diff --git a/example/ndpiReader.c b/example/ndpiReader.c index ae988275872..9cd662ba2e9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -127,7 +127,6 @@ static struct ndpi_detection_module_struct *ndpi_info_mod = NULL; extern u_int8_t enable_doh_dot_detection; extern u_int32_t max_num_packets_per_flow, max_packet_payload_dissection, max_num_reported_top_payloads; extern u_int16_t min_pattern_len, max_pattern_len; -extern void ndpi_self_check_host_match(); /* Self check function */ u_int8_t dump_internal_stats; struct ndpi_bin malloc_bins; @@ -819,7 +818,7 @@ static void parseOptions(int argc, char **argv) { for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++) aggressiveness[i] = -1; /* Use the default value */ - while((opt = getopt_long(argc, argv, "a:Ab:B:e:Ec:C:dDf:g:i:Ij:k:K:S:hHp:pP:l:r:s:tu:v:V:n:rp:x:w:zZ:q0123:456:7:89:m:MT:U:", + while((opt = getopt_long(argc, argv, "a:Ab:B:e:Ec:C:dDFf:g:i:Ij:k:K:S:hHp:pP:l:r:s:tu:v:V:n:rp:x:w:zZ:q0123:456:7:89:m:MT:U:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### Handling option -%c [%s] #### \n", opt, optarg ? optarg : ""); @@ -828,7 +827,7 @@ static void parseOptions(int argc, char **argv) { switch (opt) { case 'a': ndpi_generate_options(atoi(optarg)); - break; + exit(0); case 'A': dump_internal_stats = 1; @@ -5217,7 +5216,7 @@ int main(int argc, char **argv) { bitmapUnitTest(); automataUnitTest(); analyzeUnitTest(); - ndpi_self_check_host_match(); + ndpi_self_check_host_match(stderr); analysisUnitTest(); compressedBitmapUnitTest(); #endif diff --git a/example/reader_util.c b/example/reader_util.c index dc536b63266..e434e1ac1a3 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -991,7 +991,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow *src_to_dst_direction = 1; } if(enable_flow_stats) { - if(src_to_dst_direction) { + if(*src_to_dst_direction) { if(rflow->entropy->src2dst_pkt_count < max_num_packets_per_flow) { rflow->entropy->src2dst_pkt_len[rflow->entropy->src2dst_pkt_count] = l4_data_len; rflow->entropy->src2dst_pkt_time[rflow->entropy->src2dst_pkt_count] = when; diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index 2e0a27ff4c0..8f98c592983 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -6,8 +6,6 @@ #include #include "fuzzer/FuzzedDataProvider.h" -extern "C" void ndpi_self_check_host_match(); /* Self check function */ - extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fuzzed_data(data, size); struct ndpi_detection_module_struct *ndpi_info_mod; @@ -136,7 +134,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_num_supported_protocols(ndpi_info_mod); ndpi_get_ndpi_num_custom_protocols(ndpi_info_mod); - ndpi_self_check_host_match(); + ndpi_self_check_host_match(stderr); /* Basic code to try testing this "config" */ bool_value = fuzzed_data.ConsumeBool(); @@ -156,14 +154,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_flow_risk_info(&flow, out, sizeof(out), 1); ndpi_get_flow_ndpi_proto(ndpi_info_mod, &flow, &p2); ndpi_is_proto(p, NDPI_PROTOCOL_TLS); - /* ndpi_guess_undetected_protocol() is a "strange" function (since is ipv4 only) - but it is exported by the library and it is used by ntopng. Try fuzzing it, here */ + /* ndpi_guess_undetected_protocol() is a "strange" function. Try fuzzing it, here */ if(!ndpi_is_protocol_detected(ndpi_info_mod, p)) { + ndpi_guess_undetected_protocol(ndpi_info_mod, bool_value ? &flow : NULL, + flow.l4_proto); if(!flow.is_ipv6) { - ndpi_guess_undetected_protocol(ndpi_info_mod, bool_value ? &flow : NULL, - flow.l4_proto, - flow.c_address.v4, flow.s_address.v4, - flow.c_port, flow.s_port); /* Another "strange" function (ipv4 only): fuzz it here, for lack of a better alternative */ ndpi_find_ipv4_category_userdata(ndpi_info_mod, flow.c_address.v4); } diff --git a/ndpi-netfilter/src/main.c b/ndpi-netfilter/src/main.c index 8e2766fcbd8..f393a54448b 100644 --- a/ndpi-netfilter/src/main.c +++ b/ndpi-netfilter/src/main.c @@ -999,8 +999,8 @@ ndpi_process_packet(struct ndpi_net *n, struct nf_conn * ct, struct nf_ct_ext_nd const struct sk_buff *skb,int dir, ndpi_protocol *proto) { struct ndpi_flow_struct * flow; - uint32_t low_ip, up_ip, tmp_ip; - uint16_t low_port, up_port, tmp_port, protocol; + uint32_t low_ip, up_ip; + uint16_t low_port, up_port, protocol; const struct iphdr *iph = NULL; #ifdef NDPI_DETECTION_SUPPORT_IPV6 const struct ipv6hdr *ip6h; @@ -1085,11 +1085,10 @@ ndpi_process_packet(struct ndpi_net *n, struct nf_conn * ct, struct nf_ct_ext_nd } } if(0 && l_conf == NDPI_CONFIDENCE_UNKNOWN) { - if(low_ip > up_ip) { tmp_ip = low_ip; low_ip=up_ip; up_ip = tmp_ip; } - if(low_port > up_port) { tmp_port = low_port; low_port=up_port; up_port = tmp_port; } - *proto = ndpi_guess_undetected_protocol ( - n->ndpi_struct,flow,protocol,low_ip,low_port,up_ip,up_port); - if(_DBG_TRACE_GUESSED) + //if(low_ip > up_ip) { uint32_t tmp_ip = low_ip; low_ip=up_ip; up_ip = tmp_ip; } + //if(low_port > up_port) { uint16_t tmp_port = low_port; low_port=up_port; up_port = tmp_port; } + *proto = ndpi_guess_undetected_protocol (n->ndpi_struct,flow,protocol); + if(_DBG_TRACE_GUESSED) packet_trace(skb,ct,ct_ndpi," guess_undet "," [%d,%d]", proto->app_protocol,proto->master_protocol); } diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 0e894980dcf..66fd5252093 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -432,20 +432,12 @@ extern "C" { * @par ndpi_struct = the detection module * @par flow = the flow we're trying to guess, NULL if not available * @par proto = the l4 protocol number - * @par shost = source address in host byte order - * @par sport = source port number - * @par dhost = destination address in host byte order - * @par dport = destination port number * @return the struct ndpi_protocol that match the port base protocol * */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int8_t proto, - u_int32_t shost, - u_int16_t sport, - u_int32_t dhost, - u_int16_t dport); + u_int8_t proto); /** * Check if the string passed match with a protocol * @@ -992,6 +984,7 @@ extern "C" { int ndpi_get_custom_category_match(struct ndpi_detection_module_struct *ndpi_struct, char *name_or_ip, u_int name_len, ndpi_protocol_category_t *id); + void ndpi_self_check_host_match(FILE *error_out); #endif void ndpi_fill_protocol_category(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index ddd848a3ad7..d8f3d00f825 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -363,6 +363,8 @@ typedef enum { NDPI_PROTOCOL_TPLINK_SHP = 332, /* TP-LINK Smart Home Protocol */ NDPI_PROTOCOL_SOURCE_ENGINE = 333, NDPI_PROTOCOL_BACNET = 334, + NDPI_PROTOCOL_OICQ = 335, + NDPI_PROTOCOL_HOTS = 336, /* Heroes of the Storm */ #ifdef CUSTOM_NDPI_PROTOCOLS diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 53befb31eca..7676eaced10 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -46,8 +46,7 @@ ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports, u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t protocol, - u_int32_t saddr, u_int32_t daddr, - u_int16_t sport, u_int16_t dport); + u_int32_t saddr, u_int32_t daddr); void ndpi_bittorrent_init(struct ndpi_detection_module_struct *ndpi_struct, @@ -85,6 +84,7 @@ void init_hsrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); @@ -244,6 +244,7 @@ void init_merakicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct void init_tailscale_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_source_engine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_bacnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); /* ndpi_main.c */ extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index b0b8a4c7372..23932bb2ccd 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -86,6 +86,7 @@ libndpi_a_SOURCES = ndpi_content_match.c.inc \ protocols/halflife2_and_mods.c \ protocols/hpvirtgrp.c \ protocols/hsrp.c \ + protocols/hots.c \ protocols/http.c \ protocols/iax.c \ protocols/icecast.c \ @@ -131,6 +132,7 @@ libndpi_a_SOURCES = ndpi_content_match.c.inc \ protocols/noe.c \ protocols/non_tcp_udp.c \ protocols/ntp.c \ + protocols/oicq.c \ protocols/openvpn.c \ protocols/ookla.c \ protocols/oracle.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f613f029439..b6f21125ca3 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -739,20 +739,6 @@ static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) { /* ******************************************************************** */ -void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT which, const int depth) { - ndpi_default_ports_tree_node_t *f = *(ndpi_default_ports_tree_node_t **) node; - - printf("<%d>Walk on node %s (%u)\n", depth, - which == ndpi_preorder ? - "ndpi_preorder" : - which == ndpi_postorder ? - "ndpi_postorder" : - which == ndpi_endorder ? "ndpi_endorder" : which == ndpi_leaf ? "ndpi_leaf" : "unknown", - f->default_port); -} - -/* ******************************************************************** */ - static int addDefaultPort(struct ndpi_detection_module_struct *ndpi_str, ndpi_port_range *range, ndpi_proto_defaults_t *def, @@ -1028,17 +1014,20 @@ int ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_str, /* ******************************************************************** */ #ifndef __KERNEL__ -/* Self check function to be called onli for testing purposes */ -void ndpi_self_check_host_match() { +/* Self check function to be called only for testing purposes */ +void ndpi_self_check_host_match(FILE *error_out) { u_int32_t i, j; for(i = 0; host_match[i].string_to_match != NULL; i++) { for(j = 0; host_match[j].string_to_match != NULL; j++) { if((i != j) && (strcmp(host_match[i].string_to_match, host_match[j].string_to_match) == 0)) { - printf("[INTERNAL ERROR]: Duplicate string detected '%s' [id: %u, id %u]\n", - host_match[i].string_to_match, i, j); - printf("\nPlease fix host_match[] in ndpi_content_match.c.inc\n"); - exit(0); + if (error_out != NULL) { + fprintf(error_out, + "[NDPI] INTERNAL ERROR duplicate string detected '%s' [id: %u, id %u]\n", + host_match[i].string_to_match, i, j); + fprintf(error_out, "\nPlease fix host_match[] in ndpi_content_match.c.inc\n"); + } + abort(); } } } @@ -1049,39 +1038,40 @@ void ndpi_self_check_host_match() { #define XGRAMS_C 26 static int ndpi_xgrams_inited = 0; static unsigned int bigrams_bitmap[(XGRAMS_C*XGRAMS_C+31)/32]; -static unsigned int imposible_bigrams_bitmap[(XGRAMS_C*XGRAMS_C+31)/32]; +static unsigned int impossible_bigrams_bitmap[(XGRAMS_C*XGRAMS_C+31)/32]; static unsigned int trigrams_bitmap[(XGRAMS_C*XGRAMS_C*XGRAMS_C+31)/32]; - -static void ndpi_xgrams_init(unsigned int *dst,size_t dn, const char **src,size_t sn,unsigned int l) { -unsigned int i,j,c; - for(i=0;i < sn && src[i]; i++) { - for(j=0,c=0; j < l; j++) { - unsigned char a = (unsigned char)src[i][j]; - if(a < 'a' || a > 'z') { #ifndef __KERNEL__ - printf("%u: c%u %c\n",i,j,a); abort(); +#define xABORT abort() #else - continue; -#endif - } - c *= XGRAMS_C; - c += a - 'a'; - } - if(src[i][l]) { -#ifndef __KERNEL__ - printf("%u: c[%d] != 0\n",i,l); abort(); -#else - continue; +#define xABORT continue #endif + +static void ndpi_xgrams_init(struct ndpi_detection_module_struct *ndpi_str, + unsigned int *dst, size_t dn, + const char **src, size_t sn, + unsigned int l) +{ + unsigned int i,j,c; + for(i=0;i < sn && src[i]; i++) { + for(j=0,c=0; j < l; j++) { + unsigned char a = (unsigned char)src[i][j]; + if(a < 'a' || a > 'z') { + NDPI_LOG_ERR(ndpi_str, + "[NDPI] INTERNAL ERROR ndpi_xgrams_init %u: c%u %c\n", + i,j,a); + xABORT; + } + c *= XGRAMS_C; + c += a - 'a'; } - if((c >> 3) >= dn) { -#ifndef __KERNEL__ - abort(); -#else - continue; -#endif + if(src[i][l]) { + NDPI_LOG_ERR(ndpi_str, + "[NDPI] INTERNAL ERROR ndpi_xgrams_init %u: c[%d] != 0\n", + i,l); + xABORT; } + if((c >> 3) >= dn) xABORT; dst[c >> 5] |= 1u << (c & 0x1f); } } @@ -1133,12 +1123,12 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp if(!ndpi_xgrams_inited) { ndpi_xgrams_inited = 1; - ndpi_xgrams_init(bigrams_bitmap,sizeof(bigrams_bitmap), + ndpi_xgrams_init(ndpi_str,bigrams_bitmap,sizeof(bigrams_bitmap), ndpi_en_bigrams,sizeof(ndpi_en_bigrams)/sizeof(ndpi_en_bigrams[0]), 2); - ndpi_xgrams_init(imposible_bigrams_bitmap,sizeof(imposible_bigrams_bitmap), + ndpi_xgrams_init(ndpi_str,impossible_bigrams_bitmap,sizeof(impossible_bigrams_bitmap), ndpi_en_impossible_bigrams,sizeof(ndpi_en_impossible_bigrams)/sizeof(ndpi_en_impossible_bigrams[0]), 2); - ndpi_xgrams_init(trigrams_bitmap,sizeof(trigrams_bitmap), + ndpi_xgrams_init(ndpi_str,trigrams_bitmap,sizeof(trigrams_bitmap), ndpi_en_trigrams,sizeof(ndpi_en_trigrams)/sizeof(ndpi_en_trigrams[0]), 3); } } @@ -2262,6 +2252,14 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "BACnet", NDPI_PROTOCOL_CATEGORY_IOT_SCADA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 47808, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OICQ, + "OICQ", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 8000, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTS, + "Heroes_of_the_Storm", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); #ifdef CUSTOM_NDPI_PROTOCOLS @@ -5156,6 +5154,12 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { /* BACnet */ init_bacnet_dissector(ndpi_str, &a); + /* OICQ */ + init_oicq_dissector(ndpi_str, &a); + + /* Heroes of the Storm */ + init_hots_dissector(ndpi_str, &a); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif @@ -6468,9 +6472,7 @@ static void ndpi_add_connection_as_zoom(struct ndpi_detection_module_struct *ndp */ static void ndpi_check_tcp_flags(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { -#if 0 - printf("[TOTAL] %u / %u [tot: %u]\n", flow->packet_direction_complete_counter[0], flow->packet_direction_complete_counter[1], flow->all_packets_counter); -#endif + // printf("[TOTAL] %u / %u [tot: %u]\n", flow->packet_direction_complete_counter[0], flow->packet_direction_complete_counter[1], flow->all_packets_counter); if((flow->l4.tcp.cli2srv_tcp_flags & TH_SYN) && (flow->l4.tcp.srv2cli_tcp_flags & TH_RST) @@ -8169,11 +8171,7 @@ u_int16_t ndpi_get_upper_proto(ndpi_protocol proto) { /* ****************************************************** */ static ndpi_protocol ndpi_internal_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_str, - struct ndpi_flow_struct *flow, u_int8_t proto, - u_int32_t shost /* host byte order */, u_int16_t sport, - u_int32_t dhost /* host byte order */, u_int16_t dport) { - u_int32_t rc; - struct in_addr addr; + struct ndpi_flow_struct *flow, u_int8_t proto) { ndpi_protocol ret = NDPI_PROTOCOL_NULL; u_int8_t user_defined_proto; @@ -8181,82 +8179,33 @@ static