From 9ee77b795f38197ee6bb558877efb68663d6c8b6 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Thu, 26 Oct 2023 23:42:28 +0200 Subject: [PATCH] Improved Protobuf dissector. * tag extraction/validation was done wrong Signed-off-by: Toni Uhlig --- src/lib/protocols/protobuf.c | 118 ++++++++---------- tests/cfgs/caches_cfg/result/ookla.pcap.out | 2 +- tests/cfgs/default/pcap/protobuf.pcap | Bin 5784 -> 6608 bytes tests/cfgs/default/result/6in6tunnel.pcap.out | 2 +- .../default/result/KakaoTalk_talk.pcap.out | 2 +- .../default/result/cloudflare-warp.pcap.out | 2 +- .../result/fuzz-2006-06-26-2594.pcap.out | 17 +-- tests/cfgs/default/result/gnutella.pcap.out | 2 +- .../default/result/imap-starttls.pcap.out | 2 +- tests/cfgs/default/result/imap.pcap.out | 2 +- tests/cfgs/default/result/imo.pcap.out | 2 +- tests/cfgs/default/result/jabber.pcap.out | 2 +- tests/cfgs/default/result/kerberos.pcap.out | 2 +- .../result/mongo_false_positive.pcapng.out | 2 +- .../default/result/nest_log_sink.pcap.out | 2 +- tests/cfgs/default/result/ookla.pcap.out | 2 +- tests/cfgs/default/result/openvpn.pcap.out | 2 +- .../ossfuzz_seed_fake_traces_1.pcapng.out | 11 +- tests/cfgs/default/result/pps.pcap.out | 2 +- tests/cfgs/default/result/protobuf.pcap.out | 13 +- .../result/radius_false_positive.pcapng.out | 2 +- tests/cfgs/default/result/raknet.pcap.out | 2 +- .../default/result/reasm_segv_anon.pcapng.out | 2 +- tests/cfgs/default/result/sip.pcap.out | 2 +- tests/cfgs/default/result/skinny.pcap.out | 2 +- tests/cfgs/default/result/skype.pcap.out | 2 +- .../default/result/skype_no_unknown.pcap.out | 2 +- .../default/result/smtp-starttls.pcap.out | 2 +- tests/cfgs/default/result/soap.pcap.out | 2 +- .../default/result/starcraft_battle.pcap.out | 2 +- tests/cfgs/default/result/waze.pcap.out | 2 +- tests/cfgs/default/result/z3950.pcapng.out | 2 +- .../result/ookla.pcap.out | 2 +- .../disable_protocols/result/soap.pcap.out | 2 +- 34 files changed, 100 insertions(+), 117 deletions(-) diff --git a/src/lib/protocols/protobuf.c b/src/lib/protocols/protobuf.c index f7b1a0ace78..fe477833662 100644 --- a/src/lib/protocols/protobuf.c +++ b/src/lib/protocols/protobuf.c @@ -26,20 +26,21 @@ #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PROTOBUF //#define DEBUG_PROTOBUF #define PROTOBUF_MIN_ELEMENTS 2 -#define PROTOBUF_MAX_ELEMENTS 8 +#define PROTOBUF_MAX_ELEMENTS 32 +#define PROTOBUF_REQUIRED_ELEMENTS 8 #define PROTOBUF_MIN_PACKETS 4 #define PROTOBUF_MAX_PACKETS 8 #include "ndpi_api.h" -enum protobuf_tag { - TAG_INVALID = -1, - TAG_VARINT = 0, - TAG_I64, - TAG_LEN, - TAG_SGROUP, // deprecated - TAG_EGROUP, // deprecated - TAG_I32 +enum protobuf_type { + PT_INVALID = -1, + PT_VARINT = 0, + PT_I64, + PT_LEN, + PT_SGROUP, // deprecated + PT_EGROUP, // deprecated + PT_I32 }; static void ndpi_int_protobuf_add_connection(struct ndpi_detection_module_struct *ndpi_struct, @@ -49,32 +50,24 @@ static void ndpi_int_protobuf_add_connection(struct ndpi_detection_module_struct ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PROTOBUF, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); } -static enum protobuf_tag -protobuf_dissect_wire_type(struct ndpi_packet_struct const * const packet, - size_t * const offset, - uint8_t * const field_number) +static enum protobuf_type +protobuf_dissect_tag(uint64_t tag, uint64_t * const field_number) { - if (packet->payload_packet_len < *offset + 1) - { - return TAG_INVALID; - } - - uint8_t const wire_type = packet->payload[*offset] & 0x07; // field number ignored - *field_number = packet->payload[*offset] >> 3; + uint8_t const wire_type = tag & 0x07; + *field_number = tag >> 3; switch (wire_type) { - case TAG_VARINT: - case TAG_I64: - case TAG_LEN: - case TAG_SGROUP: - case TAG_EGROUP: - case TAG_I32: - (*offset)++; + case PT_VARINT: + case PT_I64: + case PT_LEN: + case PT_SGROUP: + case PT_EGROUP: + case PT_I32: return wire_type; } - return TAG_INVALID; + return PT_INVALID; } static int @@ -107,28 +100,6 @@ protobuf_dissect_varint(struct ndpi_packet_struct const * const packet, return 0; } -static int protobuf_validate_field_number(uint32_t * const saved_field_numbers, - uint8_t field_number, - enum protobuf_tag tag) -{ - uint32_t shifted_field_number; - - if (field_number > 31 || field_number == 0) - { - return -1; - } - - shifted_field_number = 1u << (field_number - 1); - if (tag != TAG_LEN - && (*saved_field_numbers & shifted_field_number) != 0) - { - return -1; - } - - *saved_field_numbers |= shifted_field_number; - return 0; -} - static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -136,7 +107,6 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc NDPI_LOG_DBG(ndpi_struct, "search Protobuf\n"); - uint32_t field_numbers_used = 0; size_t protobuf_elements = 0; size_t protobuf_len_elements = 0; size_t offset = 0; @@ -148,26 +118,27 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc #ifdef DEBUG_PROTOBUF printf(" "); #endif - uint8_t field_number; - enum protobuf_tag tag = protobuf_dissect_wire_type(packet, &offset, - &field_number); - if (tag == TAG_INVALID) + uint64_t tag; + // A Protobuf tag has a type and a field number stored as u32 varint. + if (protobuf_dissect_varint(packet, &offset, &tag) != 0) { break; } - if (protobuf_validate_field_number(&field_numbers_used, field_number, - tag) != 0) + + uint64_t field_number; + enum protobuf_type type = protobuf_dissect_tag(tag, &field_number); + if (type == PT_INVALID || field_number == 0 || field_number > (UINT_MAX >> 3)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } #ifdef DEBUG_PROTOBUF - printf("[id: %u]", field_number); + printf("[id: %llu]", (unsigned long long int)field_number); #endif - switch (tag) + switch (type) { - case TAG_VARINT: + case PT_VARINT: { uint64_t value; if (protobuf_dissect_varint(packet, &offset, &value) != 0) @@ -181,7 +152,7 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc #endif break; } - case TAG_I64: { + case PT_I64: { if (packet->payload_packet_len < offset + sizeof(uint64_t)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); @@ -200,9 +171,7 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc offset += 8; break; } - case TAG_LEN: - case TAG_SGROUP: - case TAG_EGROUP: + case PT_LEN: { uint64_t length; if (protobuf_dissect_varint(packet, &offset, &length) != 0) @@ -223,11 +192,16 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc offset += length; protobuf_len_elements++; #ifdef DEBUG_PROTOBUF - printf("[LEN/SGROUP/EGROUP length: %llu]", (unsigned long long int)length); + printf("[LEN length: %llu]", (unsigned long long int)length); #endif break; } - case TAG_I32: { + case PT_SGROUP: + case PT_EGROUP: + // Start/End groups are deprecated and therefor ignored to reduce false positives. + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + case PT_I32: { if (packet->payload_packet_len < offset + sizeof(uint32_t)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); @@ -245,17 +219,23 @@ static void ndpi_search_protobuf(struct ndpi_detection_module_struct *ndpi_struc offset += 4; break; } - case TAG_INVALID: + case PT_INVALID: break; } } while (++protobuf_elements < PROTOBUF_MAX_ELEMENTS); #ifdef DEBUG_PROTOBUF - printf("\n"); + printf(" [offset: %llu][length: %u][elems: %llu][len_elems: %llu]\n", + (unsigned long long int)offset, packet->payload_packet_len, + (unsigned long long int)protobuf_elements, + (unsigned long long int)protobuf_len_elements); #endif - if ((protobuf_elements == PROTOBUF_MAX_ELEMENTS && protobuf_len_elements > 0) + if ((protobuf_elements >= PROTOBUF_REQUIRED_ELEMENTS && protobuf_len_elements > 0) || (flow->packet_counter >= PROTOBUF_MIN_PACKETS && protobuf_elements >= PROTOBUF_MIN_ELEMENTS)) { +#ifdef DEBUG_PROTOBUF + printf("Protobuf found after %u packets.\n", flow->packet_counter); +#endif ndpi_int_protobuf_add_connection(ndpi_struct, flow); return; } diff --git a/tests/cfgs/caches_cfg/result/ookla.pcap.out b/tests/cfgs/caches_cfg/result/ookla.pcap.out index 25803d57df6..a080dd7dac4 100644 --- a/tests/cfgs/caches_cfg/result/ookla.pcap.out +++ b/tests/cfgs/caches_cfg/result/ookla.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 40 (6.67 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 510 (85.00 diss/flow) +Num dissector calls: 508 (84.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/pcap/protobuf.pcap b/tests/cfgs/default/pcap/protobuf.pcap index 2eefedd3f08dbc6b031a9e32e2d82fdcf4514615..b1803647803a6dc67688831084480d25b1235952 100644 GIT binary patch delta 530 zcmbQCd%<|a46(^I!aN*{IoKF3t(|atvH+))gtM6g!%DUZ-SrF%j3E4Mnt>(5%Drim z?{R2>Ro;WBl#^J=cKIMom4W56Y2tZ)SwNNPllA!3z$#yXR3}efy@Ci6`fPtL0rm26+lLC0ZjzC5ad#ji$MV7QX!yAL7r7en+|eg zF5HdKpveXX&9MLh#{ZM=v5SF&$G&tQSciO}(0p|a6g-pn2}yxf7r<1f%>bKk h3R8__{&BeKHmGVXXDhJTlVPf%L4O=*b`EOL0|2T0m{$M* delta 7 Ocmca$JVSTG3^4!=>jNhM diff --git a/tests/cfgs/default/result/6in6tunnel.pcap.out b/tests/cfgs/default/result/6in6tunnel.pcap.out index de39aca8be3..c29a4f19af0 100644 --- a/tests/cfgs/default/result/6in6tunnel.pcap.out +++ b/tests/cfgs/default/result/6in6tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 128 (128.00 diss/flow) +Num dissector calls: 129 (129.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out index 53d3ef78cf4..6a24c08f995 100644 --- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence Match by port : 8 (flows) Confidence DPI : 11 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1093 (54.65 diss/flow) +Num dissector calls: 1092 (54.60 diss/flow) LRU cache ookla: 0/2/0 (insert/search/found) LRU cache bittorrent: 0/27/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/cloudflare-warp.pcap.out b/tests/cfgs/default/result/cloudflare-warp.pcap.out index be0f353ef16..982d487b08c 100644 --- a/tests/cfgs/default/result/cloudflare-warp.pcap.out +++ b/tests/cfgs/default/result/cloudflare-warp.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 41 (5.12 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 5 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 181 (22.62 diss/flow) +Num dissector calls: 180 (22.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index 4b0d8128c8c..9a482fb7d0b 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -1,18 +1,18 @@ -Guessed flow protos: 173 +Guessed flow protos: 172 DPI Packets (TCP): 48 (2.29 pkts/flow) DPI Packets (UDP): 369 (1.64 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 34 (flows) -Confidence Match by port : 28 (flows) -Confidence DPI : 189 (flows) -Num dissector calls: 6275 (25.00 diss/flow) +Confidence Match by port : 27 (flows) +Confidence DPI : 190 (flows) +Num dissector calls: 6273 (24.99 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) -LRU cache bittorrent: 0/192/0 (insert/search/found) +LRU cache bittorrent: 0/189/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) LRU cache tls_cert: 0/0/0 (insert/search/found) -LRU cache mining: 0/62/0 (insert/search/found) +LRU cache mining: 0/61/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache stun_zoom: 0/34/0 (insert/search/found) Automa host: 254/0 (search/found) @@ -26,7 +26,7 @@ Patricia protocols: 502/1 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 34 4212 34 -FTP_CONTROL 36 2569 12 +FTP_CONTROL 35 2456 11 DNS 301 26612 159 NetBIOS 102 9445 25 SMBv1 7 1620 3 @@ -34,6 +34,7 @@ DHCP 2 932 1 SMBv23 3 186 1 RTP 5 1070 1 SIP 85 39540 15 +Protobuf 1 113 1 1 UDP 212.242.33.35:5060 <-> 192.168.1.2:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: VoIP/10][23 pkts/11772 bytes <-> 37 pkts/14743 bytes][Goodput ratio: 91/89][1521.43 sec][bytes ratio: -0.112 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/227 32597/38366 167478/304738 41340/57147][Pkt Len c2s/s2c min/avg/max/stddev: 344/47 512/398 711/1118 86/358][PLAIN TEXT (SIP/2.0 401 Unauthorized)][Plen Bins: 29,0,0,0,0,0,0,0,0,3,6,0,3,6,8,13,1,0,3,0,1,15,0,0,0,5,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: VoIP/10][9 pkts/4647 bytes <-> 3 pkts/1944 bytes][Goodput ratio: 92/93][66.58 sec][bytes ratio: 0.410 (Upload)][IAT c2s/s2c min/avg/max/stddev: 507/34556 8170/34556 32608/34556 10578/0][Pkt Len c2s/s2c min/avg/max/stddev: 417/637 516/648 864/656 186/8][PLAIN TEXT (INVITEKsip)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,59,0,0,0,0,0,0,8,16,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -134,7 +135,7 @@ SIP 85 39540 15 97 UDP 192.168.1.3:53 -> 192.168.1.2:2712 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/144 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][< 1 sec][Hostname/SNI: sip.cybercity.dk][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (cybercity)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 98 TCP 147.234.1.253:21 -> 192.169.1.2:2720 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Download/7][1 pkts/130 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic][PLAIN TEXT (331 Anonymous login ok)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 99 TCP 192.168.1.2:2718 -> 147.137.21.94:139 [proto: 10/NetBIOS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 2][cat: System/18][2 pkts/124 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][2.92 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 100 TCP 147.234.1.253:21 -> 192.168.1.2:2732 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Download/7][1 pkts/113 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic][PLAIN TEXT ( Files larger then 250MB will b)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 100 TCP 147.234.1.253:21 -> 192.168.1.2:2732 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/113 bytes -> 0 pkts/0 bytes][Goodput ratio: 52/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT ( Files larger then 250MB will b)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 101 UDP 192.168.1.1:53 -> 192.168.1.2:2572 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][::][Risk: ** Malformed Packet **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No client to server traffic / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 102 UDP 192.168.1.1:53 -> 192.168.1.2:2723 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-adds.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 103 UDP 192.168.1.1:53 -> 192.168.1.2:2745 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][::][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index 6742342ca22..1803edfe4ff 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 389 (flows) Confidence Match by port : 1 (flows) Confidence DPI : 370 (flows) -Num dissector calls: 43471 (57.20 diss/flow) +Num dissector calls: 43452 (57.17 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/1170/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/imap-starttls.pcap.out b/tests/cfgs/default/result/imap-starttls.pcap.out index 53f562e5246..0f7b4144014 100644 --- a/tests/cfgs/default/result/imap-starttls.pcap.out +++ b/tests/cfgs/default/result/imap-starttls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 19 (19.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 200 (200.00 diss/flow) +Num dissector calls: 199 (199.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/imap.pcap.out b/tests/cfgs/default/result/imap.pcap.out index 0992fce1d15..3cb95801c8f 100644 --- a/tests/cfgs/default/result/imap.pcap.out +++ b/tests/cfgs/default/result/imap.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 200 (200.00 diss/flow) +Num dissector calls: 199 (199.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/imo.pcap.out b/tests/cfgs/default/result/imo.pcap.out index aca9be13f89..fd204989352 100644 --- a/tests/cfgs/default/result/imo.pcap.out +++ b/tests/cfgs/default/result/imo.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 7 (3.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 298 (149.00 diss/flow) +Num dissector calls: 297 (148.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/jabber.pcap.out b/tests/cfgs/default/result/jabber.pcap.out index 0525a55b44c..b40098f9251 100644 --- a/tests/cfgs/default/result/jabber.pcap.out +++ b/tests/cfgs/default/result/jabber.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 74 (6.17 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1412 (117.67 diss/flow) +Num dissector calls: 1409 (117.42 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/kerberos.pcap.out b/tests/cfgs/default/result/kerberos.pcap.out index 90425df74db..775ed29a56d 100644 --- a/tests/cfgs/default/result/kerberos.pcap.out +++ b/tests/cfgs/default/result/kerberos.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (2.14 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 23 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 3895 (108.19 diss/flow) +Num dissector calls: 3885 (107.92 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/75/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/mongo_false_positive.pcapng.out b/tests/cfgs/default/result/mongo_false_positive.pcapng.out index eff24094121..d402bd1772e 100644 --- a/tests/cfgs/default/result/mongo_false_positive.pcapng.out +++ b/tests/cfgs/default/result/mongo_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 14 (14.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 264 (264.00 diss/flow) +Num dissector calls: 263 (263.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/nest_log_sink.pcap.out b/tests/cfgs/default/result/nest_log_sink.pcap.out index 36dac59b96e..b8f4a3c6718 100644 --- a/tests/cfgs/default/result/nest_log_sink.pcap.out +++ b/tests/cfgs/default/result/nest_log_sink.