Segmentation faults due to libpcap?

[Manouchehri]

Seems like this might be related to #249. Happens after a couple seconds of web browsing.

==4770== Memcheck, a memory error detector
==4770== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==4770== Using Valgrind-3.12.0 and LibVEX; rerun with -h for copyright info
==4770== Command: ndpiReader -s 10 -i ens192 -v 2
==4770== Parent PID: 4769
==4770== 
--4770-- 
--4770-- Valgrind options:
--4770--    --log-file=/tmp/valgrinder.1.log
--4770--    -v
--4770--    --track-origins=yes
--4770-- Contents of /proc/version:
--4770--   Linux version 4.9.18-1-lts (builduser@andyrtr) (gcc version 6.3.1 20170306 (GCC) ) #1 SMP Sun Mar 26 14:21:00 CEST 2017
--4770-- 
--4770-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-lzcnt-rdtscp-sse3-avx-avx2-bmi
--4770-- Page sizes: currently 4096, max supported 4096
--4770-- Valgrind library directory: /usr/lib/valgrind
--4770-- Reading syms from /usr/bin/ndpiReader
--4770-- Reading syms from /usr/lib/ld-2.25.so
--4770-- Reading syms from /usr/lib/valgrind/memcheck-amd64-linux
--4770--    object doesn't have a symbol table
--4770--    object doesn't have a dynamic symbol table
--4770-- Scheduler: using generic scheduler lock implementation.
--4770-- Reading suppressions file: /usr/lib/valgrind/default.supp
==4770== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-4770-by-root-on-???
==4770== embedded gdbserver: writing to   /tmp/vgdb-pipe-to-vgdb-from-4770-by-root-on-???
==4770== embedded gdbserver: shared mem   /tmp/vgdb-pipe-shared-mem-vgdb-4770-by-root-on-???
==4770== 
==4770== TO CONTROL THIS PROCESS USING vgdb (which you probably
==4770== don't want to do, unless you know exactly what you're doing,
==4770== or are doing some strange experiment):
==4770==   /usr/lib/valgrind/../../bin/vgdb --pid=4770 ...command...
==4770== 
==4770== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==4770==   /path/to/gdb ndpiReader
==4770== and then give GDB the following command
==4770==   target remote | /usr/lib/valgrind/../../bin/vgdb --pid=4770
==4770== --pid is optional if only one valgrind process is running
==4770== 
--4770-- REDIR: 0x401ae20 (ld-linux-x86-64.so.2:strlen) redirected to 0x3809fc91 (???)
--4770-- REDIR: 0x4019770 (ld-linux-x86-64.so.2:index) redirected to 0x3809fcab (???)
--4770-- Reading syms from /usr/lib/valgrind/vgpreload_core-amd64-linux.so
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
--4770--    object doesn't have a symbol table
==4770== WARNING: new redirection conflicts with existing -- ignoring it
--4770--     old: 0x0401ae20 (strlen              ) R-> (0000.0) 0x3809fc91 ???
--4770--     new: 0x0401ae20 (strlen              ) R-> (2007.0) 0x04c2e1d0 strlen
--4770-- REDIR: 0x4019990 (ld-linux-x86-64.so.2:strcmp) redirected to 0x4c2f2d0 (strcmp)
--4770-- REDIR: 0x401b940 (ld-linux-x86-64.so.2:mempcpy) redirected to 0x4c326a0 (mempcpy)
--4770-- Reading syms from /usr/lib/libpcap.so.1.8.1
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/libpthread-2.25.so
--4770-- Reading syms from /usr/lib/libc-2.25.so
--4770-- Reading syms from /usr/lib/libnl-genl-3.so.200.24.0
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/libnl-3.so.200.24.0
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/libdbus-1.so.3.14.10
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/libm-2.25.so
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/libsystemd.so.0.17.0
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/libresolv-2.25.so
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/libcap.so.2.25
