Content-Length: 283077 | pFad | http://github.com/OISF/suricata/pull/12476/commits/2b16f3ace762a2b71f94148a769d61cd2c81b802

DA ndpi: ndpi as a plugin - v6 by jasonish · Pull Request #12476 · OISF/suricata · GitHub
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ndpi: ndpi as a plugin - v6 #12476

Closed
wants to merge 7 commits into from
Closed

ndpi: ndpi as a plugin - v6 #12476

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c5d032a
ndpi: initial implementation of nDPI plugin
cardigliano Nov 4, 2024
2b16f3a
github-ci: add ndpi build to the centos-stream9 build
jasonish Jan 15, 2025
0f6a936
eve/schema: add top level ndpi object
jasonish Jan 15, 2025
120f082
ndpi: check for flow earlier in eve callback
jasonish Jan 16, 2025
9954e18
detect: split new keyword id from registration
jasonish Jan 17, 2025
3258704
doc/ndpi: add note about requires keyword
jasonish Jan 24, 2025
26611f6
ndpi: fix memory in keyword setup
jasonish Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
github-ci: add ndpi build to the centos-stream9 build 
- Download and build nDPI
- Enable nDPI during Suricata ./configure
- Test that the plugin was built and installed
  • Loading branch information
@jasonish
jasonish committed Jan 24, 2025
commit 2b16f3ace762a2b71f94148a769d61cd2c81b802
14 changes: 13 additions & 1 deletion .github/workflows/builds.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -628,9 +628,19 @@ jobs:
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: dist

- name: Build and install nDPI
run: |
curl -OL https://github.com/ntop/nDPI/archive/refs/tags/4.12.tar.gz
tar xvf 4.12.tar.gz
cd nDPI-4.12
./autogen.sh
./configure
make -j ${{ env.CPUS }}

- run: tar zxvf suricata-*.tar.gz --strip-components=1
- name: ./configure
run: CFLAGS="${DEFAULT_CFLAGS}" ./configure
run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-ndpi --with-ndpi=$(pwd)/nDPI-4.12
- run: make -j ${{ env.CPUS }}
- run: make install
- run: make install-conf
Expand All @@ -648,6 +658,8 @@ jobs:
with:
name: prep
path: prep
- name: Check if the nDPI plugin was installed
run: test -e /usr/local/lib/suricata/ndpi.so
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should run some pcap with it like https://github.com/OISF/suricata/pull/12471/files#diff-a76cf7978f0a981f911e8d68d2351a72a268977304612226433df4fb8203b06fR194 (this is done for other plugins of yours if I am correct)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Every S-V test that doesn't specify a custom suricata.yaml is run with this plugin enabled. Which is why we needed the entry in the schema.

- run: tar xf prep/suricata-verify.tar.gz
- run: python3 ./suricata-verify/run.py -q --debug-failed
- run: suricata-update -V
Expand Down








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/OISF/suricata/pull/12476/commits/2b16f3ace762a2b71f94148a769d61cd2c81b802

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy