BrainSlayer commented 5 years ago

proc entries can only have a size of a PAGE_SIZE block. this works for X64 which has 128K page size. but most systems (especially embedded systems) only have a PAGE_SIZE of 4 KB. so the protocol list is shorted to 74 entries which has influence to the libxt_ndpi implementation which reads the protocol list from this path. so netfilter ndpi / flow whatever does not work on any system but X64. the only solution is still to keep the protocol list hardcoded in the iptables module

BrainSlayer commented 5 years ago

proof

root@apreithalle:/proc/2492/net/xt_ndpi# cat proto

id mark ~mask name # count #version 2.8.0-1522-b353209

00 0/000001ff Unknown # 330 debug=0 01 1/000001ff FTP_CONTROL # 0 debug=0 02 2/000001ff POP3 # 0 debug=0 03 3/000001ff SMTP # 0 debug=0 04 4/000001ff IMAP # 0 debug=0 05 5/000001ff DNS # 193 debug=0 06 6/000001ff IPP # 0 debug=0 07 7/000001ff HTTP # 92 debug=0 08 8/000001ff MDNS # 0 debug=0 09 9/000001ff NTP # 0 debug=0 0a a/000001ff NetBIOS # 25 debug=0 0b b/000001ff NFS # 0 debug=0 0c c/000001ff SSDP # 1321 debug=0 0d d/000001ff BGP # 0 debug=0 0e e/000001ff SNMP # 0 debug=0 0f f/000001ff XDMCP # 0 debug=0 10 10/000001ff SMBv1 # 0 debug=0 11 11/000001ff Syslog # 0 debug=0 12 12/000001ff DHCP # 2 debug=0 13 13/000001ff PostgreSQL # 0 debug=0 14 14/000001ff MySQL # 0 debug=0 15 15/000001ff Hotmail # 0 debug=0 16 16/000001ff Direct_Download_Link # 0 debug=0 17 17/000001ff POPS # 0 debug=0 18 18/000001ff AppleJuice # 0 debug=0 19 19/000001ff DirectConnect # 0 debug=0 1a 1a/000001ff ntop # 0 debug=0 1b 1b/000001ff COAP # 0 debug=0 1c 1c/000001ff VMware # 0 debug=0 1d 1d/000001ff SMTPS # 0 debug=0 1e 1e/000001ff FacebookZero # 0 debug=0 1f 1f/000001ff UBNTAC2 # 0 debug=0 20 20/000001ff Kontiki # 0 debug=0 21 21/000001ff OpenFT # 0 debug=0 22 22/000001ff FastTrack # 0 debug=0 23 23/000001ff Gnutella # 0 debug=0 24 24/000001ff eDonkey # 0 debug=0 25 25/000001ff BitTorrent # 12 debug=0 26 26/000001ff SkypeCall # 0 debug=0 27 27/000001ff Signal # 0 debug=0 28 28/000001ff Memcached # 0 debug=0 29 29/000001ff SMBv23 # 0 debug=0 2a 2a/000001ff Mining # 0 debug=0 2b 2b/000001ff NestLogSink # 0 debug=0 2c 2c/000001ff Modbus # 0 debug=0 2d 2d/000001ff Free # 0 debug=0 2e 2e/000001ff Free # 0 debug=0 2f 2f/000001ff Xbox # 0 debug=0 30 30/000001ff QQ # 0 debug=0 31 31/000001ff Free_49 # 0 debug=0 32 32/000001ff RTSP # 0 debug=0 33 33/000001ff IMAPS # 0 debug=0 34 34/000001ff IceCast # 0 debug=0 35 35/000001ff PPLive # 0 debug=0 36 36/000001ff PPStream # 0 debug=0 37 37/000001ff Zattoo # 0 debug=0 38 38/000001ff ShoutCast # 0 debug=0 39 39/000001ff Sopcast # 0 debug=0 3a 3a/000001ff Tvants # 0 debug=0 3b 3b/000001ff TVUplayer # 0 debug=0 3c 3c/000001ff HTTP_Download # 0 debug=0 3d 3d/000001ff QQLive # 0 debug=0 3e 3e/000001ff Thunder # 0 debug=0 3f 3f/000001ff Soulseek # 0 debug=0 40 40/000001ff SSL_No_Cert # 0 debug=0 41 41/000001ff IRC # 0 debug=0 42 42/000001ff Ayiya # 0 debug=0 43 43/000001ff Unencrypted_Jabber # 479 debug=0 44 44/000001ff MSN # 0 debug=0 45 45/000001ff Oscar # 0 debug=0 46 46/000001ff Yahoo # 0 debug=0 47 47/000001ff BattleField # 0 debug=0 48 48/000001ff GooglePlus # 0 debug=0 49 49/000001ff VRRP # 0 debug=0 4a 4a/000001ff Steam # 0 debug=0 4b 4b/000001ff HalfLife2 # 0 debug=0 4c 4c/000001ff WorldOfWarcraft # 0 debug=0 4d 4d/000001ff Telnet # 455 debug=0 root@apreithalle:/proc/2492/net/xt_ndpi#

