4.18.0-310.el8.x86_64'
  INSTALL /root/nDPI/ndpi-netfilter/src/xt_ndpi.ko
At main.c:160:
- SSL error:02001002:system library:fopen:No such file or directory: crypto/bio/bss_file.c:69
- SSL error:2006D080:BIO routines:BIO_new_file:no such file: crypto/bio/bss_file.c:76
sign-file: certs/signing_key.pem: No such file or directory
  DEPMOD  4.18.0-310.el8.x86_64
make[2]: Leaving directory '/usr/src/kernels/4.18.0-310.el8.x86_64'
depmod -a;
make[1]: Leaving directory '/root/nDPI/ndpi-netfilter/src'

At main.c:160:

SSL error:02001002:system library:fopen:No such file or directory: crypto/bio/bss_file.c:69

SSL error:2006D080:BIO routines:BIO_new_file:no such file: crypto/bio/bss_file.c:76 sign-file: certs/signing_key.pem: No such file or directory

I also found error under my ArchLinux:

Jun 17 03:01:44 wudeng kernel: posterrorxxx:IN= OUT=enp0s31f6 SRC=192.168.8.100 DST=xxx.237.xxx.6 LEN=48 TOS=0x00 PREC=0x20 TTL=64 ID=29274 PROTO=UDP SPT=42158 DPT=51413 LEN=28 
Jun 17 03:01:44 wudeng kernel: posterrorxxx:IN= OUT=enp0s31f6 SRC=192.168.8.100 DST=xxx.237.xxx.6 LEN=240 TOS=0x00 PREC=0x20 TTL=64 ID=29275 PROTO=UDP SPT=42158 DPT=51413 LEN=220

actually, it is bittorrent protocol.

At main.c:160:
- SSL error:02001002:system library:fopen:No such file or directory: crypto/bio/bss_file.c:69
- SSL error:2006D080:BIO routines:BIO_new_file:no such file: crypto/bio/bss_file.c:76
sign-file: certs/signing_key.pem: No such file or directory

See https://wiki.gentoo.org/wiki/Signed_kernel_module_support

About "-m ndpi --error" Show the result of the command "grep . /sys/module/xt_ndpi/parameters/*"

grep . /sys/module/xt_ndpi/parameters/*

❯ grep . /sys/module/xt_ndpi/parameters/*
/sys/module/xt_ndpi/parameters/bt_gc_count:0
/sys/module/xt_ndpi/parameters/bt_hash_size:0
/sys/module/xt_ndpi/parameters/bt_hash_timeout:1200
/sys/module/xt_ndpi/parameters/bt_log_size:128
/sys/module/xt_ndpi/parameters/cached:684
/sys/module/xt_ndpi/parameters/c_last_ct_not:0
/sys/module/xt_ndpi/parameters/c_magic_not:343
/sys/module/xt_ndpi/parameters/c_skb_not:0
/sys/module/xt_ndpi/parameters/ct_confirm:11091
/sys/module/xt_ndpi/parameters/err_add_ndpi:0
/sys/module/xt_ndpi/parameters/err_alloc_flow:0
/sys/module/xt_ndpi/parameters/err_alloc_id:0
/sys/module/xt_ndpi/parameters/err_bad_tcp_udp:0
/sys/module/xt_ndpi/parameters/err_ip_frag_len:0
/sys/module/xt_ndpi/parameters/err_oversize:0
/sys/module/xt_ndpi/parameters/err_prot_err:0
/sys/module/xt_ndpi/parameters/err_prot_err1:0
/sys/module/xt_ndpi/parameters/err_skb_linear:0
/sys/module/xt_ndpi/parameters/flow_created:37
/sys/module/xt_ndpi/parameters/flow_deleted:6
/sys/module/xt_ndpi/parameters/flow_read_debug:0
/sys/module/xt_ndpi/parameters/id_num:33
/sys/module/xt_ndpi/parameters/ipv4:6578
/sys/module/xt_ndpi/parameters/ipv6:0
/sys/module/xt_ndpi/parameters/l4mismatch:0
/sys/module/xt_ndpi/parameters/l4mis_size:0
/sys/module/xt_ndpi/parameters/lib_trace:0
/sys/module/xt_ndpi/parameters/max_parsed_lines:0
/sys/module/xt_ndpi/parameters/max_unk_other:20
/sys/module/xt_ndpi/parameters/max_unk_tcp:20
/sys/module/xt_ndpi/parameters/max_unk_udp:20
/sys/module/xt_ndpi/parameters/mtu:48000
/sys/module/xt_ndpi/parameters/ndpi_enable_flow:0
/sys/module/xt_ndpi/parameters/ndpi_flow_limit:10000000
/sys/module/xt_ndpi/parameters/ndpi_match:6594
/sys/module/xt_ndpi/parameters/ndpi_size_flow_struct:2544
/sys/module/xt_ndpi/parameters/ndpi_size_hash_ip4p_node:32
/sys/module/xt_ndpi/parameters/ndpi_size_id_struct:256
/sys/module/xt_ndpi/parameters/ndpi_stun_cache:0
/sys/module/xt_ndpi/parameters/noncached:343
/sys/module/xt_ndpi/parameters/nonip:0
/sys/module/xt_ndpi/parameters/non_tcpudp:0
/sys/module/xt_ndpi/parameters/skb_lin:288
/sys/module/xt_ndpi/parameters/skb_seg:55
/sys/module/xt_ndpi/parameters/tls_buf_size:4
/sys/module/xt_ndpi/parameters/xt_debug:0

after hours:

