nDPI as iptables module(ndpi-netfilter) on Orange PI.

By | 15.03.2017

There are many OpenDPI based implementations and their versions. There are many ndpi-netfilter implementations and versions too. But I found only one that works pretty well on Orange PI.
I’ve tested it on Orange PI Plus and Armbian.

I’ve searched a lot for working nDPI so now I don’t know how many additional packages you will need to compile it.
I know exactly that you will need this packages:

apt-get install libtool libpcap-dev iptables-dev

But maybe you will need this in addition:

apt-get install conntrack libnetfilter-conntrack-dev

Now the main part.
First, download and extract all sources.

cd /home/root
wget https://github.com/betolj/ndpi-netfilter/archive/master.zip -O ndpi-netfilter-master.zip
unzip ndpi-netfilter-master.zip
cd ndpi-netfilter-master
tar -xvzf nDPI.tar.gz

Second, preconfig nDPI and compile iptables module.

cd nDPI
./autogen.sh
cd ..
NDPI_PATH=/home/root/ndpi-netfilter-master/nDPI make
make modules_install

Finally, copy iptables module and test it.

cp ipt/libxt_ndpi.so /lib/xtables/ 
iptables -m ndpi --help
Test output
iptables v1.4.21

Usage: iptables -[ACD] chain rule-specification [options] iptables -I chain [rulenum] rule-specification [options] iptables -R chain rulenum rule-specification [options] iptables -D chain rulenum [options] iptables -[LS] [chain [rulenum]] [options] iptables -[FZ] [chain] [options] iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options] iptables -h (print this help information)

Commands:
Either long or short options are allowed.
–append -A chain Append to chain
–check -C chain Check for the existence of a rule
–delete -D chain Delete matching rule from chain
–delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
–insert -I chain [rulenum] Insert in chain as rulenum (default 1=first)
–replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
–list -L [chain [rulenum]] List the rules in a chain or all chains
–list-rules -S [chain [rulenum]] Print the rules in a chain or all chains
–flush -F [chain] Delete all rules in chain or all chains
–zero -Z [chain [rulenum]] Zero counters in chain or all chains
–new -N chain Create a new user-defined chain
–delete-chain
-X [chain] Delete a user-defined chain
–policy -P chain target
Change policy on chain to target
–rename-chain
-E old-chain new-chain
Change chain name, (moving any references)
Options:
–ipv4 -4 Nothing (line is ignored by ip6tables-restore)
–ipv6 -6 Error (line is ignored by iptables-restore)
[!] –protocol -p proto protocol: by number or name, eg. `tcp’
[!] –source -s address[/mask][…] source specification
[!] –destination -d address[/mask][…] destination specification
[!] –in-interface -i input name[+] network interface name ([+] for wildcard)
–jump -j target
target for rule (may load target extension)
–goto -g chain
jump to chain with no return
–match -m match
extended match (may load extension)
–numeric -n numeric output of addresses and ports
[!] –out-interface -o output name[+] network interface name ([+] for wildcard)
–table -t table table to manipulate (default: `filter’)
–verbose -v verbose mode
–wait -w wait for the xtables lock
–line-numbers print line numbers when listing
–exact -x expand numbers (display exact values)
[!] –fragment -f match second or further fragments only
–modprobe= try to insert modules using this command
–set-counters PKTS BYTES set the counter during insert/append
[!] –version -V print package version.

ndpi match options:
–ftp Match for FTP_CONTROL protocol packets.
–pop Match for MAIL_POP protocol packets.
–smtp Match for MAIL_SMTP protocol packets.
–imap Match for MAIL_IMAP protocol packets.
–dns Match for DNS protocol packets.
–ipp Match for IPP protocol packets.
–http Match for HTTP protocol packets.
–mdns Match for MDNS protocol packets.
–ntp Match for NTP protocol packets.
–netbios Match for NETBIOS protocol packets.
–nfs Match for NFS protocol packets.
–ssdp Match for SSDP protocol packets.
–bgp Match for BGP protocol packets.
–snmp Match for SNMP protocol packets.
–xdmcp Match for XDMCP protocol packets.
–smb Match for SMB protocol packets.
–syslog Match for SYSLOG protocol packets.
–dhcp Match for DHCP protocol packets.
–postgres Match for POSTGRES protocol packets.
–mysql Match for MYSQL protocol packets.
–hotmail Match for HOTMAIL protocol packets.
–directdownload Match for DIRECT_DOWNLOAD_LINK protocol packets.
–pops Match for MAIL_POPS protocol packets.
–applejuice Match for APPLEJUICE protocol packets.
–directconnect Match for DIRECTCONNECT protocol packets.
–socrates Match for SOCRATES protocol packets.
–coap Match for COAP protocol packets.
–vmware Match for VMWARE protocol packets.
–smtps Match for MAIL_SMTPS protocol packets.
–filetopia Match for FILETOPIA protocol packets.
–ubntac2 Match for UBNTAC2 protocol packets.
–kontiki Match for KONTIKI protocol packets.
–openft Match for OPENFT protocol packets.
–fasttrack Match for FASTTRACK protocol packets.
–gnutella Match for GNUTELLA protocol packets.
–edonkey Match for EDONKEY protocol packets.
–bittorrent Match for BITTORRENT protocol packets.
–epp Match for EPP protocol packets.
–avi Match for AVI protocol packets.
–flash Match for FLASH protocol packets.
–ogg Match for OGG protocol packets.
–mpeg Match for MPEG protocol packets.
–quicktime Match for QUICKTIME protocol packets.
–realmedia Match for REALMEDIA protocol packets.
–windowsmedia Match for WINDOWSMEDIA protocol packets.
–mms Match for MMS protocol packets.
–xbox Match for XBOX protocol packets.
–qq Match for QQ protocol packets.
–move Match for MOVE protocol packets.
–rtsp Match for RTSP protocol packets.
–imaps Match for MAIL_IMAPS protocol packets.
–icecast Match for ICECAST protocol packets.
–pplive Match for PPLIVE protocol packets.
–ppstream Match for PPSTREAM protocol packets.
–zattoo Match for ZATTOO protocol packets.
–shoutcast Match for SHOUTCAST protocol packets.
–sopcast Match for SOPCAST protocol packets.
–tvants Match for TVANTS protocol packets.
–tvuplayer Match for TVUPLAYER protocol packets.
–http_download Match for HTTP_DOWNLOAD protocol packets.
–qqlive Match for QQLIVE protocol packets.
–thunder Match for THUNDER protocol packets.
–soulseek Match for SOULSEEK protocol packets.
–ssl_no_cert Match for SSL_NO_CERT protocol packets.
–irc Match for IRC protocol packets.
–ayiya Match for AYIYA protocol packets.
–unencryped_jabber Match for UNENCRYPED_JABBER protocol packets.
–msn Match for MSN protocol packets.
–oscar Match for OSCAR protocol packets.
–yahoo Match for YAHOO protocol packets.
–battlefield Match for BATTLEFIELD protocol packets.
–quake Match for QUAKE protocol packets.
–vrrp Match for VRRP protocol packets.
–steam Match for STEAM protocol packets.
–halflife2 Match for HALFLIFE2 protocol packets.
–worldofwarcraft Match for WORLDOFWARCRAFT protocol packets.
–telnet Match for TELNET protocol packets.
–stun Match for STUN protocol packets.
–ipsec Match for IPSEC protocol packets.
–gre Match for GRE protocol packets.
–icmp Match for ICMP protocol packets.
–igmp Match for IGMP protocol packets.
–egp Match for EGP protocol packets.
–sctp Match for SCTP protocol packets.
–ospf Match for OSPF protocol packets.
–ipip Match for IP_IN_IP protocol packets.
–rtp Match for RTP protocol packets.
–rdp Match for RDP protocol packets.
–vnc Match for VNC protocol packets.
–pcanywhere Match for PCANYWHERE protocol packets.
–ssl Match for SSL protocol packets.
–ssh Match for SSH protocol packets.
–usenet Match for USENET protocol packets.
–mgcp Match for MGCP protocol packets.
–iax Match for IAX protocol packets.
–tftp Match for TFTP protocol packets.
–afp Match for AFP protocol packets.
–stealthnet Match for STEALTHNET protocol packets.
–aimini Match for AIMINI protocol packets.
–sip Match for SIP protocol packets.
–truphone Match for TRUPHONE protocol packets.
–icmpv6 Match for ICMPV6 protocol packets.
–dhcpv6 Match for DHCPV6 protocol packets.
–armagetron Match for ARMAGETRON protocol packets.
–crossfire Match for CROSSFIRE protocol packets.
–dofus Match for DOFUS protocol packets.
–fiesta Match for FIESTA protocol packets.
–florensia Match for FLORENSIA protocol packets.
–guildwars Match for GUILDWARS protocol packets.
–http_application_activesync Match for HTTP_APPLICATION_ACTIVESYNC protocol packets.
–kerberos Match for KERBEROS protocol packets.
–ldap Match for LDAP protocol packets.
–maplestory Match for MAPLESTORY protocol packets.
–mssql Match for MSSQL_TDS protocol packets.