vel21ripn commented 5 years ago

proc entries can only have a size of a PAGE_SIZE block. In xt_ndpi, all entries are less than 512 bytes. There is a problem with xt_ndpi if you read the data in very small chunks.

this works for X64 which has 128K page size. but most systems (especially embedded systems) only have a PAGE_SIZE of 4 KB.

i[3456]86 have PAGE_SIZE 4096 bytes.

so the protocol list is shorted to 74 entries which has influence to the libxt_ndpi implementation which reads the protocol list from this path. so netfilter ndpi / flow whatever does not work on any system but X64.

This is wrong. On i386 xt_ndpi works.

Linux ls-gw2 4.4.189 #8 SMP Mon Aug 12 22:14:42 MSK 2019 i686 Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz GenuineIntel GNU/Linux
root@ls-gw2:~# cat /proc/net/xt_ndpi/proto | wc
    321    1852   16169
root@ls-gw2:~# cat /proc/net/xt_ndpi/flows | wc
 175533 2500577 17925299

the only solution is still to keep the protocol list hardcoded in the iptables module

And how does that help? xt_ndpi does not bind to page size. I cannot understand why you are getting this error. Please show

uname -a

and

strace cat /proc/net/xt_ndpi/proto >/dev/zero

BrainSlayer commented 5 years ago

consider that i tested this on a arm system. the iptables module does not read the full list. the list is restricted to 4096. after some research i found out that its restricted to the PAGE_SIZE limit. this may of course also not apply to X86. i cannot check this right now. i just know that the PAGE_SIZE on x64 is 128k which was also shown on the count field of the read method of proc_read on the arm system i tested it was 4096b. the output i shows you was made on this arm system and so i had to modify the iptables module to use a hardcoded service list to make use of the full ndpi services list.

Am 10.09.2019 um 15:41 schrieb Vitaly Lavrov:

|proc entries can only have a size of a PAGE_SIZE block. | In xt_ndpi, all entries are less than 512 bytes. There is a problem with xt_ndpi if you read the data in very small chunks.

|this works for X64 which has 128K page size. but most systems (especially embedded systems) only have a PAGE_SIZE of 4 KB.|

i[3456]86 have PAGE_SIZE 4096 bytes.

|so the protocol list is shorted to 74 entries which has influence to the libxt_ndpi implementation which reads the protocol list from this path. so netfilter ndpi / flow whatever does not work on any system but X64.|

This is wrong. On i386 xt_ndpi works.

|Linux ls-gw2 4.4.189 #8 SMP Mon Aug 12 22:14:42 MSK 2019 i686 Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz GenuineIntel GNU/Linux root@ls-gw2:~# cat /proc/net/xt_ndpi/proto | wc 321 1852 16169 root@ls-gw2:~# cat /proc/net/xt_ndpi/flows | wc 175533 2500577 17925299 |

|the only solution is still to keep the protocol list hardcoded in the iptables module|

And how does that help? xt_ndpi does not bind to page size. I cannot understand why you are getting this error. Please show

|uname -a |

and

|strace cat /proc/net/xt_ndpi/proto >/dev/zero |

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/vel21ripn/nDPI/issues/67?email_source=notifications&email_token=AB2WNE7WNQJSBHHVCNZUM4DQI6P2DA5CNFSM4IVG7OQKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6LEBMA#issuecomment-529940656, or mute the thread https://github.com/notifications/unsubscribe-auth/AB2WNEYGP7ATW245NUBVQELQI6P2DANCNFSM4IVG7OQA.

BrainSlayer commented 5 years ago

this is my working solution for the iptables module

static char *prot_short_str[NDPI_NUM_BITS] = { "unknown","ftp_control","pop3","smtp","imap","dns","ipp","http","mdns","ntp","netbios","nfs","ssdp","bgp","snmp","xdmcp","smbv1","syslog","dhcp","postgresql","mysql","hotmail","direct_download_link","pops","applejuice","directconnect","ntop","coap","vmware","smtps","facebookzero","ubntac2","kontiki","openft","fasttrack","gnutella","edonkey","bittorrent","skypecall","signal","memcached","smbv23","mining","nestlogsink","modbus","free","free","xbox","qq","free_49","rtsp","imaps","icecast","pplive","ppstream","zattoo","shoutcast","sopcast","tvants","tvuplayer","http_download","qqlive","thunder","soulseek","ssl_no_cert","irc","ayiya","unencrypted_jabber","msn","oscar","yahoo","battlefield","googleplus","vrrp","steam","halflife2","worldofwarcraft","telnet","stun","ipsec","gre","icmp","igmp","egp","sctp","ospf","ip_in_ip","rtp","rdp","vnc","pcanywhere","ssl","ssh","usenet","mgcp","iax","tftp","afp","stealthnet","aimini","sip","truphone","icmpv6","dhcpv6","armagetron","crossfire","dofus","fiesta","florensia","guildwars","http_activesync","kerberos","ldap","maplestory","mssql-tds","pptp","warcraft3","worldofkungfu","slack","facebook","twitter","dropbox","gmail","googlemaps","youtube","skype","google","dce_rpc","netflow","sflow","http_connect","http_proxy","citrix","netflix","lastfm","waze","youtubeupload","genericprotocol","checkmk","ajp","apple","webex","whatsapp","appleicloud","viber","appleitunes","radius","windowsupdate","teamviewer","tuenti","lotusnotes","sap","gtp","upnp","llmnr","remotescan","spotify","messenger","h323","openvpn","noe","ciscovpn","teamspeak","tor","ciscoskinny","rtcp","rsync","oracle","corba","ubuntuone","whois-das","collectd","socks","nintendo","rtmp","ftp_data","wikipedia","zeromq","amazon","ebay","cnn","megaco","redis","pando_media_booster","vhua","telegram","vevo","pandora","quic","whatsappvoice","eaq","ookla","amqp","kakaotalk","kakaotalk_voice","twitch","free","wechat","mpeg_ts","snapchat","sina(weibo)","googlehangout","iflix","github","bjnp","free","ppstream","smpp","dnscrypt","tinc","deezer","instagram","microsoft","starcraft","teredo","hotspotshield","hep","googledrive","ocs","office365","cloudflare","ms_onedrive","mqtt","rx","applestore","opendns","git","drda","playstore","someip","fix","playstation","pastebin","linkedin","soundcloud","csgo","lisp","diameter","applepush","googleservices","amazonvideo","googledocs","whatsappfiles","targus"};

BrainSlayer commented 5 years ago

uname -a (if that helps, bit it doesnt of course)

