Support PF_RING and read/parse configuration files

• Bump jsmn and uthash
• Read and parse configuration files for nDPId (+ libnDPI) and nDPIsrvd
• Added loading risk domains from a file (-R, thanks to @UnveilTech)
• Added Filebeat configuration file
• Improved hostname handling; will now always be part of analyse/end/idle events (if dissected)
• Improved Documentation (INSTALL / Schema)
• Added PF_RING support
• Improved nDPIsrvd-analyse to write global stats to a CSV
• Added global (heap) memory stats for daemon status events (if enabled)
• Fixed IPv6 address/netmask retrieval on some systems
• Improved nDPIsrvd-collect; gauges and counters are now handled the right way
• Added nDPId Grafana dashboard
• Fixed detection-update event bug; was thrown even if nothing changed
• Fixed not-detected event spam if detection not completed (in some rare cases)
• Improved InfluxDB push daemon (severity parsing / gauge handling)
• Improved zLib compression
• Fixed nDPIsrvd-collectd missing escape character

OpenWrt, OSX and *BSD Support

• Added Event I/O abstraction layer (supporting only poll/epoll by now)
• Support for OSX and *BSD systems
• Added proper DLT_RAW dissection for IPv4 and IPv6
• Improved TCP timeout handling if FIN/RST seen which caused Midstream TCP flows when there shouldn't be any
• Fixed a crash if nDPId -o value='' was used
• Added OpenWrt packaging
• Added new flow event "analyse" used to give some statistical information about active flows
• Added new analyse event daemon which generates CSV files from such events
• Fixed a crash in nDPIsrvd if a collector closes a connection
• Support nDPId to send it's data to a UDP endpoint instead of a nDPIsrvd collector
• Added events and flow states documentation
• Added basic systemd support
• Fixed a bug in base64 encoding which could lead to invalid base64 strings
• Added some machine learning examples
• Fixed various smaller bugs
• Fixed nDPIsrvd bug which causes invalid JSON strings sent to Distributors

1.5: Major nDPId extension and bugfixes

• Improved nDPId cross compilation
• zLib flow memory compression (Experimental!)
• Memory profiling for nDPId-test
• JSMN with parent link support for subtoken iteration
• Refactored nDPIsrvd buffer and buffer bloat handling
• Upgraded JSMN/uthash
• Improved nDPIsrvd.(h|py) debugging capability for client apps
• Advanced flow usage logging usable for memory profiling
• Support for dissection additional layer2/layer3 protocols
• Serialize more JSON information
• Add TCP/IP support for nDPIsrvd
• Improved nDPIsrvd connection lost behaviour
• Reworked Python/C distributor API
• Support read()/recv() timeouts and nonblocking I/O

1.4: Unified IO buffer mgmt.

 * nDPId: use layer4 specific flow timeouts
 * nDPId: reworked layer4 flow length names and calculations (use only layer4 payload w/o any previous headers)
 * build system cleanup and cosmetics

Added missing datalink types.

1.3

Added missing datalink types.

OpenWrt compatible build system.

Signed-off-by: Toni Uhlig <[email protected]>

Added license information.

Added GPL-3 License.

Signed-off-by: Toni Uhlig <[email protected]>

First public release.

Clone nDPI as submodule via CMake (if BUILD_NDPI=ON).

Signed-off-by: Toni Uhlig <[email protected]>