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/librt-2.25.so
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/liblzma.so.5.2.3
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/liblz4.so.1.7.5
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/libgcrypt.so.20.1.6
--4770--    object doesn't have a symbol table
--4770-- Reading syms from /usr/lib/libgpg-error.so.0.22.0
--4770--    object doesn't have a symbol table
--4770-- REDIR: 0x531edd0 (libc.so.6:strcasecmp) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531a860 (libc.so.6:strcspn) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x53210c0 (libc.so.6:strncasecmp) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531cce0 (libc.so.6:strpbrk) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531d070 (libc.so.6:strspn) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531e450 (libc.so.6:memmove) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531eb00 (libc.so.6:mempcpy) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x5319060 (libc.so.6:index) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531e900 (libc.so.6:memset) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x53192b0 (libc.so.6:strcmp) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x53237c0 (libc.so.6:memcpy@@GLIBC_2.14) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531c9b0 (libc.so.6:strncpy) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531a740 (libc.so.6:strcpy) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531e010 (libc.so.6:bcmp) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531b110 (libc.so.6:strncmp) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531ec20 (libc.so.6:stpcpy) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x53931e0 (libc.so.6:__memcpy_chk) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
--4770-- REDIR: 0x531c9f0 (libc.so.6:rindex) redirected to 0x4c2db60 (rindex)
--4770-- REDIR: 0x531ad10 (libc.so.6:strlen) redirected to 0x4c2e110 (strlen)
--4770-- REDIR: 0x5315620 (libc.so.6:malloc) redirected to 0x4c2aeb0 (malloc)
--4770-- REDIR: 0x531e560 (libc.so.6:memcpy@GLIBC_2.2.5) redirected to 0x4c2f430 (memcpy@GLIBC_2.2.5)
--4770-- REDIR: 0x53192f0 (libc.so.6:__GI_strcmp) redirected to 0x4c2f1e0 (__GI_strcmp)
--4770-- REDIR: 0x53dbd50 (libc.so.6:__strncpy_ssse3) redirected to 0x4c2e390 (strncpy)
--4770-- REDIR: 0x531d610 (libc.so.6:__GI_strstr) redirected to 0x4c32900 (__strstr_sse2)
--4770-- REDIR: 0x5315a00 (libc.so.6:free) redirected to 0x4c2c0e0 (free)
--4770-- REDIR: 0x53c88a0 (libc.so.6:__memset_avx2_unaligned_erms) redirected to 0x4c31830 (memset)
--4770-- REDIR: 0x531dcb0 (libc.so.6:memchr) redirected to 0x4c2f370 (memchr)
--4770-- REDIR: 0x5319090 (libc.so.6:__GI_strchr) redirected to 0x4c2dcc0 (__GI_strchr)
--4770-- REDIR: 0x5324e30 (libc.so.6:strchrnul) redirected to 0x4c321d0 (strchrnul)
--4770-- REDIR: 0x531e540 (libc.so.6:__GI_mempcpy) redirected to 0x4c323d0 (__GI_mempcpy)
--4770-- REDIR: 0x5315df0 (libc.so.6:calloc) redirected to 0x4c2ce80 (calloc)
--4770-- REDIR: 0x531da80 (libc.so.6:strstr) redirected to 0x4a25750 (_vgnU_ifunc_wrapper)
==4770== Warning: noted but unhandled ioctl 0x8994 with no size/direction hints.
==4770==    This could cause spurious value errors to appear.
==4770==    See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper.
--4770-- REDIR: 0x531ec60 (libc.so.6:__GI_stpcpy) redirected to 0x4c312f0 (__GI_stpcpy)
--4770-- REDIR: 0x53c8440 (libc.so.6:__memcpy_chk_avx_unaligned_erms) redirected to 0x4c32790 (__memcpy_chk)
--4770-- REDIR: 0x53c8450 (libc.so.6:__memcpy_avx_unaligned_erms) redirected to 0x4c31930 (memmove)