ndpi_protocol ndpi_internal_guess_undetected_protocol(struct ndpi_detecti return(ret); #ifdef BITTORRENT_CACHE_DEBUG - printf("[%s:%u] ndpi_guess_undetected_protocol(%08X, %u, %08X, %u) [flow: %p]\n", - __FILE__, __LINE__, shost, sport, dhost, dport, flow); + printf("[%s:%u] [flow: %p] proto %u\n", __FILE__, __LINE__, flow, proto); #endif - if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { - rc = ndpi_search_tcp_or_udp_raw(ndpi_str, flow, proto, shost, dhost, sport, dport); - - if(rc != NDPI_PROTOCOL_UNKNOWN) { - if(flow && (proto == IPPROTO_UDP) && - NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) && is_udp_not_guessable_protocol(rc)) - ; - else { - ret.app_protocol = rc, - ret.master_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); - - if(ret.app_protocol == ret.master_protocol) - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; + if(flow && ((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP))) { -#ifndef __KERNEL__ -#ifdef BITTORRENT_CACHE_DEBUG - printf("[%s:%u] Guessed %u.%u\n", __FILE__, __LINE__, ret.master_protocol, ret.app_protocol); -#endif - - ret.category = ndpi_get_proto_category(ndpi_str, ret); -#endif - return(ret); - } - } - - rc = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); - if(rc != NDPI_PROTOCOL_UNKNOWN) { - if(flow && (proto == IPPROTO_UDP) && - NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) && is_udp_not_guessable_protocol(rc)) - ; - else { - ret.app_protocol = rc; - - if(rc == NDPI_PROTOCOL_TLS) - goto check_guessed_skype; - else { -#ifndef __KERNEL__ -#ifdef BITTORRENT_CACHE_DEBUG - printf("[%s:%u] Guessed %u.%u\n", __FILE__, __LINE__, ret.master_protocol, ret.app_protocol); -#endif - ret.category = ndpi_get_proto_category(ndpi_str, ret); -#endif - return(ret); - } + if(flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { + if(flow->guessed_protocol_id_by_ip != NDPI_PROTOCOL_UNKNOWN) { + ret.master_protocol = flow->guessed_protocol_id; + ret.app_protocol = flow->guessed_protocol_id_by_ip; + } else { + ret.app_protocol = flow->guessed_protocol_id; } + } else { + ret.app_protocol = flow->guessed_protocol_id_by_ip; } - if(ndpi_search_into_bittorrent_cache(ndpi_str, NULL /* flow */, - htonl(shost), htons(sport), - htonl(dhost), htons(dport))) { + if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && + !flow->is_ipv6 && /* TODO */ + ndpi_search_into_bittorrent_cache(ndpi_str, flow, + flow->c_address.v4, flow->c_port, + flow->s_address.v4, flow->s_port)) { /* This looks like BitTorrent */ ret.app_protocol = NDPI_PROTOCOL_BITTORRENT; -#ifndef __KERNEL__ - ret.category = ndpi_get_proto_category(ndpi_str, ret); -#ifdef BITTORRENT_CACHE_DEBUG - printf("[%s:%u] Guessed %u.%u\n", __FILE__, __LINE__, ret.master_protocol, ret.app_protocol); -#endif -#endif - return(ret); - } - - check_guessed_skype: - addr.s_addr = htonl(shost); - if(ndpi_network_ptree_match(ndpi_str, &addr) == NDPI_PROTOCOL_SKYPE_TEAMS) { - ret.app_protocol = NDPI_PROTOCOL_SKYPE_TEAMS; - } else { - addr.s_addr = htonl(dhost); - if(ndpi_network_ptree_match(ndpi_str, &addr) == NDPI_PROTOCOL_SKYPE_TEAMS) - ret.app_protocol = NDPI_PROTOCOL_SKYPE_TEAMS; } - } else - ret.app_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); + } else { + ret.app_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, 0, 0, &user_defined_proto); + } #ifndef __KERNEL__ ret.category = ndpi_get_proto_category(ndpi_str, ret); @@ -8271,11 +8220,8 @@ static ndpi_protocol ndpi_internal_guess_undetected_protocol(struct ndpi_detecti /* ****************************************************** */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_str, - struct ndpi_flow_struct *flow, u_int8_t proto, - u_int32_t shost /* host byte order */, u_int16_t sport, - u_int32_t dhost /* host byte order */, u_int16_t dport) { - ndpi_protocol p = ndpi_internal_guess_undetected_protocol(ndpi_str, flow, proto, - shost, sport, dhost, dport); + struct ndpi_flow_struct *flow, u_int8_t proto) { + ndpi_protocol p = ndpi_internal_guess_undetected_protocol(ndpi_str, flow, proto); p.master_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.master_protocol), p.app_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.app_protocol); @@ -8650,8 +8596,6 @@ void ndpi_generate_options(u_int opt) { printf("WARNING: option -a out of range\n"); break; } - - exit(0); } /* ****************************************************** */ @@ -8978,7 +8922,7 @@ int ndpi_match_bigram(const char *str) { } int ndpi_match_impossible_bigram(const char *str) { - return ndpi_match_xgram(imposible_bigrams_bitmap, 2, str); + return ndpi_match_xgram(impossible_bigrams_bitmap, 2, str); } /* ****************************************************** */ diff --git a/src/lib/ndpi_network_list_compile.h b/src/lib/ndpi_network_list_compile.h index 1a402375cc3..be673880d37 100644 --- a/src/lib/ndpi_network_list_compile.h +++ b/src/lib/ndpi_network_list_compile.h @@ -334,6 +334,8 @@ _P(NDPI_PROTOCOL_ELASTICSEARCH), _P(NDPI_PROTOCOL_TUYA_LP), _P(NDPI_PROTOCOL_TPLINK_SHP), _P(NDPI_PROTOCOL_SOURCE_ENGINE), -_P(NDPI_PROTOCOL_BACNET) +_P(NDPI_PROTOCOL_BACNET), +_P(NDPI_PROTOCOL_OICQ), +_P(NDPI_PROTOCOL_HOTS) }; diff --git a/src/lib/protocols/hots.c b/src/lib/protocols/hots.c new file mode 100644 index 00000000000..9dd25a8e829 --- /dev/null +++ b/src/lib/protocols/hots.c @@ -0,0 +1,75 @@ +/* + * hots.c + * + * Copyright (C) 2023 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HOTS + +#include "ndpi_api.h" + +static void ndpi_hots_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HOTS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + NDPI_LOG_INFO(ndpi_struct, "found Heroes of the Storm packet\n"); +} + +void ndpi_search_hots(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = ndpi_get_packet_struct(ndpi_struct); + int i, ports[4] = {1119, 1120, 3724, 6113}; + + NDPI_LOG_DBG(ndpi_struct, "search Heroes of the Storm\n"); + + for (i = 0; i < 4; i++) { + if (packet->udp->dest == ntohs(ports[i]) || packet->udp->source == ntohs(ports[i])) { + if (packet->payload_packet_len >= 20 && packet->payload_packet_len <= 122) { + if (packet->payload[14] == 0x40 && packet->payload[15] == 0x00) { + if ((packet->payload[2] == 0x03 && packet->payload[3] == 0x00) || + (packet->payload[2] == 0x34 && packet->payload[3] == 0x00) || + (packet->payload[0] == 0x00 && packet->payload[1] == 0x00 && packet->payload[2] == 0x00 && + packet->payload[3] == 0x00 && packet->payload[4] == 0x00 && packet->payload[5] == 0x00 && + packet->payload[6] == 0x00 && packet->payload[7] == 0x00 && packet->payload[8] == 0x00 && + packet->payload[9] == 0x00 && packet->payload[10] == 0x00 && packet->payload[11] == 0x00 && + packet->payload[12] == 0x00 && packet->payload[13] == 0x00)) { + ndpi_hots_add_connection(ndpi_struct, flow); + return; + } + } + } + break; + } + } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + + +void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id) +{ + ndpi_set_bitmask_protocol_detection("HOTS", ndpi_struct, *id, + NDPI_PROTOCOL_HOTS, + ndpi_search_hots, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, /* Only IPv4 UDP traffic is expected. */ + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} diff --git a/src/lib/protocols/oicq.c b/src/lib/protocols/oicq.c new file mode 100644 index 00000000000..204d2426811 --- /dev/null +++ b/src/lib/protocols/oicq.c @@ -0,0 +1,102 @@ +/* + * oicq.c + * + * OICQ / Tencent QQ + * + * Copyright (C) 2023 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OICQ + +#include "ndpi_api.h" + +PACK_ON +struct oicq_hdr { + uint8_t flag; + uint16_t version; + uint16_t command; + uint16_t sequence; +} PACK_OFF; + +static void ndpi_int_oicq_add_connection(struct ndpi_detection_module_struct * const ndpi_struct, + struct ndpi_flow_struct * const flow) +{ + NDPI_LOG_INFO(ndpi_struct, "found OICQ\n"); + + ndpi_set_detected_protocol(ndpi_struct, flow, + NDPI_PROTOCOL_OICQ, + NDPI_PROTOCOL_UNKNOWN, + NDPI_CONFIDENCE_DPI); +} + +/* ***************************************************** */ + +static void ndpi_search_oicq(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct const * const packet = ndpi_get_packet_struct(ndpi_struct); + struct oicq_hdr const * const hdr = (struct oicq_hdr *)&packet->payload[0]; + + NDPI_LOG_DBG(ndpi_struct, "search OICQ\n"); + + if (packet->payload_packet_len < sizeof(*hdr)) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + if (hdr->flag != 0x02) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + if (ntohs(hdr->version) != 0x3b0b) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + uint16_t command = ntohs(hdr->command); + if (command == 0x0000 || (command > 0x00b5 && command < 0x03f7) || + command > 0x03f7) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + ndpi_int_oicq_add_connection(ndpi_struct, flow); +} + +/* ***************************************************** */ + +void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id) +{ + ndpi_set_bitmask_protocol_detection("OICQ", ndpi_struct, *id, + NDPI_PROTOCOL_OICQ, + ndpi_search_oicq, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK + ); + + *id += 1; +} diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index 58ee07172f9..0f8aa021cb5 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -25,18 +25,11 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t protocol, - u_int32_t saddr, u_int32_t daddr, /* host endianess */ - u_int16_t sport, u_int16_t dport) /* host endianess */ + u_int32_t saddr, u_int32_t daddr) /* host endianess */ { u_int16_t rc; struct in_addr host; - if(protocol == IPPROTO_UDP) { - if((sport == dport) && (sport == 17500)) { - return(NDPI_PROTOCOL_DROPBOX); - } - } - if(flow) return(flow->guessed_protocol_id_by_ip); else { @@ -51,7 +44,6 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - u_int16_t sport, dport; u_int proto; struct ndpi_packet_struct *packet; @@ -59,10 +51,6 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st return; packet = ndpi_get_packet_struct(ndpi_struct); - - if(packet->udp) sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); - else if(packet->tcp) sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); - else sport = dport = 0; if(packet->iph /* IPv4 Only: we need to support packet->iphv6 at some point */) { proto = ndpi_search_tcp_or_udp_raw(ndpi_struct, @@ -70,8 +58,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st packet->iph ? packet->iph->protocol : packet->iphv6->ip6_hdr.ip6_un1_nxt, ntohl(packet->iph->saddr), - ntohl(packet->iph->daddr), - sport, dport); + ntohl(packet->iph->daddr)); if(proto != NDPI_PROTOCOL_UNKNOWN) ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_MATCH_BY_PORT); diff --git a/src/lib/third_party/include/uthash.h b/src/lib/third_party/include/uthash.h index 49c69df0301..b7dfe4d3b3c 100644 --- a/src/lib/third_party/include/uthash.h +++ b/src/lib/third_party/include/uthash.h @@ -118,7 +118,7 @@ do { /* malloc failures result in lost memory, hash tables are unusable */ #ifndef uthash_fatal -#define uthash_fatal(msg) exit(-1) /* fatal OOM error */ +#define uthash_fatal(msg) abort() /* fatal OOM error */ #endif #define HASH_RECORD_OOM(oomed) uthash_fatal("out of memory") @@ -513,7 +513,7 @@ do { */ #ifdef HASH_DEBUG #include /* fprintf, stderr */ -#define HASH_OOPS(...) do { fprintf(stderr, __VA_ARGS__); exit(-1); } while (0) +#define HASH_OOPS(...) do { fprintf(stderr, __VA_ARGS__); abort(); } while (0) #define HASH_FSCK(hh,head,where) \ do { \ struct UT_hash_handle *_thh; \ diff --git a/tests/cfgs/default/pcap/hots.pcapng b/tests/cfgs/default/pcap/hots.pcapng new file mode 100644 index 00000000000..abfeb6d419e Binary files /dev/null and b/tests/cfgs/default/pcap/hots.pcapng differ diff --git a/tests/cfgs/default/pcap/oicq.pcap b/tests/cfgs/default/pcap/oicq.pcap new file mode 100644 index 00000000000..a65c497f100 Binary files /dev/null and b/tests/cfgs/default/pcap/oicq.pcap differ diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index f73cab66669..3a88a1681a2 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -6,7 +6,7 @@ Confidence Unknown : 14 (flows) Confidence Match by port : 4 (flows) Confidence DPI (partial) : 2 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4445 (22.56 diss/flow) +Num dissector calls: 4469 (22.69 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/60/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/4in4tunnel.pcap.out b/tests/cfgs/default/result/4in4tunnel.pcap.out index 1049ca9b6df..4dbca8ef031 100644 --- a/tests/cfgs/default/result/4in4tunnel.pcap.out +++ b/tests/cfgs/default/result/4in4tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 5 (5.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 177 (177.00 diss/flow) +Num dissector calls: 179 (179.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/6in6tunnel.pcap.out b/tests/cfgs/default/result/6in6tunnel.pcap.out index 11c7ecda71d..9fa0607efe4 100644 --- a/tests/cfgs/default/result/6in6tunnel.pcap.out +++ b/tests/cfgs/default/result/6in6tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 123 (123.00 diss/flow) +Num dissector calls: 124 (124.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/EAQ.pcap.out b/tests/cfgs/default/result/EAQ.pcap.out index 5f11dc2ff3f..c4cb8816acb 100644 --- a/tests/cfgs/default/result/EAQ.pcap.out +++ b/tests/cfgs/default/result/EAQ.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 116 (4.00 pkts/flow) Confidence DPI : 31 (flows) -Num dissector calls: 4329 (139.65 diss/flow) +Num dissector calls: 4387 (141.52 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/adult_content.pcap.out b/tests/cfgs/default/result/adult_content.pcap.out index 7cd464b80c0..fdb4813b73e 100644 --- a/tests/cfgs/default/result/adult_content.pcap.out +++ b/tests/cfgs/default/result/adult_content.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 144 (144.00 diss/flow) +Num dissector calls: 146 (146.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index c8dcedf65f3..3af9229eb8a 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -8,7 +8,7 @@ Confidence Match by port : 5 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 60 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 874 (12.67 diss/flow) +Num dissector calls: 876 (12.70 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/27/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/collectd.pcap.out b/tests/cfgs/default/result/collectd.pcap.out index 3996213a26a..1a1a7674659 100644 --- a/tests/cfgs/default/result/collectd.pcap.out +++ b/tests/cfgs/default/result/collectd.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 13 (1.62 pkts/flow) Confidence Match by port : 3 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 401 (50.12 diss/flow) +Num dissector calls: 407 (50.88 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out index 35c47fa9b8a..86ecc23cf6b 100644 --- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out @@ -23,5 +23,5 @@ Patricia protocols: 2/2 (search/found) CustomProtocolA 3 222 1 CustomProtocolB 2 148 1 - 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.341/TLS.CustomProtocolA][IP: 341/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 342/CustomProtocolB][IP: 342/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.343/TLS.CustomProtocolA][IP: 343/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 344/CustomProtocolB][IP: 344/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out index 87f8e3c57c4..fe289bbcb57 100644 --- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out +++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 108 (108.00 diss/flow) +Num dissector calls: 110 (110.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out index fd5d7eddec8..8bcd2b66866 100644 --- a/tests/cfgs/default/result/discord.pcap.out +++ b/tests/cfgs/default/result/discord.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) DPI Packets (UDP): 60 (1.82 pkts/flow) Confidence DPI : 34 (flows) -Num dissector calls: 3985 (117.21 diss/flow) +Num dissector calls: 4039 (118.79 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord_mid_flow.pcap.out b/tests/cfgs/default/result/discord_mid_flow.pcap.out index ef504c43cce..8e0e210932a 100644 --- a/tests/cfgs/default/result/discord_mid_flow.pcap.out +++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 145 (145.00 diss/flow) +Num dissector calls: 147 (147.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out index 657329cb72c..17089cbe83b 100644 --- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 256 (1.04 pkts/flow) Confidence DPI : 245 (flows) -Num dissector calls: 20792 (84.87 diss/flow) +Num dissector calls: 20814 (84.96 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/513/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v2.pcap.out b/tests/cfgs/default/result/dnscrypt-v2.pcap.out index b2dd5dccec2..df9656e7c72 100644 --- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 372 (124.00 diss/flow) +Num dissector calls: 378 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out index 413a04d7fed..e9347fc51eb 100644 --- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 125 (125.00 diss/flow) +Num dissector calls: 127 (127.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index dd68154be0f..5958d60fbeb 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5433 (21.65 diss/flow) +Num dissector calls: 5499 (21.91 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/180/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out index 3714b7c90f2..a5302a4aad8 100644 --- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Unknown : 19 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 55 (flows) -Num dissector calls: 1789 (23.23 diss/flow) +Num dissector calls: 1821 (23.65 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/66/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index 33e657a34ac..cc841d07e97 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 591 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 167 (flows) -Num dissector calls: 67170 (88.38 diss/flow) +Num dissector calls: 68194 (89.73 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/1779/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gtp_false_positive.pcapng.out b/tests/cfgs/default/result/gtp_false_positive.pcapng.out index 04c7c1d3168..c501f03dcda 100644 --- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out +++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 7 (2.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) -Num dissector calls: 397 (132.33 diss/flow) +Num dissector calls: 403 (134.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/h323.pcap.out b/tests/cfgs/default/result/h323.pcap.out index eccbc0b9023..85749d4ea00 100644 --- a/tests/cfgs/default/result/h323.pcap.out +++ b/tests/cfgs/default/result/h323.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 2 (2.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 226 (113.00 diss/flow) +Num dissector calls: 228 (114.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/hots.pcapng.out b/tests/cfgs/default/result/hots.pcapng.out new file mode 100644 index 00000000000..0c3c9359c26 --- /dev/null +++ b/tests/cfgs/default/result/hots.pcapng.out @@ -0,0 +1,27 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 3 (1.00 pkts/flow) +Confidence DPI : 3 (flows) +Num dissector calls: 330 (110.