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 130 (10.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 13 (flows) -Num dissector calls: 1844 (131.71 diss/flow) +Num dissector calls: 1837 (131.21 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ookla.pcap.out b/tests/cfgs/default/result/ookla.pcap.out index f21d55f6319..075025804b6 100644 --- a/tests/cfgs/default/result/ookla.pcap.out +++ b/tests/cfgs/default/result/ookla.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 40 (6.67 pkts/flow) Confidence DPI (partial cache): 1 (flows) Confidence DPI : 4 (flows) Confidence DPI (aggressive) : 1 (flows) -Num dissector calls: 510 (85.00 diss/flow) +Num dissector calls: 508 (84.67 diss/flow) LRU cache ookla: 4/2/2 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out index e7688a618eb..735cf14fe02 100644 --- a/tests/cfgs/default/result/openvpn.pcap.out +++ b/tests/cfgs/default/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 407 (135.67 diss/flow) +Num dissector calls: 406 (135.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out index 3fbd3d96da3..cd909dad56e 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out @@ -1,11 +1,11 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (1.33 pkts/flow) -DPI Packets (UDP): 13 (3.25 pkts/flow) +DPI Packets (UDP): 9 (2.25 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 717 (71.70 diss/flow) +Num dissector calls: 690 (69.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) -LRU cache bittorrent: 0/9/0 (insert/search/found) +LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) LRU cache tls_cert: 0/0/0 (insert/search/found) @@ -26,9 +26,10 @@ Gnutella 4 333 2 PPStream 1 141 1 Steam 2 68 1 HalfLife2 2 96 1 -Starcraft 12 2687 5 +Starcraft 4 200 4 +Protobuf 8 2487 1 - 1 UDP 127.0.0.1:1119 -> 127.0.0.1:1120 [proto: 213/Starcraft][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Game/8][8 pkts/2487 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][204.53 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8008/0 29219/0 105424/0 32476/0][Pkt Len c2s/s2c min/avg/max/stddev: 48/0 311/0 576/0 250/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 37,0,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 127.0.0.1:1119 -> 127.0.0.1:1120 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][8 pkts/2487 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][204.53 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8008/0 29219/0 105424/0 32476/0][Pkt Len c2s/s2c min/avg/max/stddev: 48/0 311/0 576/0 250/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 37,0,12,0,0,0,0,0,0,0,0,0,0,0,0,12,0,37,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.128:1 -> 1.2.3.4:10 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/170 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][< 1 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: TCP NULL scan / No server to client traffic][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 192.168.1.128:1 -> 1.2.3.4:11 [proto: 35/Gnutella][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Download/7][2 pkts/163 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][293.20 sec][Risk: ** Unsafe Protocol **** Unidirectional Traffic **** TCP Connection Issues **][Risk Score: 70][Risk Info: TCP NULL scan / No server to client traffic][Plen Bins: 50,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 4 UDP 127.0.0.1:17788 -> 127.0.0.1:17788 [proto: 54/PPStream][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Streaming/17][1 pkts/141 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (PPStream)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out index 36e03921b85..cd8c6bd6d02 100644 --- a/tests/cfgs/default/result/pps.pcap.out +++ b/tests/cfgs/default/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 136 (3.09 pkts/flow) Confidence Unknown : 29 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 5508 (51.48 diss/flow) +Num dissector calls: 5504 (51.44 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/93/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/protobuf.pcap.out b/tests/cfgs/default/result/protobuf.pcap.out index 4cbab9bcce4..a4d73d57f6d 100644 --- a/tests/cfgs/default/result/protobuf.pcap.out +++ b/tests/cfgs/default/result/protobuf.pcap.out @@ -1,8 +1,8 @@ Guessed flow protos: 0 -DPI Packets (TCP): 22 (5.50 pkts/flow) -Confidence DPI : 4 (flows) -Num dissector calls: 572 (143.00 diss/flow) +DPI Packets (TCP): 26 (5.20 pkts/flow) +Confidence DPI : 5 (flows) +Num dissector calls: 694 (138.80 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -18,12 +18,13 @@ Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) -Patricia protocols: 8/0 (search/found) +Patricia protocols: 10/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) -Protobuf 52 3895 4 +Protobuf 60 4446 5 1 TCP 127.0.0.1:52392 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][11 pkts/890 bytes <-> 9 pkts/498 bytes][Goodput ratio: 32/0][70.00 sec][bytes ratio: 0.282 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10000 6667/8333 10000/10000 4714/3727][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 81/55 122/66 31/4][PLAIN TEXT (AAAABBBBX)][Plen Bins: 42,0,57,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 127.0.0.1:39786 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/832 bytes <-> 3 pkts/174 bytes][Goodput ratio: 66/0][10.00 sec][bytes ratio: 0.654 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 2500/0 10000/0 4330/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 166/58 604/66 219/6][PLAIN TEXT (Lorem ipsum dolor sit amet)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 3 TCP 127.0.0.1:51680 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 10][cat: Network/14][9 pkts/588 bytes <-> 7 pkts/390 bytes][Goodput ratio: 15/0][50.00 sec][bytes ratio: 0.202 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/10000 5714/7500 10000/10000 4949/4330][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 65/56 72/66 8/4][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 TCP 127.0.0.1:42358 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/349 bytes <-> 3 pkts/174 bytes][Goodput ratio: 19/0][< 1 sec][bytes ratio: 0.335 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 70/58 121/66 26/6][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 127.0.0.1:59030 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/377 bytes <-> 3 pkts/174 bytes][Goodput ratio: 25/0][3.00 sec][bytes ratio: 0.368 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 750/0 3000/0 1299/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 75/58 149/66 37/6][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 TCP 127.0.0.1:42358 <-> 127.0.0.1:12345 [proto: 353/Protobuf][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Network/14][5 pkts/349 bytes <-> 3 pkts/174 bytes][Goodput ratio: 19/0][< 1 sec][bytes ratio: 0.335 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 70/58 121/66 26/6][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/radius_false_positive.pcapng.out b/tests/cfgs/default/result/radius_false_positive.pcapng.out index e4bd017da85..316be7145b5 100644 --- a/tests/cfgs/default/result/radius_false_positive.pcapng.out +++ b/tests/cfgs/default/result/radius_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 10 (10.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 198 (198.00 diss/flow) +Num dissector calls: 197 (197.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/raknet.pcap.out b/tests/cfgs/default/result/raknet.pcap.out index e4f8328ccbd..83001a889b6 100644 --- a/tests/cfgs/default/result/raknet.pcap.out +++ b/tests/cfgs/default/result/raknet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 24 (2.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1426 (118.83 diss/flow) +Num dissector calls: 1425 (118.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/reasm_segv_anon.pcapng.out b/tests/cfgs/default/result/reasm_segv_anon.pcapng.out index 91d2baf45ef..d2130e69c19 100644 --- a/tests/cfgs/default/result/reasm_segv_anon.pcapng.out +++ b/tests/cfgs/default/result/reasm_segv_anon.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 21 (21.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 194 (194.00 diss/flow) +Num dissector calls: 193 (193.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sip.pcap.out b/tests/cfgs/default/result/sip.pcap.out index 9bbc78c1278..f210d09a2e2 100644 --- a/tests/cfgs/default/result/sip.pcap.out +++ b/tests/cfgs/default/result/sip.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (1.50 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 191 (47.75 diss/flow) +Num dissector calls: 190 (47.