1. Advisor
  2. nfstream
  3. functions
  4. nfstream.ndpi_bindings.ndpi.ndpi_detection_giveup
View all nfstream analysis

How to use the nfstream.ndpi_bindings.ndpi.ndpi_detection_giveup function in nfstream

To help you get started, we’ve selected a few nfstream examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github aouinizied / nfstream / nfstream / classifier.py View on Github external
def on_flow_terminate(self, flow):
        NFStreamClassifier.on_flow_terminate(self, flow)
        if flow.classifiers[self.name]['detected_protocol'].app_protocol == 0 and \
                flow.classifiers[self.name]['guessed'] == 0:  # didn't reach max and still unknown, so give up!
            flow.classifiers[self.name]['detected_protocol'] = ndpi.ndpi_detection_giveup(
                self.mod,
                byref(flow.classifiers[self.name]['ndpi_flow']),
                1,
                cast(addressof(c_uint8(0)), POINTER(c_uint8))
            )
            flow.classifiers[self.name]['guessed'] = 1

        master_name = self.str(
            ndpi.ndpi_get_proto_name(self.mod, flow.classifiers[self.name]['detected_protocol'].master_protocol)
        )
        app_name = self.str(
            ndpi.ndpi_get_proto_name(self.mod, flow.classifiers[self.name]['detected_protocol'].app_protocol)
        )
        category_name = self.str(
            ndpi.ndpi_category_get_name(self.mod, flow.classifiers[self.name]['detected_protocol'].category)
        )
github aouinizied / nfstream / nfstream / classifier.py View on Github external
cast(cast(c_char_p(packet_information.raw), c_void_p), POINTER(c_uint8)),
                len(packet_information.raw),
                int(packet_information.timestamp),
                flow.classifiers[self.name]['src_id'],
                flow.classifiers[self.name]['dst_id']
            )

            enough_packets = ((flow.ip_protocol == 6) and ((flow.src_to_dst_pkts + flow.dst_to_src_pkts) >
                                                           self.max_num_tcp_dissected_pkts)) or \
                             ((flow.ip_protocol == 17) and ((flow.src_to_dst_pkts + flow.dst_to_src_pkts) >
                                                            self.max_num_udp_dissected_pkts))

            if enough_packets and flow.classifiers[self.name]['detected_protocol'].app_protocol == 0:
                # we reach max and still unknown, so give up!
                flow.classifiers[self.name]['detection_completed'] = 1
                flow.classifiers[self.name]['detected_protocol'] = ndpi.ndpi_detection_giveup(
                    self.mod,
                    byref(flow.classifiers[self.name]['ndpi_flow']),
                    1,
                    cast(addressof(c_uint8(0)), POINTER(c_uint8))
                )
                flow.classifiers[self.name]['guessed'] = 1
            # you can change flow.export_reason to a value > 2 and the flow will be terminated automatically

nfstream

A Flexible Network Data Analysis Framework

GitHub
LGPL-3.0
Latest version published 2 years ago

Package Health Score

36 / 100
Full package analysis

Popular nfstream functions

Similar packages