Linux apreithalle 4.9.192 #469 SMP Tue Sep 10 14:00:11 CEST 2019 armv7l DD-WRT

BrainSlayer commented 5 years ago

cat /proc/net/xt_ndpi/proto | wc
79 476 4065

BrainSlayer commented 5 years ago

root@apreithalle:~# /tmp/strace cat /proc/net/xt_ndpi/proto >/dev/zero execve("/bin/cat", ["cat", "/proc/net/xt_ndpi/proto"], 0xbe90ece4 / 14 vars /) = 0 set_tls(0xb6f3765c) = 0 set_tid_address(0xb6f38210) = 5042 open("/lib/libnvram.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 fstat64(3, {st_mode=S_IFREG|0755, st_size=25658, ...}) = 0 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\210\"\0\0004\0\0\0"..., 936) = 936 mmap2(NULL, 94208, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xb6ea9000 mmap2(0xb6ebe000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x5000) = 0xb6ebe000 close(3) = 0 open("/lib/libshutils.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/usr/lib/libshutils.so", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 fstat64(3, {st_mode=S_IFREG|0755, st_size=45966, ...}) = 0 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0(D\0\0004\0\0\0"..., 936) = 936 mmap2(NULL, 114688, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xb6e8d000 mmap2(0xb6ea6000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x9000) = 0xb6ea6000 close(3) = 0 open("/lib/libgcc_s.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=45347, ...}) = 0 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0`E\0\0004\0\0\0"..., 936) = 936 mmap2(NULL, 114688, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xb6e71000 mmap2(0xb6e8b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xa000) = 0xb6e8b000 close(3) = 0 mprotect(0xb6ebe000, 4096, PROT_READ) = 0 mprotect(0xb6ea6000, 4096, PROT_READ) = 0 mprotect(0xb6e8b000, 4096, PROT_READ) = 0 mprotect(0x91000, 4096, PROT_READ) = 0 prctl(PR_SET_NAME, "cat") = 0 getuid32() = 0 open("/proc/net/xt_ndpi/proto", O_RDONLY|O_LARGEFILE) = 3 sendfile64(1, 3, NULL, 16777216) = 4073 sendfile64(1, 3, NULL, 16777216) = 0 close(3) = 0 exit_group(0) = ? +++ exited with 0 +++

vel21ripn commented 5 years ago

sendfile64(1, 3, NULL, 16777216) = 4073

The weird cat uses sendfile() instead of read / write. Try using dd.

dd if=/proc/net/xt_ndpi/proto bs=4096

I will see what is needed to read data using sendfile(). sendfile() is mmap(), which is usually not used for procfs.

BrainSlayer commented 5 years ago

you are right. dd works. but btw. doesnt it makes sense to convert the proto list to lowercase to stay compatible with the older netfilter dpi versions? the --proto 'proto' variant is case insensitive. but not the --'proto' variant. for instance -m ndpi --ssh was working in older versions. in newer vesions you must use now -SSH since this argument is not case insensitive

