nDPId Docker Image for deep packet inspection. As described in nDPId, we split the image into producer and consumer image for a more generic purpose. For the producer, the image starts the UNIX and UDP socket and nDPId respectively. Via environment variables, users can adapt the nDPId daemon and nDPIsrvd. As by now, we support all current nDPId parameters.
| Live Notebook |
|
| Latest Release |
|
| Supported Versions |
|
| Project License |
|
| Continuous Integration |
|
Install using PyPi:
pip install heiDPIUse the CLI for quick usage:
> heiDPI -h
usage: heiDPI [-h] [--host HOST | --unix UNIX] [--port PORT] [--write WRITE] [--config CONFIG] [--show-daemon-events SHOW_DAEMON_EVENTS] [--show-packet-events SHOW_PACKET_EVENTS] [--show-error-events SHOW_ERROR_EVENTS] [--show-flow-events SHOW_FLOW_EVENTS]
heiDPI Python Interface
options:
-h, --help show this help message and exit
--host HOST nDPIsrvd host IP (default: None)
--unix UNIX nDPIsrvd unix socket path (default: None)
--port PORT nDPIsrvd TCP port (default: 7000)
--write WRITE heiDPI write path for logs (default: /var/log)
--config CONFIG heiDPI write path for logs (default: /home/smachmeier/projects/emcl/heiDPI/config.yml)
--show-daemon-events SHOW_DAEMON_EVENTS
heiDPI shows daemon events (default: 0)
--show-packet-events SHOW_PACKET_EVENTS
heiDPI shows packet events (default: 0)
--show-error-events SHOW_ERROR_EVENTS
heiDPI shows error events (default: 0)
--show-flow-events SHOW_FLOW_EVENTS
heiDPI shows flow events (default: 0)
In order to run this container you'll need docker installed.
Pull images:
docker pull stefan96/heidpi-producer:main
docker pull stefan96/heidpi-consumer:mainRun producer and consumer separately from each other using UDP socket:
docker run -p 127.0.0.1:7000:7000 --net host stefan96/heidpi-producer:main
docker run -e HOST=127.0.0.1 --net host stefan96/heidpi-consumer:mainor use the docker-compose.yml:
docker-compose upAdditionally, you use a UNIX socket:
docker run -v ${PWD}/heidpi-data:/tmp/ --net host stefan96/heidpi-producer:main
docker run -v ${PWD}/heidpi-data:/tmp/ -v ${PWD}/heidpi-logs:/var/log -e UNIX=/tmp/nDPIsrvd-daemon-distributor.sock --net host stefan96/heidpi-consumer:main| Variable | Type | Default |
|---|---|---|
UNIX |
string |
|
HOST |
string |
|
PORT |
int |
7000 |
JSON_PATH |
string |
/var/log/nDPIdsrvd.json |
SHOW_ERROR_EVENTS |
int |
0 |
SHOW_DAEMON_EVENTS |
int |
0 |
SHOW_PACKET_EVENTS |
int |
0 |
SHOW_FLOW_EVENTS |
int |
1 |
MAX_BUFFERED_LINES |
int |
1024 |
You can change the default configuration by mounting a config file /usr/src/app/config.yml:
flow_event:
ignore_fields: []
flow_event_name:
- update
- end
- idle
- detected
filename: flow_event
threads: 25This project is licensed under the GPL-3.0 license - see the LICENSE.md file for details.