Skip to content

Commit

Permalink
Improved Protobuf dissector.
Browse files Browse the repository at this point in the history
 * tag extraction/validation was done wrong

Signed-off-by: Toni Uhlig <[email protected]>
  • Loading branch information
utoni committed Oct 26, 2023
1 parent 8b07be4 commit daf39ca
Show file tree
Hide file tree
Showing 34 changed files with 99 additions and 116 deletions.
116 changes: 48 additions & 68 deletions src/lib/protocols/protobuf.c
Original file line number Diff line number Diff line change
Expand Up @@ -26,20 +26,21 @@
#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PROTOBUF
//#define DEBUG_PROTOBUF
#define PROTOBUF_MIN_ELEMENTS 2
#define PROTOBUF_MAX_ELEMENTS 8
#define PROTOBUF_MAX_ELEMENTS 32
#define PROTOBUF_REQUIRED_ELEMENTS 8
#define PROTOBUF_MIN_PACKETS 4
#define PROTOBUF_MAX_PACKETS 8

#include "ndpi_api.h"

enum protobuf_tag {
TAG_INVALID = -1,
TAG_VARINT = 0,
TAG_I64,
TAG_LEN,
TAG_SGROUP, // deprecated
TAG_EGROUP, // deprecated
TAG_I32
enum protobuf_type {
PT_INVALID = -1,
PT_VARINT = 0,
PT_I64,
PT_LEN,
PT_SGROUP, // deprecated
PT_EGROUP, // deprecated
PT_I32
};

static void ndpi_int_protobuf_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
Expand All @@ -49,32 +50,24 @@ static void ndpi_int_protobuf_add_connection(struct ndpi_detection_module_struct
ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PROTOBUF, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
}

static enum protobuf_tag
protobuf_dissect_wire_type(struct ndpi_packet_struct const * const packet,
size_t * const offset,
uint8_t * const field_number)
static enum protobuf_type
protobuf_dissect_tag(uint64_t tag, uint32_t * const field_number)
{
if (packet->payload_packet_len < *offset + 1)
{
return TAG_INVALID;
}

uint8_t const wire_type = packet->payload[*offset] & 0x07; // field number ignored
*field_number = packet->payload[*offset] >> 3;
uint8_t const wire_type = tag & 0x07;
*field_number = tag >> 3;

switch (wire_type)
{
case TAG_VARINT:
case TAG_I64:
case TAG_LEN:
case TAG_SGROUP:
case TAG_EGROUP:
case TAG_I32:
(*offset)++;
case PT_VARINT:
case PT_I64:
case PT_LEN:
case PT_SGROUP:
case PT_EGROUP:
case PT_I32:
return wire_type;
}

return TAG_INVALID;
return PT_INVALID;
}

static int
Expand Down Expand Up @@ -107,36 +100,13 @@ protobuf_dissect_varint(struct ndpi_packet_struct const * const packet,
return 0;
}

static int protobuf_validate_field_number(uint32_t * const saved_field_numbers,
uint8_t field_number,
enum protobuf_tag tag)
{
uint32_t shifted_field_number;

if (field_number > 31 || field_number == 0)
{
return -1;
}

shifted_field_number = 1u << (field_number - 1);
if (tag != TAG_LEN
&& (*saved_field_numbers & shifted_field_number) != 0)
{
return -1;
}

*saved_field_numbers |= shifted_field_number;
return 0;
}

static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struct,
struct ndpi_flow_struct *flow)
{
struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;

NDPI_LOG_DBG(ndpi_struct, "search Protobuf\n");

uint32_t field_numbers_used = 0;
size_t protobuf_elements = 0;
size_t protobuf_len_elements = 0;
size_t offset = 0;
Expand All @@ -148,15 +118,16 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc
#ifdef DEBUG_PROTOBUF
printf(" ");
#endif
uint8_t field_number;
enum protobuf_tag tag = protobuf_dissect_wire_type(packet, &offset,
&field_number);
if (tag == TAG_INVALID)
uint64_t tag;
// A Protobuf tag has a type and a field number stored as u32 varint.
if (protobuf_dissect_varint(packet, &offset, &tag) != 0)
{
break;
}
if (protobuf_validate_field_number(&field_numbers_used, field_number,
tag) != 0)

