Task #8077
openplugins: ndpi 5.0.0 not supported
Added by jun yuan 8 months ago. Updated about 1 month ago.
Description
Which nDPI version should be used for installation?
Compile using the following command:
./configure --enable-nfqueue --enable-ndpi --with-ndpi=/root/ndpisuri/nDPI-dev
ERROR:
See the attachment
Files
| 20251104-094241.png (95.2 KB) 20251104-094241.png | ERROR | jun yuan, 11/04/2025 01:44 AM | |
| d314b8ad-f0bf-453b-b1ea-88753e8f27e0.png (26.5 KB) d314b8ad-f0bf-453b-b1ea-88753e8f27e0.png | ERROR | jun yuan, 11/05/2025 09:07 AM | |
| 20251106-083819.png (21.2 KB) 20251106-083819.png | ERROR | jun yuan, 11/06/2025 12:41 AM | |
| 20251106-083701.png (72 KB) 20251106-083701.png | ERROR | jun yuan, 11/06/2025 12:41 AM |
JY Updated by jun yuan 8 months ago Actions #2
Jason Ish wrote in #note-1:
Our CI currently tests 4.12. I'm just doing a test now with 4.14. It looks like nDPI 5.0 was just released, however with breaking changes.
TKS.
Using version 4.12, there is still an error during installation
ERROR:
See the attachment
JI Updated by Jason Ish 8 months ago Actions #3
We test 4.12 in CI, and have a PR upgrading that test to 4.14, and all seems OK. You can see our GitHub action here:
https://github.com/OISF/suricata/blob/main/.github/workflows/builds.yml#L722
Can you think of anything else that might be influencing this on your system? I tested with old headers in the /usr/local/include, and when building in-tree it does appear to correctly pickup the headers it is being built from.
Testing our main branch, as well as a build from the 8.0.1 release package.
JY Updated by jun yuan 8 months ago · Edited Actions #4
- File 20251106-083819.png 20251106-083819.png added
- File 20251106-083701.png 20251106-083701.png added
TKS.
I searched up and found 2 more errors. Are they related to the final error?
cargo 1.87.0
suricata-8.0.1
nDPI-4.12-stable
ERROR:
See the attachment
--------------
I have corrected the code based on the error, and now it can be installed
EIDT: /suricata-8.0.1/plugins/ndpi/ndpi.c 533 line
const SCPlugin PluginRegistration = {
.version = 2048,
.suricata_version = "8.0.1",
VJ Updated by Victor Julien 6 months ago Actions #7
- Status changed from New to Feedback
- Assignee changed from OISF Dev to Community Ticket
We do not plan to work on this. It would be great if ntop can address this, or otherwise someone in the community.
Updated by Anonymous 6 months ago
Actions
#8
It seems that nDPI says:
"This is a change that has to be done on Suricata" (https://github.com/ntop/nDPI/issues/3072)
TR Updated by Tony Robinson 4 months ago Actions #9
Anonymous wrote in #note-8:
It seems that nDPI says:
"This is a change that has to be done on Suricata" (https://github.com/ntop/nDPI/issues/3072)
I don't know if my opinion carries any weight, or means anything, but Looking at the 5.0 release notes shows a lot of really cool options for making custom ndpi detectors, not to mention the release expands the number of protocol detectors dramatically. I know that some of these features overlap with what Suricata can already do, but some of them are quite nice. I would love to see support for 5.0 in the future. If I had the skill to fix it myself I would, but I don't. I just want to say that I would love to see this revisited some point later on, if at all possible.
KS Updated by Karim Shammas about 1 month ago Actions #10
I would like to claim this ticket if possible. How should I proceed? I have a working version with ndpi-5
JI Updated by Jason Ish about 1 month ago Actions #11
Karim Shammas wrote in #note-10:
I would like to claim this ticket if possible. How should I proceed? I have a working version with ndpi-5
I suppose a start would be updating the plugin in our main branch to use version 5, or take a look at externalizing it from our source code. It would make sense for this plugin to support NDPI v5 for the next major version of Suricata.
However, we may also look into removing the plugin from our source tree so it can live and be updated independently.
JT Updated by Jason Taylor about 1 month ago Actions #12
Tony Robinson wrote in #note-9:
Anonymous wrote in #note-8:
It seems that nDPI says:
"This is a change that has to be done on Suricata" (https://github.com/ntop/nDPI/issues/3072)
I don't know if my opinion carries any weight, or means anything, but Looking at the 5.0 release notes shows a lot of really cool options for making custom ndpi detectors, not to mention the release expands the number of protocol detectors dramatically. I know that some of these features overlap with what Suricata can already do, but some of them are quite nice. I would love to see support for 5.0 in the future. If I had the skill to fix it myself I would, but I don't. I just want to say that I would love to see this revisited some point later on, if at all possible.
Just to bump the interest in version 5 support. We are interested in seeing this supported as well. Happy to help, as needed.
JI Updated by Jason Ish about 1 month ago Actions #13
- Blocks Feature #8594: Logging Tcp fingerprints from the ndpi 5 plugin added