--4770-- REDIR: 0x531a780 (libc.so.6:__GI_strcpy) redirected to 0x4c2e2c0 (__GI_strcpy)
--4770-- REDIR: 0x53e33b0 (libc.so.6:__memcmp_sse4_1) redirected to 0x4c31010 (__memcmp_sse4_1)
==4770== Thread 2:
==4770== Invalid read of size 1
==4770==    at 0x42CDC5: ssl_mark_and_payload_search_for_other_protocols (in /usr/bin/ndpiReader)
==4770==    by 0x411CB3: check_ndpi_tcp_flow_func (in /usr/bin/ndpiReader)
==4770==    by 0x41225F: ndpi_detection_process_packet (in /usr/bin/ndpiReader)
==4770==    by 0x40635A: ndpi_workflow_process_packet (in /usr/bin/ndpiReader)
==4770==    by 0x401EA8: pcap_packet_callback_checked (in /usr/bin/ndpiReader)
==4770==    by 0x4E3E0FD: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E3F036: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E483FC: pcap_loop (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x402C45: processing_thread (in /usr/bin/ndpiReader)
==4770==    by 0x50822E6: start_thread (in /usr/lib/libpthread-2.25.so)
==4770==    by 0x538554E: clone (in /usr/lib/libc-2.25.so)
==4770==  Address 0x765e500 is 0 bytes after a block of size 1,536 alloc'd
==4770==    at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4770==    by 0x401E77: pcap_packet_callback_checked (in /usr/bin/ndpiReader)
==4770==    by 0x4E3E0FD: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E3F036: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E483FC: pcap_loop (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x402C45: processing_thread (in /usr/bin/ndpiReader)
==4770==    by 0x50822E6: start_thread (in /usr/lib/libpthread-2.25.so)
==4770==    by 0x538554E: clone (in /usr/lib/libc-2.25.so)
==4770== 
==4770== Thread 1:
==4770== Invalid write of size 4
==4770==    at 0x4E48410: pcap_breakloop (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x40279C: sigproc (in /usr/bin/ndpiReader)
==4770==    by 0x52CCA8F: ??? (in /usr/lib/libc-2.25.so)
==4770==    by 0x53159FF: ??? (in /usr/lib/libc-2.25.so)
==4770==    by 0x40712D: ndpi_Clear_Patricia (in /usr/bin/ndpiReader)
==4770==    by 0x407228: ndpi_Destroy_Patricia (in /usr/bin/ndpiReader)
==4770==    by 0x40D9B1: ndpi_exit_detection_module (in /usr/bin/ndpiReader)
==4770==    by 0x405AC8: ndpi_workflow_free (in /usr/bin/ndpiReader)
==4770==    by 0x404FE6: test_lib (in /usr/bin/ndpiReader)
==4770==    by 0x4018E9: main (in /usr/bin/ndpiReader)
==4770==  Address 0x6f4b044 is 52 bytes inside a block of size 776 free'd
==4770==    at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4770==    by 0x404FD3: test_lib (in /usr/bin/ndpiReader)
==4770==    by 0x4018E9: main (in /usr/bin/ndpiReader)
==4770==  Block was alloc'd at
==4770==    at 0x4C2CF35: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4770==    by 0x4E48DBC: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E48E38: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E437FE: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E48D2A: pcap_create (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E493B4: pcap_open_live (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4028EF: openPcapFileOrDevice (in /usr/bin/ndpiReader)
==4770==    by 0x404EEE: test_lib (in /usr/bin/ndpiReader)
==4770==    by 0x4018E9: main (in /usr/bin/ndpiReader)
==4770== 
==4770== 
==4770== HEAP SUMMARY:
==4770==     in use at exit: 86 bytes in 1 blocks
==4770==   total heap usage: 34,126 allocs, 34,125 frees, 2,976,103 bytes allocated
==4770== 
==4770== Searching for pointers to 1 not-freed blocks
==4770== Checked 406,864 bytes
==4770== 
==4770== LEAK SUMMARY:
==4770==    definitely lost: 86 bytes in 1 blocks