uint32_t field_number;
enum protobuf_type type = protobuf_dissect_tag(tag, &field_number);
if (type == PT_INVALID || field_number == 0)
{
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
return;
Expand All @@ -165,9 +136,9 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc
#ifdef DEBUG_PROTOBUF
printf("[id: %u]", field_number);
#endif
switch (tag)
switch (type)
{
case TAG_VARINT:
case PT_VARINT:
{
uint64_t value;
if (protobuf_dissect_varint(packet, &offset, &value) != 0)
Expand All @@ -181,7 +152,7 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc
#endif
break;
}
case TAG_I64: {
case PT_I64: {
if (packet->payload_packet_len < offset + sizeof(uint64_t))
{
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
Expand All @@ -200,9 +171,7 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc
offset += 8;
break;
}
case TAG_LEN:
case TAG_SGROUP:
case TAG_EGROUP:
case PT_LEN:
{
uint64_t length;
if (protobuf_dissect_varint(packet, &offset, &length) != 0)
Expand All @@ -223,11 +192,16 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc
offset += length;
protobuf_len_elements++;
#ifdef DEBUG_PROTOBUF
printf("[LEN/SGROUP/EGROUP length: %llu]", (unsigned long long int)length);
printf("[LEN length: %llu]", (unsigned long long int)length);
#endif
break;
}
case TAG_I32: {
case PT_SGROUP:
case PT_EGROUP:
// Start/End groups are deprecated and therefor ignored to reduce false positives.
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
return;
case PT_I32: {
if (packet->payload_packet_len < offset + sizeof(uint32_t))
{
NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
Expand All @@ -245,17 +219,23 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc
offset += 4;
break;
}
case TAG_INVALID:
case PT_INVALID:
break;
}
} while (++protobuf_elements < PROTOBUF_MAX_ELEMENTS);

#ifdef DEBUG_PROTOBUF
printf("\n");
printf(" [offset: %llu][length: %u][elems: %llu][len_elems: %llu]\n",
(unsigned long long int)offset, packet->payload_packet_len,
(unsigned long long int)protobuf_elements,
(unsigned long long int)protobuf_len_elements);
#endif
if ((protobuf_elements == PROTOBUF_MAX_ELEMENTS && protobuf_len_elements > 0)
if ((protobuf_elements >= PROTOBUF_REQUIRED_ELEMENTS && protobuf_len_elements > 0)
|| (flow->packet_counter >= PROTOBUF_MIN_PACKETS && protobuf_elements >= PROTOBUF_MIN_ELEMENTS))
{
#ifdef DEBUG_PROTOBUF
printf("Protobuf found after %u packets.\n", flow->packet_counter);
#endif
ndpi_int_protobuf_add_connection(ndpi_struct, flow);
return;
}
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/caches_cfg/result/ookla.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Guessed flow protos: 1
DPI Packets (TCP): 40 (6.67 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 5 (flows)
Num dissector calls: 510 (85.00 diss/flow)
Num dissector calls: 508 (84.67 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
Binary file modified tests/cfgs/default/pcap/protobuf.pcap
Binary file not shown.
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/6in6tunnel.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ Guessed flow protos: 1

DPI Packets (UDP): 2 (2.00 pkts/flow)
Confidence Unknown : 1 (flows)
Num dissector calls: 128 (128.00 diss/flow)
Num dissector calls: 129 (129.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/KakaoTalk_talk.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ DPI Packets (UDP): 10 (2.00 pkts/flow)
Confidence Match by port : 8 (flows)
Confidence DPI : 11 (flows)
Confidence Match by IP : 1 (flows)
Num dissector calls: 1093 (54.65 diss/flow)
Num dissector calls: 1092 (54.60 diss/flow)
LRU cache ookla: 0/2/0 (insert/search/found)
LRU cache bittorrent: 0/27/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/cloudflare-warp.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ DPI Packets (TCP): 41 (5.12 pkts/flow)
Confidence Match by port : 2 (flows)
Confidence DPI : 5 (flows)
Confidence Match by IP : 1 (flows)
Num dissector calls: 181 (22.62 diss/flow)
Num dissector calls: 180 (22.50 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/9/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
17 changes: 9 additions & 8 deletions tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
Guessed flow protos: 173
Guessed flow protos: 172

DPI Packets (TCP): 48 (2.29 pkts/flow)
DPI Packets (UDP): 369 (1.64 pkts/flow)
DPI Packets (other): 5 (1.00 pkts/flow)
Confidence Unknown : 34 (flows)
Confidence Match by port : 28 (flows)
Confidence DPI : 189 (flows)
Num dissector calls: 6275 (25.00 diss/flow)
Confidence Match by port : 27 (flows)
Confidence DPI : 190 (flows)
Num dissector calls: 6273 (24.99 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/192/0 (insert/search/found)
LRU cache bittorrent: 0/189/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/62/0 (insert/search/found)
LRU cache mining: 0/61/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
LRU cache stun_zoom: 0/34/0 (insert/search/found)
Automa host: 254/0 (search/found)
Expand All @@ -26,14 +26,15 @@ Patricia protocols: 502/1 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Unknown 34 4212 34
FTP_CONTROL 36 2569 12
FTP_CONTROL 35 2456 11
DNS 301 26612 159
NetBIOS 102 9445 25
SMBv1 7 1620 3
DHCP 2 932 1
SMBv23 3 186 1
RTP 5 1070 1
SIP 85 39540 15
Protobuf 1 113 1

