Task #8077
openplugins: ndpi 5.0.0 not supported
Description
Which nDPI version should be used for installation?
Compile using the following command:
./configure --enable-nfqueue --enable-ndpi --with-ndpi=/root/ndpisuri/nDPI-dev
ERROR:
See the attachment
Files
JI Updated by Jason Ish 7 months ago
We test 4.12 in CI, and have a PR upgrading that test to 4.14, and all seems OK. You can see our GitHub action here:
https://github.com/OISF/suricata/blob/main/.github/workflows/builds.yml#L722
Can you think of anything else that might be influencing this on your system? I tested with old headers in the /usr/local/include, and when building in-tree it does appear to correctly pickup the headers it is being built from.
Testing our main branch, as well as a build from the 8.0.1 release package.
JY Updated by jun yuan 7 months ago · Edited
- File 20251106-083819.png 20251106-083819.png added
- File 20251106-083701.png 20251106-083701.png added
TKS.
I searched up and found 2 more errors. Are they related to the final error?
cargo 1.87.0
suricata-8.0.1
nDPI-4.12-stable
ERROR:
See the attachment
--------------
I have corrected the code based on the error, and now it can be installed
EIDT: /suricata-8.0.1/plugins/ndpi/ndpi.c 533 line
const SCPlugin PluginRegistration = {
.version = 2048,
.suricata_version = "8.0.1",
VJ Updated by Victor Julien 5 months ago
- Status changed from New to Feedback
- Assignee changed from OISF Dev to Community Ticket
We do not plan to work on this. It would be great if ntop can address this, or otherwise someone in the community.
Updated by Anonymous 5 months ago
It seems that nDPI says:
"This is a change that has to be done on Suricata" (https://github.com/ntop/nDPI/issues/3072)
TR Updated by Tony Robinson 4 months ago
Anonymous wrote in #note-8:
It seems that nDPI says:
"This is a change that has to be done on Suricata" (https://github.com/ntop/nDPI/issues/3072)
I don't know if my opinion carries any weight, or means anything, but Looking at the 5.0 release notes shows a lot of really cool options for making custom ndpi detectors, not to mention the release expands the number of protocol detectors dramatically. I know that some of these features overlap with what Suricata can already do, but some of them are quite nice. I would love to see support for 5.0 in the future. If I had the skill to fix it myself I would, but I don't. I just want to say that I would love to see this revisited some point later on, if at all possible.
KS Updated by Karim Shammas 20 days ago
I would like to claim this ticket if possible. How should I proceed? I have a working version with ndpi-5
JI Updated by Jason Ish 20 days ago
Karim Shammas wrote in #note-10:
I would like to claim this ticket if possible. How should I proceed? I have a working version with ndpi-5
I suppose a start would be updating the plugin in our main branch to use version 5, or take a look at externalizing it from our source code. It would make sense for this plugin to support NDPI v5 for the next major version of Suricata.
However, we may also look into removing the plugin from our source tree so it can live and be updated independently.
JT Updated by Jason Taylor 17 days ago
Tony Robinson wrote in #note-9:
Anonymous wrote in #note-8:
It seems that nDPI says:
"This is a change that has to be done on Suricata" (https://github.com/ntop/nDPI/issues/3072)
I don't know if my opinion carries any weight, or means anything, but Looking at the 5.0 release notes shows a lot of really cool options for making custom ndpi detectors, not to mention the release expands the number of protocol detectors dramatically. I know that some of these features overlap with what Suricata can already do, but some of them are quite nice. I would love to see support for 5.0 in the future. If I had the skill to fix it myself I would, but I don't. I just want to say that I would love to see this revisited some point later on, if at all possible.
Just to bump the interest in version 5 support. We are interested in seeing this supported as well. Happy to help, as needed.
JI Updated by Jason Ish 16 days ago
- Blocks Feature #8594: Logging Tcp fingerprints from the ndpi 5 plugin added