OpenDPI and Netfilter

OpenDPI and Netfilter

[Laurent B.]

Dear all,

is there a way to connect netfilter/iptables with opendpi ? something
like -m ndpi --dpi-protocol p2p -j DROP ?

I saw the opendpi-netfilter project which seems to be no longer
maintened and which do not compile with recent kernel.

An idea ? If nothing is existing, do you think it can be useful to
(re)develop such a connector ?

Thank you,

Laurent

Re: OpenDPI and Netfilter

[Michael Schwartzkopff]

[-- Attachment #1: Type: text/plain, Size: 1164 bytes --]

Am Mittwoch, 4. November 2015, 10:27:46 schrieb Laurent B.:
> Dear all,
> 
> is there a way to connect netfilter/iptables with opendpi ? something
> like -m ndpi --dpi-protocol p2p -j DROP ?
> 
> I saw the opendpi-netfilter project which seems to be no longer
> maintened and which do not compile with recent kernel.
> 
> An idea ? If nothing is existing, do you think it can be useful to
> (re)develop such a connector ?
> 
> Thank you,
> 
> Laurent

Hi,

do not know exactly about opendpi, but about a year ago we tested the DPI 
libraries of ntop-ng.

With some patching it works quite good with netfilter / traffic control. We wrote 
down our finding in the German journal iX (https://shop.heise.de/katalog/tiefe-einsichten, sorry paywalled)

It works quite good.

Please mail me if you need more info.

Mit freundlichen Grüßen,

Michael Schwartzkopff

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 230 bytes --]

OpenDPI and Netfilter

[Bernhard Thaler]

Hi,

have a look at this:

-> https://github.com/betolj/ndpi-netfilter

It seems to be one of the most recent / active netfilter-ndpi
implementations and as far as I see does not require patching of the
Kernel for using it...at least in my tests it worked without patching
the Kernel on a Debian Jessie box if I remember correctly.

Also have a look at this one:

-> https://github.com/vel21ripn/nDPI

It seems to be recent/active as well but unfortunately I did not have
time to test it yet.

Regards,
Bernhard

Re: OpenDPI and Netfilter

[Michael Schwartzkopff]

[-- Attachment #1: Type: text/plain, Size: 913 bytes --]

Am Donnerstag, 5. November 2015, 19:09:39 schrieben Sie:
> Hi,
> 
> have a look at this:
> 
> -> https://github.com/betolj/ndpi-netfilter
> 
> It seems to be one of the most recent / active netfilter-ndpi
> implementations and as far as I see does not require patching of the
> Kernel for using it...at least in my tests it worked without patching
> the Kernel on a Debian Jessie box if I remember correctly.

Yes. That is the one we were using. Luca Deri from ntop-ng is behind this one. 
We needed to patch it if we wanted to check for a specific audio codec in RDP.

Mit freundlichen Grüßen,

Michael Schwartzkopff

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 230 bytes --]