Toni
Those two papers are quite old. The newer one from 2016 uses a combination of IP address matching together with caching DNS requests and responses and doing some port/service scanning...
I'm afraid there won't be much that can I do.
This issue can be solved either via a risk or a protocol detection (or both).
Hi @vpiserchia. Can you please verify if the detection works? Check for the NDPI_MALFORMED_PACKET risk. Do you also know which tunnel software was used?
Issue already solved. The preference `ndpi_pref_max_packets_to_process` can be used for such cases.
I thought that nDPI does not support any TCP segment reassembly at all? There was a PR some time ago. But the code was somehow broken and hard to understand.
But would it not better to write a generic TCP reassembler as other protocols may profit as well? I know that writing a reassmbler is not a trivial task and...
#1134, #1122 may be helpful for implementation
Starting with 8e6de00ce3ccded0666301f9157ab01ea9402330, there is a novel approach to provide nDPI with some up2date documentation. However, I think we can use this issue for such topics.
It is possible to extend custom applications with IPv6 support. But I can not tell you (yet) how long it will take.