root@apreithalle:~# dd if=/proc/net/xt_ndpi/proto bs=4096

id mark ~mask name # count #version 2.8.0-1522-b353209

00 0/000001ff Unknown # 495 debug=0 01 1/000001ff FTP_CONTROL # 0 debug=0 02 2/000001ff POP3 # 0 debug=0 03 3/000001ff SMTP # 0 debug=0 04 4/000001ff IMAP # 0 debug=0 05 5/000001ff DNS # 1816 debug=0 06 6/000001ff IPP # 0 debug=0 07 7/000001ff HTTP # 53 debug=0 08 8/000001ff MDNS # 1434 debug=0 09 9/000001ff NTP # 26 debug=0 0a a/000001ff NetBIOS # 1111 debug=0 0b b/000001ff NFS # 0 debug=0 0c c/000001ff SSDP # 40618 debug=0 0d d/000001ff BGP # 0 debug=0 0e e/000001ff SNMP # 0 debug=0 0f f/000001ff XDMCP # 0 debug=0 10 10/000001ff SMBv1 # 0 debug=0 11 11/000001ff Syslog # 0 debug=0 12 12/000001ff DHCP # 645 debug=0 13 13/000001ff PostgreSQL # 0 debug=0 14 14/000001ff MySQL # 0 debug=0 15 15/000001ff Hotmail # 0 debug=0 16 16/000001ff Direct_Download_Link # 0 debug=0 17 17/000001ff POPS # 0 debug=0 18 18/000001ff AppleJuice # 0 debug=0 19 19/000001ff DirectConnect # 0 debug=0 1a 1a/000001ff ntop # 0 debug=0 1b 1b/000001ff COAP # 0 debug=0 1c 1c/000001ff VMware # 0 debug=0 1d 1d/000001ff SMTPS # 0 debug=0 1e 1e/000001ff FacebookZero # 0 debug=0 1f 1f/000001ff UBNTAC2 # 0 debug=0 20 20/000001ff Kontiki # 0 debug=0 21 21/000001ff OpenFT # 0 debug=0 22 22/000001ff FastTrack # 0 debug=0 23 23/000001ff Gnutella # 0 debug=0 24 24/000001ff eDonkey # 0 debug=0 25 25/000001ff BitTorrent # 220 debug=0 26 26/000001ff SkypeCall # 0 debug=0 27 27/000001ff Signal # 0 debug=0 28 28/000001ff Memcached # 0 debug=0 29 29/000001ff SMBv23 # 0 debug=0 2a 2a/000001ff Mining # 0 debug=0 2b 2b/000001ff NestLogSink # 0 debug=0 2c 2c/000001ff Modbus # 0 debug=0 2d 2d/000001ff Free # 0 debug=0 2e 2e/000001ff Free # 0 debug=0 2f 2f/000001ff Xbox # 0 debug=0 30 30/000001ff QQ # 0 debug=0 31 31/000001ff Free_49 # 0 debug=0 32 32/000001ff RTSP # 0 debug=0 33 33/000001ff IMAPS # 0 debug=0 34 34/000001ff IceCast # 0 debug=0 35 35/000001ff PPLive # 0 debug=0 36 36/000001ff PPStream # 0 debug=0 37 37/000001ff Zattoo # 0 debug=0 38 38/000001ff ShoutCast # 0 debug=0 39 39/000001ff Sopcast # 0 debug=0 3a 3a/000001ff Tvants # 0 debug=0 3b 3b/000001ff TVUplayer # 0 debug=0 3c 3c/000001ff HTTP_Download # 0 debug=0 3d 3d/000001ff QQLive # 0 debug=0 3e 3e/000001ff Thunder # 0 debug=0 3f 3f/000001ff Soulseek # 0 debug=0 40 40/000001ff SSL_No_Cert # 0 debug=0 41 41/000001ff IRC # 0 debug=0 42 42/000001ff Ayiya # 0 debug=0 43 43/000001ff Unencrypted_Jabber # 6281 debug=0 44 44/000001ff MSN # 2 debug=0 45 45/000001ff Oscar # 0 debug=0 46 46/000001ff Yahoo # 0 debug=0 47 47/000001ff BattleField # 0 debug=0 48 48/000001ff GooglePlus # 0 debug=0 49 49/000001ff VRRP # 0 debug=0 4a 4a/000001ff Steam # 0 debug=0 4b 4b/000001ff HalfLife2 # 0 debug=0 4c 4c/000001ff WorldOfWarcraft # 0 debug=0 4d 4d/000001ff Telnet # 389 debug=0 4e 4e/000001ff STUN # 0 debug=0 4f 4f/000001ff IPsec # 0 debug=0 50 50/000001ff GRE # 0 debug=0 51 51/000001ff ICMP # 8 debug=0 52 52/000001ff IGMP # 5294 debug=0 53 53/000001ff EGP # 0 debug=0 54 54/000001ff SCTP # 0 debug=0 55 55/000001ff OSPF # 0 debug=0 56 56/000001ff IP_in_IP # 0 debug=0 57 57/000001ff RTP # 0 debug=0 58 58/000001ff RDP # 0 debug=0 59 59/000001ff VNC # 0 debug=0 5a 5a/000001ff PcAnywhere # 0 debug=0 5b 5b/000001ff SSL # 29 debug=0 5c 5c/000001ff SSH # 13 debug=0 5d 5d/000001ff Usenet # 0 debug=0 5e 5e/000001ff MGCP # 0 debug=0 5f 5f/000001ff IAX # 0 debug=0 60 60/000001ff TFTP # 0 debug=0 61 61/000001ff AFP # 0 debug=0 62 62/000001ff Stealthnet # 0 debug=0 63 63/000001ff Aimini # 0 debug=0 64 64/000001ff SIP # 0 debug=0 65 65/000001ff TruPhone # 0 debug=0 66 66/000001ff ICMPV6 # 0 debug=0 67 67/000001ff DHCPV6 # 0 debug=0 68 68/000001ff Armagetron # 0 debug=0 69 69/000001ff Crossfire # 0 debug=0 6a 6a/000001ff Dofus # 0 debug=0 6b 6b/000001ff Fiesta # 0 debug=0 6c 6c/000001ff Florensia # 0 debug=0 6d 6d/000001ff Guildwars # 0 debug=0 6e 6e/000001ff HTTP_ActiveSync # 0 debug=0 6f 6f/000001ff Kerberos # 0 debug=0 70 70/000001ff LDAP # 0 debug=0 71 71/000001ff MapleStory # 0 debug=0 72 72/000001ff MsSQL-TDS # 0 debug=0 73 73/000001ff PPTP # 0 debug=0 74 74/000001ff Warcraft3 # 0 debug=0 75 75/000001ff WorldOfKungFu # 0 debug=0 76 76/000001ff Slack # 0 debug=0 77 77/000001ff Facebook # 3 debug=0 78 78/000001ff Twitter # 0 debug=0 79 79/000001ff Dropbox # 0 debug=0 7a 7a/000001ff GMail # 0 debug=0 7b 7b/000001ff GoogleMaps # 0 debug=0 7c 7c/000001ff YouTube # 0 debug=0 7d 7d/000001ff Skype # 20 debug=0 7e 7e/000001ff Google # 6 debug=0 7f 7f/000001ff DCE_RPC # 0 debug=0 80 80/000001ff NetFlow # 0 debug=0 81 81/000001ff sFlow # 0 debug=0 82 82/000001ff HTTP_Connect # 0 debug=0 83 83/000001ff HTTP_Proxy # 15798 debug=0 84 84/000001ff Citrix # 0 debug=0 85 85/000001ff NetFlix # 0 debug=0 86 86/000001ff LastFM # 0 debug=0 87 87/000001ff Waze # 0 debug=0 88 88/000001ff YouTubeUpload # 0 debug=0 89 89/000001ff GenericProtocol # 0 debug=0 8a 8a/000001ff CHECKMK # 0 debug=0 8b 8b/000001ff AJP # 0 debug=0 8c 8c/000001ff Apple # 0 debug=0 8d 8d/000001ff Webex # 0 debug=0 8e 8e/000001ff WhatsApp # 2 debug=0 8f 8f/000001ff AppleiCloud # 0 debug=0 90 90/000001ff Viber # 8 debug=0 91 91/000001ff AppleiTunes # 0 debug=0 92 92/000001ff Radius # 0 debug=0 93 93/000001ff WindowsUpdate # 0 debug=0 94 94/000001ff TeamViewer # 0 debug=0 95 95/000001ff Tuenti # 0 debug=0 96 96/000001ff LotusNotes # 0 debug=0 97 97/000001ff SAP # 0 debug=0 98 98/000001ff GTP # 0 debug=0 99 99/000001ff UPnP # 894 debug=0 9a 9a/000001ff LLMNR # 438 debug=0 9b 9b/000001ff RemoteScan # 0 debug=0 9c 9c/000001ff Spotify # 0 debug=0 9d 9d/000001ff Messenger # 0 debug=0 9e 9e/000001ff H323 # 0 debug=0 9f 9f/000001ff OpenVPN # 0 debug=0 a0 a0/000001ff NOE # 0 debug=0 a1 a1/000001ff CiscoVPN # 0 debug=0 a2 a2/000001ff TeamSpeak # 0 debug=0 a3 a3/000001ff Tor # 0 debug=0 a4 a4/000001ff CiscoSkinny # 0 debug=0 a5 a5/000001ff RTCP # 0 debug=0 a6 a6/000001ff RSYNC # 0 debug=0 a7 a7/000001ff Oracle # 0 debug=0 a8 a8/000001ff Corba # 0 debug=0 a9 a9/000001ff UbuntuONE # 0 debug=0 aa aa/000001ff Whois-DAS # 0 debug=0 ab ab/000001ff Collectd # 0 debug=0 ac ac/000001ff SOCKS # 0 debug=0 ad ad/000001ff Nintendo # 0 debug=0 ae ae/000001ff RTMP # 0 debug=0 af af/000001ff FTP_DATA # 0 debug=0 b0 b0/000001ff Wikipedia # 0 debug=0 b1 b1/000001ff ZeroMQ # 0 debug=0 b2 b2/000001ff Amazon # 7 debug=0 b3 b3/000001ff eBay # 0 debug=0 b4 b4/000001ff CNN # 0 debug=0 b5 b5/000001ff Megaco # 0 debug=0 b6 b6/000001ff Redis # 0 debug=0 b7 b7/000001ff Pando_Media_Booster # 0 debug=0 b8 b8/000001ff VHUA # 0 debug=0 b9 b9/000001ff Telegram # 0 debug=0 ba ba/000001ff Vevo # 0 debug=0 bb bb/000001ff Pandora # 0 debug=0 bc bc/000001ff QUIC # 0 debug=0 bd bd/000001ff WhatsAppVoice # 0 debug=0 be be/000001ff EAQ # 0 debug=0 bf bf/000001ff Ookla # 32 debug=0 c0 c0/000001ff AMQP # 0 debug=0 c1 c1/000001ff KakaoTalk # 0 debug=0 c2 c2/000001ff KakaoTalk_Voice # 0 debug=0 c3 c3/000001ff Twitch # 0 debug=0 c4 c4/000001ff Free # 0 debug=0 c5 c5/000001ff WeChat # 0 debug=0 c6 c6/000001ff MPEG_TS # 0 debug=0 c7 c7/000001ff Snapchat # 0 debug=0 c8 c8/000001ff Sina(Weibo) # 0 debug=0 c9 c9/000001ff GoogleHangout # 0 debug=0 ca ca/000001ff IFLIX # 0 debug=0 cb cb/000001ff Github # 0 debug=0 cc cc/000001ff BJNP # 0 debug=0 cd cd/000001ff Free # 0 debug=0 ce ce/000001ff PPStream # 0 debug=0 cf cf/000001ff SMPP # 0 debug=0 d0 d0/000001ff DNScrypt # 0 debug=0 d1 d1/000001ff TINC # 0 debug=0 d2 d2/000001ff Deezer # 0 debug=0 d3 d3/000001ff Instagram # 0 debug=0 d4 d4/000001ff Microsoft # 6 debug=0 d5 d5/000001ff Starcraft # 0 debug=0 d6 d6/000001ff Teredo # 0 debug=0 d7 d7/000001ff HotspotShield # 0 debug=0 d8 d8/000001ff HEP # 0 debug=0 d9 d9/000001ff GoogleDrive # 0 debug=0 da da/000001ff OCS # 0 debug=0 db db/000001ff Office365 # 2 debug=0 dc dc/000001ff Cloudflare # 0 debug=0 dd dd/000001ff MS_OneDrive # 0 debug=0 de de/000001ff MQTT # 0 debug=0 df df/000001ff RX # 0 debug=0 e0 e0/000001ff AppleStore # 0 debug=0 e1 e1/000001ff OpenDNS # 0 debug=0 e2 e2/000001ff Git # 0 debug=0 e3 e3/000001ff DRDA # 0 debug=0 e4 e4/000001ff PlayStore # 0 debug=0 e5 e5/000001ff SOMEIP # 0 debug=0 e6 e6/000001ff FIX # 0 debug=0 e7 e7/000001ff Playstation # 0 debug=0 e8 e8/000001ff Pastebin # 0 debug=0 e9 e9/000001ff LinkedIn # 0 debug=0 ea ea/000001ff SoundCloud # 0 debug=0 eb eb/000001ff CSGO # 0 debug=0 ec ec/000001ff LISP # 0 debug=0 ed ed/000001ff Diameter # 0 debug=0 ee ee/000001ff ApplePush # 0 debug=0 ef ef/000001ff GoogleServices # 3 debug=0 f0 f0/000001ff AmazonVideo # 0 debug=0 f1 f1/000001ff GoogleDocs # 0 debug=0 f2 f2/000001ff WhatsAppFiles # 1 debug=0 f3 f3/000001ff Targus Dataspeed # 0 debug=0 f4 f4/000001ff WireGuard # 0 debug=0 f5 f5/000001ff custom245 # 0 debug=0 f6 f6/000001ff custom246 # 0 debug=0 f7 f7/000001ff custom247 # 0 debug=0 f8 f8/000001ff custom248 # 0 debug=0 f9 f9/000001ff custom249 # 0 debug=0 fa fa/000001ff custom250 # 0 debug=0 fb fb/000001ff custom251 # 0 debug=0 fc fc/000001ff custom252 # 0 debug=0 fd fd/000001ff custom253 # 0 debug=0 fe fe/000001ff custom254 # 0 debug=0 ff ff/000001ff custom255 # 0 debug=0 100 100/000001ff custom256 # 0 debug=0 101 101/000001ff custom257 # 0 debug=0 102 102/000001ff custom258 # 0 debug=0 103 103/000001ff custom259 # 0 debug=0 104 104/000001ff custom260 # 0 debug=0 105 105/000001ff custom261 # 0 debug=0 106 106/000001ff custom262 # 0 debug=0 107 107/000001ff custom263 # 0 debug=0 108 108/000001ff custom264 # 0 debug=0 109 109/000001ff custom265 # 0 debug=0 10a 10a/000001ff custom266 # 0 debug=0 10b 10b/000001ff custom267 # 0 debug=0 10c 10c/000001ff custom268 # 0 debug=0 10d 10d/000001ff custom269 # 0 debug=0 10e 10e/000001ff custom270 # 0 debug=0 10f 10f/000001ff custom271 # 0 debug=0 110 110/000001ff custom272 # 0 debug=0 111 111/000001ff custom273 # 0 debug=0 112 112/000001ff custom274 # 0 debug=0 113 113/000001ff custom275 # 0 debug=0 114 114/000001ff custom276 # 0 debug=0 115 115/000001ff custom277 # 0 debug=0 116 116/000001ff custom278 # 0 debug=0 117 117/000001ff custom279 # 0 debug=0 118 118/000001ff custom280 # 0 debug=0 119 119/000001ff custom281 # 0 debug=0 11a 11a/000001ff custom282 # 0 debug=0 11b 11b/000001ff custom283 # 0 debug=0 11c 11c/000001ff custom284 # 0 debug=0 11d 11d/000001ff custom285 # 0 debug=0 11e 11e/000001ff custom286 # 0 debug=0 11f 11f/000001ff custom287 # 0 debug=0 120 120/000001ff custom288 # 0 debug=0 121 121/000001ff custom289 # 0 debug=0 122 122/000001ff custom290 # 0 debug=0 123 123/000001ff custom291 # 0 debug=0 124 124/000001ff custom292 # 0 debug=0 125 125/000001ff custom293 # 0 debug=0 126 126/000001ff custom294 # 0 debug=0 127 127/000001ff custom295 # 0 debug=0 128 128/000001ff custom296 # 0 debug=0 129 129/000001ff custom297 # 0 debug=0 12a 12a/000001ff custom298 # 0 debug=0 12b 12b/000001ff custom299 # 0 debug=0 12c 12c/000001ff custom300 # 0 debug=0 12d 12d/000001ff custom301 # 0 debug=0 12e 12e/000001ff custom302 # 0 debug=0 12f 12f/000001ff custom303 # 0 debug=0 130 130/000001ff custom304 # 0 debug=0 131 131/000001ff custom305 # 0 debug=0 132 132/000001ff custom306 # 0 debug=0 133 133/000001ff custom307 # 0 debug=0 134 134/000001ff custom308 # 0 debug=0 135 135/000001ff custom309 # 0 debug=0 136 136/000001ff custom310 # 0 debug=0 137 137/000001ff custom311 # 0 debug=0 138 138/000001ff custom312 # 0 debug=0 139 139/000001ff custom313 # 0 debug=0 13a 13a/000001ff custom314 # 0 debug=0 13b 13b/000001ff custom315 # 0 debug=0 13c 13c/000001ff custom316 # 0 debug=0 13d 13d/000001ff custom317 # 0 debug=0 13e 13e/000001ff custom318 # 0 debug=0 13f 13f/000001ff custom319 # 0 debug=0 0+5 records in 0+5 records out

Am 10.09.2019 um 22:17 schrieb Vitaly Lavrov:

|dd if=/proc/net/xt_ndpi/proto bs=4096|

vel21ripn commented 5 years ago

doesnt it makes sense to convert the proto list to lowercase to stay compatible with the older netfilter dpi versions?

In older versions, the protocol list was fixed and created with a special script. The names of the basic protocols are determined by the nDPI library and their names change between versions, in addition, user-defined protocols are added. It makes no sense to hardcode this list to libxt_ndpi.

The short version of the protocol name “--proto_name” cannot be implemented due to the iptables limit of 255 short options.

BrainSlayer commented 5 years ago

it was not about hardcoding. just converting the protocol list to lowercase to prevent breakage of older user scripts using ndpi. in my case i had the option just to change all my scripts and code which uses ndpi or the more simple variant. i modified xt_ndpi to convert the list to lowercase and works still finde since nothing i use has been renamed. just the lettercase changed which is totally unneccessary

vel21ripn commented 5 years ago

See commit cff4144b8e571c966937e102b87a53fd0ea788ce

BrainSlayer commented 5 years ago

let me merge and check this. thanks

vel21ripn / nDPI

/proc/net/xt_ndpi/proto cannot work this way #67

id mark ~mask name # count #version 2.8.0-1522-b353209

id mark ~mask name # count #version 2.8.0-1522-b353209