==4770==    indirectly lost: 0 bytes in 0 blocks
==4770==      possibly lost: 0 bytes in 0 blocks
==4770==    still reachable: 0 bytes in 0 blocks
==4770==         suppressed: 0 bytes in 0 blocks
==4770== Rerun with --leak-check=full to see details of leaked memory
==4770== 
==4770== ERROR SUMMARY: 5551 errors from 2 contexts (suppressed: 0 from 0)
==4770== 
==4770== 1 errors in context 1 of 2:
==4770== Invalid write of size 4
==4770==    at 0x4E48410: pcap_breakloop (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x40279C: sigproc (in /usr/bin/ndpiReader)
==4770==    by 0x52CCA8F: ??? (in /usr/lib/libc-2.25.so)
==4770==    by 0x53159FF: ??? (in /usr/lib/libc-2.25.so)
==4770==    by 0x40712D: ndpi_Clear_Patricia (in /usr/bin/ndpiReader)
==4770==    by 0x407228: ndpi_Destroy_Patricia (in /usr/bin/ndpiReader)
==4770==    by 0x40D9B1: ndpi_exit_detection_module (in /usr/bin/ndpiReader)
==4770==    by 0x405AC8: ndpi_workflow_free (in /usr/bin/ndpiReader)
==4770==    by 0x404FE6: test_lib (in /usr/bin/ndpiReader)
==4770==    by 0x4018E9: main (in /usr/bin/ndpiReader)
==4770==  Address 0x6f4b044 is 52 bytes inside a block of size 776 free'd
==4770==    at 0x4C2C14B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4770==    by 0x404FD3: test_lib (in /usr/bin/ndpiReader)
==4770==    by 0x4018E9: main (in /usr/bin/ndpiReader)
==4770==  Block was alloc'd at
==4770==    at 0x4C2CF35: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4770==    by 0x4E48DBC: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E48E38: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E437FE: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E48D2A: pcap_create (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E493B4: pcap_open_live (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4028EF: openPcapFileOrDevice (in /usr/bin/ndpiReader)
==4770==    by 0x404EEE: test_lib (in /usr/bin/ndpiReader)
==4770==    by 0x4018E9: main (in /usr/bin/ndpiReader)
==4770== 
==4770== 
==4770== 5550 errors in context 2 of 2:
==4770== Thread 2:
==4770== Invalid read of size 1
==4770==    at 0x42CDC5: ssl_mark_and_payload_search_for_other_protocols (in /usr/bin/ndpiReader)
==4770==    by 0x411CB3: check_ndpi_tcp_flow_func (in /usr/bin/ndpiReader)
==4770==    by 0x41225F: ndpi_detection_process_packet (in /usr/bin/ndpiReader)
==4770==    by 0x40635A: ndpi_workflow_process_packet (in /usr/bin/ndpiReader)
==4770==    by 0x401EA8: pcap_packet_callback_checked (in /usr/bin/ndpiReader)
==4770==    by 0x4E3E0FD: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E3F036: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E483FC: pcap_loop (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x402C45: processing_thread (in /usr/bin/ndpiReader)
==4770==    by 0x50822E6: start_thread (in /usr/lib/libpthread-2.25.so)
==4770==    by 0x538554E: clone (in /usr/lib/libc-2.25.so)
==4770==  Address 0x765e500 is 0 bytes after a block of size 1,536 alloc'd
==4770==    at 0x4C2AF1F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4770==    by 0x401E77: pcap_packet_callback_checked (in /usr/bin/ndpiReader)
==4770==    by 0x4E3E0FD: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E3F036: ??? (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x4E483FC: pcap_loop (in /usr/lib/libpcap.so.1.8.1)
==4770==    by 0x402C45: processing_thread (in /usr/bin/ndpiReader)
==4770==    by 0x50822E6: start_thread (in /usr/lib/libpthread-2.25.so)
==4770==    by 0x538554E: clone (in /usr/lib/libc-2.25.so)
==4770== 
==4770== ERROR SUMMARY: 5551 errors from 2 contexts (suppressed: 0 from 0)

[kYroL01]

Hi @Manouchehri . Actually if you read official Valgrind explanation for definitely lost here, it says:

"definitely lost" means your program is leaking memory

So i don't think this caused a SigFault, but, looking at your Valgrind log, it seems that those leaks are caused by the clone function in the libpthread library after a thread is started. Isn't it ? Did u crash with SigFault at certain point ?
If not, I think this behaviour could be ignored. For example read here (that is your situation, and a common situation).

If u have ideas, please, explain and we can discuss about it.

[Manouchehri]

The memory leak errors are because it segfaults, and doesn't clean up. It definitely crashes. 🙁

[Manouchehri]

[dave@lake github-358]$ sudo gdb --args ndpiReader -s 10 -i ens192 
Reading symbols from ndpiReader...(no debugging symbols found)...done.
(gdb) r
Starting program: /usr/bin/ndpiReader -s 10 -i ens192
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

-----------------------------------------------------------
* NOTE: This is demo app to show *some* nDPI features.
* In this demo we have implemented only some basic features
* just to show you what you can do with the library. Feel 
* free to extend it and send us the patches for inclusion
------------------------------------------------------------

Using nDPI (1.8.0-dev-754-92b1b46) [1 thread(s)]
Capturing live traffic from device ens192...
Capturing traffic up to 10 seconds
[New Thread 0x7ffff5ac8700 (LWP 2401)]
Running thread 0...

Thread 2 "ndpiReader" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff5ac8700 (LWP 2401)]
0x00000000004299f5 in ssl_mark_and_payload_search_for_other_protocols ()
(gdb) generate-core-file 
warning: target file /proc/2397/cmdline contained unexpected null characters
Saved corefile core.2397

core.2397.gz

[kYroL01]

Thank you. I have to check ASAP.

[Manouchehri]

@kYroL01 Let me know if there's anything I can help with and/or if you have trouble reproducing it. Thanks!

[kYroL01]

@Manouchehri For sure

[kYroL01]

@Manouchehri Can you please check if something changed with latest two commits 2b0809f and 29cd6ef ?

Thanks

[Manouchehri]

Looks great, thank you!

[dave@lake nDPI-tests]$ sudo ndpiReader -s 10 -i ens192 -v 2

-----------------------------------------------------------
* NOTE: This is demo app to show *some* nDPI features.
* In this demo we have implemented only some basic features
* just to show you what you can do with the library. Feel 
* free to extend it and send us the patches for inclusion
------------------------------------------------------------

Using nDPI (1.8.0-makepkg-767-2b0809f) [1 thread(s)]
Capturing live traffic from device ens192...
Capturing traffic up to 10 seconds
Running thread 0...
	1	TCP 192.168.190.153:59656 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][6 pkts/4961 bytes][client: google.com][server: *.google.com]
	2	UDP 192.168.190.2:53 <-> 192.168.190.153:60025 [proto: 5/DNS][1 pkts/113 bytes][Host: git.savannah.gnu.org]
	3	TCP 192.168.190.153:57330 <-> 208.118.235.201:9418 [proto: 226/Git][4 pkts/298 bytes]
	4	TCP 192.168.190.153:59660 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][6 pkts/4961 bytes][client: google.com][server: *.google.com]
	5	UDP 192.168.190.2:53 <-> 192.168.190.153:42970 [proto: 5/DNS][1 pkts/103 bytes][Host: google.com]
	6	TCP 192.168.190.153:59662 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][6 pkts/4960 bytes][client: google.com][server: *.google.com]
	7	TCP 192.168.190.153:59664 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][6 pkts/4960 bytes][client: google.com][server: *.google.com]
	8	TCP 192.168.190.153:59666 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][6 pkts/4959 bytes][client: google.com][server: *.google.com]
	9	TCP 192.168.190.153:59668 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][6 pkts/4960 bytes][client: google.com][server: *.google.com]
	10	TCP 192.168.190.153:59670 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][6 pkts/4961 bytes][client: google.com][server: *.google.com]
	11	UDP 192.168.190.2:53 <-> 192.168.190.153:37695 [proto: 5/DNS][1 pkts/103 bytes][Host: google.com]
	12	TCP 172.217.1.110:443 <-> 192.168.190.153:47714 [proto: 91.126/SSL.Google][6 pkts/4960 bytes][client: google.com][server: *.google.com]