1 UDP 212.242.33.35:5060 <-> 192.168.1.2:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][23 pkts/11772 bytes <-> 37 pkts/14743 bytes][Goodput ratio: 91/89][1521.43 sec][bytes ratio: -0.112 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/227 32597/38366 167478/304738 41340/57147][Pkt Len c2s/s2c min/avg/max/stddev: 344/47 512/398 711/1118 86/358][PLAIN TEXT (SIP/2.0 401 Unauthorized)][Plen Bins: 29,0,0,0,0,0,0,0,0,3,6,0,3,6,8,13,1,0,3,0,1,15,0,0,0,5,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: VoIP/10][9 pkts/4647 bytes <-> 3 pkts/1944 bytes][Goodput ratio: 92/93][66.58 sec][bytes ratio: 0.410 (Upload)][IAT c2s/s2c min/avg/max/stddev: 507/34556 8170/34556 32608/34556 10578/0][Pkt Len c2s/s2c min/avg/max/stddev: 417/637 516/648 864/656 186/8][PLAIN TEXT (INVITEKsip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,59,0,0,0,0,0,0,8,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Expand Down Expand Up @@ -134,7 +135,7 @@ SIP 85 39540 15
97 UDP 192.168.1.3:53 -> 192.168.1.2:2712 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
98 TCP 147.234.1.253:21 -> 192.169.1.2:2720 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Download/7][1 pkts/130 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic][PLAIN TEXT (331 Anonymous login ok)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
99 TCP 192.168.1.2:2718 -> 147.137.21.94:139 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][2 pkts/124 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][2.92 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
100 TCP 147.234.1.253:21 -> 192.168.1.2:2732 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Download/7][1 pkts/113 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic][PLAIN TEXT ( Files larger then 250MB will b)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
100 TCP 147.234.1.253:21 -> 192.168.1.2:2732 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/113 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT ( Files larger then 250MB will b)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
101 UDP 192.168.1.1:53 -> 192.168.1.2:2572 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
102 UDP 192.168.1.1:53 -> 192.168.1.2:2723 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-adds.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
103 UDP 192.168.1.1:53 -> 192.168.1.2:2745 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/gnutella.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow)
Confidence Unknown : 389 (flows)
Confidence Match by port : 1 (flows)
Confidence DPI : 370 (flows)
Num dissector calls: 43471 (57.20 diss/flow)
Num dissector calls: 43452 (57.17 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/1170/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/imap-starttls.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ Guessed flow protos: 0

DPI Packets (TCP): 19 (19.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 200 (200.00 diss/flow)
Num dissector calls: 199 (199.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/imap.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ Guessed flow protos: 0

DPI Packets (TCP): 11 (11.00 pkts/flow)
Confidence DPI : 1 (flows)
Num dissector calls: 200 (200.00 diss/flow)
Num dissector calls: 199 (199.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/imo.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ Guessed flow protos: 0

DPI Packets (UDP): 7 (3.50 pkts/flow)
Confidence DPI : 2 (flows)
Num dissector calls: 298 (149.00 diss/flow)
Num dissector calls: 297 (148.50 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/jabber.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ Guessed flow protos: 0

DPI Packets (TCP): 74 (6.17 pkts/flow)
Confidence DPI : 12 (flows)
Num dissector calls: 1412 (117.67 diss/flow)
Num dissector calls: 1409 (117.42 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/kerberos.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (2.14 pkts/flow)
Confidence Unknown : 2 (flows)
Confidence Match by port : 23 (flows)
Confidence DPI : 11 (flows)
Num dissector calls: 3895 (108.19 diss/flow)
Num dissector calls: 3885 (107.92 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/75/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/mongo_false_positive.pcapng.out
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ Guessed flow protos: 1

DPI Packets (TCP): 14 (14.00 pkts/flow)
Confidence Match by port : 1 (flows)
Num dissector calls: 264 (264.00 diss/flow)
Num dissector calls: 263 (263.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/nest_log_sink.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ DPI Packets (TCP): 130 (10.00 pkts/flow)
DPI Packets (UDP): 2 (2.00 pkts/flow)
Confidence Match by port : 1 (flows)
Confidence DPI : 13 (flows)
Num dissector calls: 1844 (131.71 diss/flow)
Num dissector calls: 1837 (131.21 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/ookla.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ DPI Packets (TCP): 40 (6.67 pkts/flow)
Confidence DPI (partial cache): 1 (flows)
Confidence DPI : 4 (flows)
Confidence DPI (aggressive) : 1 (flows)
Num dissector calls: 510 (85.00 diss/flow)
Num dissector calls: 508 (84.67 diss/flow)
LRU cache ookla: 4/2/2 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
2 changes: 1 addition & 1 deletion tests/cfgs/default/result/openvpn.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Guessed flow protos: 0
DPI Packets (TCP): 6 (6.00 pkts/flow)
DPI Packets (UDP): 5 (2.50 pkts/flow)
Confidence DPI : 3 (flows)
Num dissector calls: 407 (135.67 diss/flow)
Num dissector calls: 406 (135.33 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
Expand Down
Loading

0 comments on commit daf39ca

Please sign in to comment.