(Copied to ntop-dev, where it belongs) There's a difference between matching patterns - which teaches you something about the packet, and acting on that knowledge.
Patterns - by definition - are dynamic. What ids something today as Skype or any other protocol for that matter can change overnight. Hence the dynamic pattern matching code. What you do with the knowledge - incorporating it into ntop's web pages - takes coding. The skype code in report.c is an example of this. Could you build it more dynamically - sure. Just create a set of tuples via command line switches or an input file: (protocol, icon) (protocol, icon) ... Load that structure into memory and replace the code in report.c with code that uses the new structure. Now you could display custom icons for all custom L7 protocols. But that's not what is in the code. Feel free to work on this and send it on for inclusion into ntop! Ntop-dev is the place to ask questions about coding, for hints, etc. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, May 18, 2006 8:07 AM To: [EMAIL PROTECTED] Subject: [Ntop] pattern matching Thanks for your reply. I didn't want to send any more coding level posts to the list, so I contacted you directly. I also followed the code to the same point you did, but I didn't understand why you check the payload for all the patterns present in l7-patterns, if you are only interested in skype protocol. Doesn't ntop report the rest of the matches in any way? /Michal 2006/5/18, Burton Strauss <[EMAIL PROTECTED]>: > (1) Please move coding level discussions into ntop-dev. > > (2) Read the code ... The match goes in here: > > if(proto) > theSession->guessed_protocol = strdup(proto); > > So follow guessed_protocol. I think the only thing done with it now is > Skype: > > > if((session->guessed_protocol != NULL) > && session->voipSession > && strstr(session->guessed_protocol, "skype")) > voipStr = "/skype.gif"; > else if(session->voipSession) > voipStr = " <VoIP>"; > else > voipStr = ""; > > > -----Burton > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Thursday, May 18, 2006 6:59 AM > To: [email protected] > Subject: [Ntop] pattern matching > > Hello, > > I wanted to do some pattern matching on the packets' payload. I've added a > file with my pattern to l7-patterns and confirmed that ntop loads it during > startup. What's more I've put some debugging lines in l7.c, in the > l7SessionProtoDetection function to see if the pattern is really detected. > The problem is I don't know where the information about the detected > protocol goes after that. I couldn't find it anywhere on the pages generated > by ntop. Any ideas? > > /Michal > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
