nDPI support for deep packet inspection

Submitted by -
Status: Implemented



So, I was looking into EdgeOS ability to classify/block/prioritize traffic for certain application and I figured out that it falls really short of such capability. Even built-in p2p support in firewall (i.e. keywords "p2p" and "edonkey" for matching) seem to be broken, or at least I couldn't get it to work.

As the standard l7-filter has been known to perform poorly, hereby I suggest that EdgeMax team adds support for nDPI to EdgeOS so we can perform deep packet inspection and prioritise, block, or otherwise modify traffic based on packet inspection. It goes without saying that this should be tied into the firewall so that mark/match concept can be applied.


by Previous Employee UBNT-ancheng
on ‎04-26-2014 03:32 PM

Yeah as discussed before the p2p match implementation is quite old and does not work well with matching newer applications for example. As mentioned before we have been looking at different options for DPI solutions and may be able to provide that in the future but don't have a time estimate at the moment.

on ‎04-27-2014 08:52 AM
@UBNT-ancheng p2p seems not to work at all. I had a rule with "edonkey" in it and eMule was getting low id until I removed the keyword.
‎06-26-2015 10:00 AM - edited ‎06-26-2015 10:14 AM

Maybe it's time to reiterate the DPI issue. I'm testing ndpi-netfilter ability to recon the L7 protos and the results looks very promising. So, looking at betolj/ndpi-netfilter fork, i think that it worth your attention and maybe in the near future your devices will perform DPI at least as accurate as nDPI in these days.

by Previous Employee UBNT-stig
on ‎06-26-2015 10:21 AM

In version v1.7.0 we have started adding DPI functionality and will continue to enhance that feature.

on ‎06-26-2015 11:36 AM

Glad to hear that!

by Ubiquiti Employee
on ‎02-25-2017 06:59 PM
Status changed to: Implemented

DPI has been implemented since this.