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skinny.pcap.out b/tests/cfgs/default/result/skinny.pcap.out index 2a6214303a6..026a0e0efa3 100644 --- a/tests/cfgs/default/result/skinny.pcap.out +++ b/tests/cfgs/default/result/skinny.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 3 (1.00 pkts/flow) DPI Packets (UDP): 15 (3.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 670 (74.44 diss/flow) +Num dissector calls: 669 (74.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skype.pcap.out b/tests/cfgs/default/result/skype.pcap.out index 05d617d1133..1be9f01a74c 100644 --- a/tests/cfgs/default/result/skype.pcap.out +++ b/tests/cfgs/default/result/skype.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 59 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 206 (flows) -Num dissector calls: 26590 (90.75 diss/flow) +Num dissector calls: 26574 (90.70 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/261/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skype_no_unknown.pcap.out b/tests/cfgs/default/result/skype_no_unknown.pcap.out index 1a006624b8f..c4171af5518 100644 --- a/tests/cfgs/default/result/skype_no_unknown.pcap.out +++ b/tests/cfgs/default/result/skype_no_unknown.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 44 (flows) Confidence Match by port : 22 (flows) Confidence DPI : 201 (flows) -Num dissector calls: 22145 (82.94 diss/flow) +Num dissector calls: 22138 (82.91 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/198/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/smtp-starttls.pcap.out b/tests/cfgs/default/result/smtp-starttls.pcap.out index fa315a00ce5..6be7a1da77a 100644 --- a/tests/cfgs/default/result/smtp-starttls.pcap.out +++ b/tests/cfgs/default/result/smtp-starttls.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 151 (75.50 diss/flow) +Num dissector calls: 150 (75.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/soap.pcap.out b/tests/cfgs/default/result/soap.pcap.out index 92d9b040e23..2b064da3792 100644 --- a/tests/cfgs/default/result/soap.pcap.out +++ b/tests/cfgs/default/result/soap.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 20 (6.67 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 373 (124.33 diss/flow) +Num dissector calls: 372 (124.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index 8c53d7443c5..6e7dc2109ce 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 12 (flows) Confidence DPI : 39 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1483 (28.52 diss/flow) +Num dissector calls: 1482 (28.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/39/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/waze.pcap.out b/tests/cfgs/default/result/waze.pcap.out index 01f0f17f86f..76b3821cd1d 100644 --- a/tests/cfgs/default/result/waze.pcap.out +++ b/tests/cfgs/default/result/waze.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 9 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 352 (10.67 diss/flow) +Num dissector calls: 351 (10.64 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/30/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/z3950.pcapng.out b/tests/cfgs/default/result/z3950.pcapng.out index e50cb81d024..50073922bc9 100644 --- a/tests/cfgs/default/result/z3950.pcapng.out +++ b/tests/cfgs/default/result/z3950.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 448 (224.00 diss/flow) +Num dissector calls: 446 (223.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out b/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out index 7f7e33c3ba3..ec5ea72c3de 100644 --- a/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out +++ b/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 40 (6.67 pkts/flow) Confidence DPI (partial cache): 1 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 510 (85.00 diss/flow) +Num dissector calls: 508 (84.67 diss/flow) LRU cache ookla: 4/1/1 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/soap.pcap.out b/tests/cfgs/disable_protocols/result/soap.pcap.out index 3b0f98dcef7..e7b232e5ded 100644 --- a/tests/cfgs/disable_protocols/result/soap.pcap.out +++ b/tests/cfgs/disable_protocols/result/soap.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (TCP): 20 (6.67 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 362 (120.67 diss/flow) +Num dissector calls: 361 (120.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found)