–pptp Match for PPTP protocol packets.
–warcraft3 Match for WARCRAFT3 protocol packets.
–world_of_kung_fu Match for WORLD_OF_KUNG_FU protocol packets.
–slack Match for SLACK protocol packets.
–facebook Match for FACEBOOK protocol packets.
–twitter Match for TWITTER protocol packets.
–dropbox Match for DROPBOX protocol packets.
–gmail Match for GMAIL protocol packets.
–google_maps Match for GOOGLE_MAPS protocol packets.
–youtube Match for YOUTUBE protocol packets.
–skype Match for SKYPE protocol packets.
–google Match for GOOGLE protocol packets.
–dcerpc Match for DCERPC protocol packets.
–netflow Match for NETFLOW protocol packets.
–sflow Match for SFLOW protocol packets.
–http_connect Match for HTTP_CONNECT protocol packets.
–http_proxy Match for HTTP_PROXY protocol packets.
–citrix Match for CITRIX protocol packets.
–netflix Match for NETFLIX protocol packets.
–lastfm Match for LASTFM protocol packets.
–waze Match for WAZE protocol packets.
–skyfile_prepaid Match for SKYFILE_PREPAID protocol packets.
–skyfile_rudics Match for SKYFILE_RUDICS protocol packets.
–skyfile_postpaid Match for SKYFILE_POSTPAID protocol packets.
–citrix_online Match for CITRIX_ONLINE protocol packets.
–apple Match for APPLE protocol packets.
–webex Match for WEBEX protocol packets.
–whatsapp Match for WHATSAPP protocol packets.
–apple_icloud Match for APPLE_ICLOUD protocol packets.
–viber Match for VIBER protocol packets.
–apple_itunes Match for APPLE_ITUNES protocol packets.
–radius Match for RADIUS protocol packets.
–windows_update Match for WINDOWS_UPDATE protocol packets.
–teamviewer Match for TEAMVIEWER protocol packets.
–tuenti Match for TUENTI protocol packets.
–lotusnotes Match for LOTUS_NOTES protocol packets.
–sap Match for SAP protocol packets.
–gtp Match for GTP protocol packets.
–upnp Match for UPNP protocol packets.
–llmnr Match for LLMNR protocol packets.
–remotescan Match for REMOTE_SCAN protocol packets.
–spotify Match for SPOTIFY protocol packets.
–webm Match for WEBM protocol packets.
–h323 Match for H323 protocol packets.
–openvpn Match for OPENVPN protocol packets.
–noe Match for NOE protocol packets.
–ciscovpn Match for CISCOVPN protocol packets.
–teamspeak Match for TEAMSPEAK protocol packets.
–tor Match for TOR protocol packets.
–skinny Match for SKINNY protocol packets.
–rtcp Match for RTCP protocol packets.
–rsync Match for RSYNC protocol packets.
–oracle Match for ORACLE protocol packets.
–corba Match for CORBA protocol packets.
–ubuntuone Match for UBUNTUONE protocol packets.
–whois_das Match for WHOIS_DAS protocol packets.
–collectd Match for COLLECTD protocol packets.
–socks Match for SOCKS protocol packets.
–ms_lync Match for MS_LYNC protocol packets.
–rtmp Match for RTMP protocol packets.
–ftpdata Match for FTP_DATA protocol packets.
–wikipedia Match for WIKIPEDIA protocol packets.
–zmq Match for ZMQ protocol packets.
–amazon Match for AMAZON protocol packets.
–ebay Match for EBAY protocol packets.
–cnn Match for CNN protocol packets.
–megaco Match for MEGACO protocol packets.
–redis Match for REDIS protocol packets.
–pando Match for PANDO protocol packets.
–vhua Match for VHUA protocol packets.
–telegram Match for TELEGRAM protocol packets.
–vevo Match for VEVO protocol packets.
–pandora Match for PANDORA protocol packets.
–quic Match for QUIC protocol packets.
–whatsapp_voice Match for WHATSAPP_VOICE protocol packets.
–eaq Match for EAQ protocol packets.
–git Match for GIT protocol packets.
–drda Match for DRDA protocol packets.
–kakaotalk Match for KAKAOTALK protocol packets.
–kakaotalk_voice Match for KAKAOTALK_VOICE protocol packets.
–twitch Match for TWITCH protocol packets.
–quickplay Match for QUICKPLAY protocol packets.
–opendns Match for OPENDNS protocol packets.
–mpegts Match for MPEGTS protocol packets.
–snapchat Match for SNAPCHAT protocol packets.
–deezer Match for DEEZER protocol packets.
–instagram Match for INSTAGRAM protocol packets.
–microsoft Match for MICROSOFT protocol packets.
–hotspot_shield Match for HOTSPOT_SHIELD protocol packets.
–ocs Match for OCS protocol packets.
–office_365 Match for OFFICE_365 protocol packets.
–cloudflare Match for CLOUDFLARE protocol packets.
–ms_one_drive Match for MS_ONE_DRIVE protocol packets.
–mqtt Match for MQTT protocol packets.
–rx Match for RX protocol packets.
–sina Match for SINA protocol packets.
–starcraft Match for STARCRAFT protocol packets.
–teredo Match for TEREDO protocol packets.
–hep Match for HEP protocol packets.
–hangout Match for HANGOUT protocol packets.
–dpi_check Match for CHECK protocol packets.

That’s it. Now you can use it, as shown on many examples all over the net.

2 thoughts on “nDPI as iptables module(ndpi-netfilter) on Orange PI.

  1. Zulgrib

    Did you use the kernel version tested in the git repo or did you use i with current kernel (4.12/4.13) ?

    Reply
    1. InnerLife Post author

      The latest version of nDPI from the git.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *