Comments (25)
I installed the latest ndpi version from "https://github.com/ntop/nDPI" and run the ndpiReader example. it seems that torrent maching is works fine. Can i compile latest ndpi version with ndpi-netfilter?
from ndpi-netfilter.
This matter was already discussed. Please check the older topics.
from ndpi-netfilter.
Please see "kernel panic and build issue w/ current" #8
from ndpi-netfilter.
yes i read them,
for some torrents, it's working fine, but some are goes as unknown traffic.
is there anyway to block unknown traffic?
from ndpi-netfilter.
Please test this particular rule iptables -A FORWARD -m ndpi --bittorrent -j ACCEPT and check if the counters are matching most of the traffic and with what ratio.
from ndpi-netfilter.
I applied this rule to a particular ip and started downloading a torrent size of 9.82MB. But rule matched very less amount of packets as follows.
Chain INPUT (policy ACCEPT 3294 packets, 215K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 205K packets, 135M bytes)
pkts bytes target prot opt in out source destination
4216 5955K ACCEPT all -- * * 0.0.0.0/0 192.168.200.15 protocol BITTORRENT
3451 214K ACCEPT all -- * * 192.168.200.15 0.0.0.0/0 protocol BITTORRENT
Chain OUTPUT (policy ACCEPT 3281 packets, 543K bytes)
pkts bytes target prot opt in out source destination
from ndpi-netfilter.
It's nearly half of the full size of torrent.
from ndpi-netfilter.
Same issue here, only matched 78MB of 744MB, downloading torrent using aria2. But match all with rtorrent.
Using ubuntu 14.04 server, kernel 3.19.0-51.
from ndpi-netfilter.
Same results with ntopng?
from ndpi-netfilter.
Please try to connmark the bittorent connections on POSTROUTING, restore on PREROUTING and match your marks on FORWARDING. You could do the same thing with a local bt client and match on INPUT and please compare the results. thanks...
from ndpi-netfilter.
Hi Kong,
ntopng shows most of the protocol is Unknown (TCP) when using aria2 (BT 13.3%, Unknown 86.6%).
Using rtorrent: BT 97,3%, Others: 2.7%.
I will try connmark later.
from ndpi-netfilter.
I test with transmission-cli, ntopng result: BT 54,8%, Unknown: 45,2%
from ndpi-netfilter.
Below are the result of connmark bittorrent connections
************* Download torrent using aria2 *********************
Chain PREROUTING (policy ACCEPT 571K packets, 842M bytes)
pkts bytes target prot opt in out source destination
571K 842M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
Chain POSTROUTING (policy ACCEPT 411K packets, 25M bytes)
pkts bytes target prot opt in out source destination
425K 26M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
14162 994K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
754 95787 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0protocol BITTORRENT MARK set 0x1
411K 25M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
Chain INPUT (policy ACCEPT 555K packets, 819M bytes)
pkts bytes target prot opt in out source destination
16021 23M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x1
************* Download torrent using rtorrent *********************
Chain PREROUTING (policy ACCEPT 539K packets, 818M bytes)
pkts bytes target prot opt in out source destination
539K 818M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
Chain POSTROUTING (policy ACCEPT 17748 packets, 1164K bytes)
pkts bytes target prot opt in out source destination
489K 30M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
472K 28M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
103 12841 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0protocol BITTORRENT MARK set 0x1
17748 1164K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
Chain INPUT (policy ACCEPT 19196 packets, 27M bytes)
pkts bytes target prot opt in out source destination
520K 792M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x1
from ndpi-netfilter.
Same torrent? If so, It looks like ndpi cannot deal with the way aria2 downloads the torrent. Could you set a default DROP rule on INPUT chain and accept only the marked ones?
from ndpi-netfilter.
I tried with default DROP and allow ndpi marked torrent traffic. But it drops all the packets, because DROP rule is in layer 4 and ndpi marking is at layer7. As Drop rule cannot identify layer 7 marks it DRO everything, So it's not possible to mark torrent traffic at layer4.
from ndpi-netfilter.
Could you dump the input chain? also make sure that you have a related, established rule set on input chain.
from ndpi-netfilter.
I've just tried aria2c and yes, this client passes ndpi inspection successfully. I think this is a matter of ndpi library protocol dissection. You could solve this by sending a pcap file to ndpi developers in order to fix this issue, if possible...
from ndpi-netfilter.
Same question as @rsweerarathna. I used -j ACCEPT
just to make sure if ndpi-netfilter
could recognise the BT traffic but no luck. The counters were always 0.
With ndpiReader
, torrent matching works perfectly fine.
from ndpi-netfilter.
Hi bitolj and kong156,
nDPI version 1.8 has released. But ndpi-netfilter is still using old version. Are you not going to update the code? I like to contribute to update it with latest nDPI library. I tried to compile with new library but couldn't. It needs some code change, right? If you are not going to update the code, Please give some necessary instructions me to update it.
from ndpi-netfilter.
Hi,
I'm working on it in this week. I can build the binaries now, but I'm reviewing
the spinlocks calls.
2016-06-16 3:05 GMT-04:00 rsweerarathna [email protected]:
Hi bitolj and kong156,
nDPI version 1.8 has released. But ndpi-netfilter is still using old
version. Are you not going to update the code? I like to contribute to
update it with latest nDPI library. I tried to compile with new library but
couldn't. It needs some code change, right? If you are not going to update
the code, Please give some necessary instructions me to update it.—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#25 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AEBma2oSVcuKF4b1oqeW7cXTQrGSTrNaks5qMPW_gaJpZM4HtcWS
.
from ndpi-netfilter.
Good to hear that, im eagerly waiting for it. What are the improvments made in ndpi-netfilter? I mean max no of rules, performance,etc. New nDPI has some new protocols and improved decectors. But what about the performance and scalability?
from ndpi-netfilter.
@betolj I was wondering if there is a version of OS and kernel that is not affected by:
#11 (comment) ?
from ndpi-netfilter.
Try the lastest ndpi-netfilter update (v3.0).
- You can load with debug messages (but avoid it in a production environment)
modprobe xt_ndpi debug_dpi=1
from ndpi-netfilter.
The encrypted bittorrent traffic detection does not work well.
from ndpi-netfilter.
Good results with ktorrent without encrypt option.
No kernel panics (spin_lock fix).
from ndpi-netfilter.
Related Issues (20)
- Bandwidth Control on Microsoft Edge for Youtube
- Kernel Panic when you have high traffic volume. HOT 5
- Kernel Panic in high traffic volume.
- stdio.h: No such file or directory
- nf_ct_is_untracked HOT 6
- How to accept specific protocol and drop the other HOT 10
- Potential access to invalid nf_conn memory HOT 1
- Compatible with nDPI 2.4 ? HOT 2
- Problem with Ubuntu 18 HOT 6
- Cannot copy libxt_ndpi.so to /lib/xtables/ and gives an error "cp: cannot create regular file '/lib/xtables/': Not a directory" HOT 8
- Alpine Linux HOT 1
- Unable to install ndpi in debian 8 as well as no iptables rules are applied, giving an error such as iptables: No chain/target/match by that name. HOT 3
- Unknown Symbol when trying to insert the module HOT 1
- error running this cmnd sudo NDPI_PATH=/usr/src/ndpi-netfilter-master/nDPI make HOT 6
- ndpi-netfilter
- can not install the nDPI module for the given Linux kernel HOT 1
- Feature request: support nftables
- Drop a protocol/application for a specific mac address
- Facebook, Youtube and other protocols are not always detected
- not work on bridge
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ndpi-netfilter.