❯ grep . /sys/module/xt_ndpi/parameters/*
/sys/module/xt_ndpi/parameters/bt_gc_count:0
/sys/module/xt_ndpi/parameters/bt_hash_size:0
/sys/module/xt_ndpi/parameters/bt_hash_timeout:1200
/sys/module/xt_ndpi/parameters/bt_log_size:128
/sys/module/xt_ndpi/parameters/cached:5475299
/sys/module/xt_ndpi/parameters/c_last_ct_not:0
/sys/module/xt_ndpi/parameters/c_magic_not:2782598
/sys/module/xt_ndpi/parameters/c_skb_not:0
/sys/module/xt_ndpi/parameters/ct_confirm:1931857
/sys/module/xt_ndpi/parameters/err_add_ndpi:0
/sys/module/xt_ndpi/parameters/err_alloc_flow:0
/sys/module/xt_ndpi/parameters/err_alloc_id:0
/sys/module/xt_ndpi/parameters/err_bad_tcp_udp:0
/sys/module/xt_ndpi/parameters/err_ip_frag_len:0
/sys/module/xt_ndpi/parameters/err_oversize:0
/sys/module/xt_ndpi/parameters/err_prot_err:0
/sys/module/xt_ndpi/parameters/err_prot_err1:0
/sys/module/xt_ndpi/parameters/err_skb_linear:0
/sys/module/xt_ndpi/parameters/flow_created:44522
/sys/module/xt_ndpi/parameters/flow_deleted:44413
/sys/module/xt_ndpi/parameters/flow_read_debug:0
/sys/module/xt_ndpi/parameters/id_num:88
/sys/module/xt_ndpi/parameters/ipv4:9223933
/sys/module/xt_ndpi/parameters/ipv6:0
/sys/module/xt_ndpi/parameters/l4mismatch:427
/sys/module/xt_ndpi/parameters/l4mis_size:37996
/sys/module/xt_ndpi/parameters/lib_trace:0
/sys/module/xt_ndpi/parameters/max_parsed_lines:0
/sys/module/xt_ndpi/parameters/max_unk_other:20
/sys/module/xt_ndpi/parameters/max_unk_tcp:20
/sys/module/xt_ndpi/parameters/max_unk_udp:20
/sys/module/xt_ndpi/parameters/mtu:48000
/sys/module/xt_ndpi/parameters/ndpi_enable_flow:0
/sys/module/xt_ndpi/parameters/ndpi_flow_limit:10000000
/sys/module/xt_ndpi/parameters/ndpi_match:9223979
/sys/module/xt_ndpi/parameters/ndpi_size_flow_struct:2544
/sys/module/xt_ndpi/parameters/ndpi_size_hash_ip4p_node:32
/sys/module/xt_ndpi/parameters/ndpi_size_id_struct:256
/sys/module/xt_ndpi/parameters/ndpi_stun_cache:0
/sys/module/xt_ndpi/parameters/noncached:2260192
/sys/module/xt_ndpi/parameters/nonip:0
/sys/module/xt_ndpi/parameters/non_tcpudp:912
/sys/module/xt_ndpi/parameters/skb_lin:2177856
/sys/module/xt_ndpi/parameters/skb_seg:82339
/sys/module/xt_ndpi/parameters/tls_buf_size:4
/sys/module/xt_ndpi/parameters/xt_debug:0

/sys/module/xt_ndpi/parameters/ct_confirm:1931857

This is the cause of the error problem.

If "conntrack -L" does not show connections, then you need to add a rule that checks the state of connections (for example, "iptables .... -m state INVALID"). In what chain this rule will be - it is absolutely unimportant. Starting with some versions of kernels, conntrack is enabled only if there are certain rules: checking the state of the connection and NAT.

If "conntrack -L" shows connections, then the problem is with the connlabel. The location where problems with conntrack are found can be found by the code "COUNTER (ndpip31)". This is your kernel-mutated problem. A significant change to the connlabel kernel code was in kernel 4.8.0 Find the lines with "net-> ct.label" and try to figure out which version your kernel belongs to.

I test conntrack -L it does show connections. sot the problem is with the connlabel

I cannot reproduce your error.

root@localhost ~]# uname -r
4.18.0-305.7.1.el8_4.x86_64

iptables -t mangle -F
iptables -F
iptables -t mangle -A PREROUTING -m ndpi --all
iptables -t mangle -A PREROUTING -m ndpi --error
iptables -t mangle -A OUTPUT -m ndpi --all
iptables -t mangle -A OUTPUT -m ndpi --error

iptables -A INPUT -m ndpi --proto ssh
iptables -A OUTPUT -m ndpi --proto ssh

[root@localhost ~]# iptables -nvxL
Chain INPUT (policy ACCEPT 82234 packets, 147509598 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
     298    22576            all  --  *      *       0.0.0.0/0            0.0.0.0/0            ndpi protocol ssh

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 44700 packets, 2365753 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
     206    29430            all  --  *      *       0.0.0.0/0            0.0.0.0/0            ndpi protocol ssh
[root@localhost ~]# iptables -t mangle -nvxL
Chain PREROUTING (policy ACCEPT 82286 packets, 147513306 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
     537   328797            all  --  *      *       0.0.0.0/0            0.0.0.0/0            ndpi all protocols
       0        0            all  --  *      *       0.0.0.0/0            0.0.0.0/0            ndpi error

Chain INPUT (policy ACCEPT 82286 packets, 147513306 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 44729 packets, 2369257 bytes)
    pkts      bytes target     prot opt in     out     source               destination         
     416    43644            all  --  *      *       0.0.0.0/0            0.0.0.0/0            ndpi all protocols
       0        0            all  --  *      *       0.0.0.0/0            0.0.0.0/0            ndpi error

Chain POSTROUTING (policy ACCEPT 44729 packets, 2369257 bytes)
    pkts      bytes target     prot opt in     out     source               destination

vel21ripn / nDPI

compile successfully under CentOS 8 / Stream but works with lots of error #112