nDPI Memory statistics:
	nDPI Memory (once):      110.55 KB    
	Flow Memory (per flow):  1.95 KB      
	Actual Memory:           2.22 MB      
	Peak Memory:             2.22 MB      

Traffic statistics:
	Ethernet bytes:        65365005      (includes ethernet CRC/IFC/trailer)
	Discarded bytes:       0            
	IP packets:            9742          of 9742 packets total
	IP bytes:              65131197      (avg pkt size 6685 bytes)
	Unique flows:          13           
	TCP Packets:           9717         
	UDP Packets:           6            
	VLAN Packets:          0            
	MPLS Packets:          0            
	PPPoE Packets:         0            
	Fragmented Packets:    0            
	Max Packet size:       64259        
	Packet Len < 64:       4546         
	Packet Len 64-128:     40           
	Packet Len 128-256:    10           
	Packet Len 256-1024:   49           
	Packet Len 1024-1500:  213          
	Packet Len > 1500:     4884         
	nDPI throughput:       1.02 K pps / 51.98 Mb/sec
	Traffic throughput:    1.02 K pps / 51.98 Mb/sec
	Traffic duration:      9.593 sec
	Guessed flow protos:   0            


Detected protocols:
	DNS                  packets: 6             bytes: 620           flows: 3            
	Google               packets: 171           bytes: 54520         flows: 9            
	Git                  packets: 9565          bytes: 65076057      flows: 1            


Protocol statistics:
	Acceptable                65131197 bytes

	1	UDP 192.168.190.2:53 <-> 192.168.190.153:37695 [proto: 5/DNS][2 pkts/200 bytes][Host: google.com]
	2	TCP 172.217.1.110:443 <-> 192.168.190.153:47714 [proto: 91.126/SSL.Google][19 pkts/6583 bytes][client: google.com][server: *.google.com]
	3	TCP 192.168.190.153:59656 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][19 pkts/6580 bytes][client: google.com][server: *.google.com]
	4	TCP 192.168.190.153:59660 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][19 pkts/6580 bytes][client: google.com][server: *.google.com]
	5	TCP 192.168.190.153:59662 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][19 pkts/6583 bytes][client: google.com][server: *.google.com]
	6	TCP 192.168.190.153:59664 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][19 pkts/6583 bytes][client: google.com][server: *.google.com]
	7	TCP 192.168.190.153:59666 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][19 pkts/6582 bytes][client: google.com][server: *.google.com]
	8	TCP 192.168.190.153:59668 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][19 pkts/6583 bytes][client: google.com][server: *.google.com]
	9	TCP 192.168.190.153:59670 <-> 172.217.8.174:443 [proto: 91.126/SSL.Google][19 pkts/6584 bytes][client: google.com][server: *.google.com]
	10	UDP 192.168.190.2:53 <-> 192.168.190.153:60025 [proto: 5/DNS][2 pkts/220 bytes][Host: git.savannah.gnu.org]
	11	TCP 192.168.190.153:57330 <-> 208.118.235.201:9418 [proto: 226/Git][9565 pkts/65076057 bytes]
	12	ICMP 8.8.8.8:0 <-> 192.168.190.153:0 [proto: 81.126/ICMP.Google][19 pkts/1862 bytes]
	13	UDP 192.168.190.2:53 <-> 192.168.190.153:42970 [proto: 5/DNS][2 pkts/200 bytes][Host: google.com]

[kYroL01]

I'm glad of this!