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 6/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia protocols: 5/3 (search/found) + +Heroes_of_the_Storm 100 10145 3 + + 1 UDP 24.105.57.16:3724 -> 192.168.0.73:50609 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][40 pkts/4753 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][1.26 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 32/0 62/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 119/0 164/0 34/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 22,0,47,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 24.105.57.183:1119 -> 192.168.0.73:50609 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][25 pkts/2978 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][0.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6/0 38/0 63/0 22/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 119/0 158/0 21/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 4,24,40,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.0.73:54598 <-> 24.105.56.13:3724 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/908 bytes <-> 21 pkts/1506 bytes][Goodput ratio: 35/41][92.43 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/17 42/51 66/63 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 65/72 66/74 2/5][Plen Bins: 51,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index f7de1a5f477..ca3f8dadea3 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (5.92 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 7 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 146 (9.73 diss/flow) +Num dissector calls: 147 (9.80 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/21/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/imo.pcap.out b/tests/cfgs/default/result/imo.pcap.out index fee86270f35..d61bc342e14 100644 --- a/tests/cfgs/default/result/imo.pcap.out +++ b/tests/cfgs/default/result/imo.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 7 (3.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 288 (144.00 diss/flow) +Num dissector calls: 292 (146.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out index 4c16e3fa0a1..5f6d1790632 100644 --- a/tests/cfgs/default/result/instagram.pcap.out +++ b/tests/cfgs/default/result/instagram.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1768 (46.53 diss/flow) +Num dissector calls: 1770 (46.58 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out index e45e30062a5..1285b43c77d 100644 --- a/tests/cfgs/default/result/iphone.pcap.out +++ b/tests/cfgs/default/result/iphone.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 55 (1.77 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 50 (flows) -Num dissector calls: 348 (6.82 diss/flow) +Num dissector calls: 350 (6.86 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/kontiki.pcap.out b/tests/cfgs/default/result/kontiki.pcap.out index 0949e44dfc9..7603abb5826 100644 --- a/tests/cfgs/default/result/kontiki.pcap.out +++ b/tests/cfgs/default/result/kontiki.pcap.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 320 (40.00 diss/flow) +Num dissector calls: 324 (40.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/line.pcap.out b/tests/cfgs/default/result/line.pcap.out index 54f0a8bb818..d592f960be2 100644 --- a/tests/cfgs/default/result/line.pcap.out +++ b/tests/cfgs/default/result/line.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 13 (6.50 pkts/flow) DPI Packets (UDP): 40 (13.33 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 719 (143.80 diss/flow) +Num dissector calls: 725 (145.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/linecall_falsepositve.pcap.out b/tests/cfgs/default/result/linecall_falsepositve.pcap.out index 139dafcca0a..a3db567220f 100644 --- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out +++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 25 (25.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 299 (299.00 diss/flow) +Num dissector calls: 301 (301.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out index af7b0573ea8..67e9ff4ff9b 100644 --- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 42 (4.67 pkts/flow) Confidence Unknown : 4 (flows) Confidence DPI (cache) : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 1240 (103.33 diss/flow) +Num dissector calls: 1248 (104.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/nintendo.pcap.out b/tests/cfgs/default/result/nintendo.pcap.out index ec989544b44..6b6c8adf80e 100644 --- a/tests/cfgs/default/result/nintendo.pcap.out +++ b/tests/cfgs/default/result/nintendo.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 15 (flows) Confidence Match by IP : 5 (flows) -Num dissector calls: 1270 (60.48 diss/flow) +Num dissector calls: 1280 (60.95 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/18/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/oicq.pcap.out b/tests/cfgs/default/result/oicq.pcap.out new file mode 100644 index 00000000000..a5b5fd92a0f --- /dev/null +++ b/tests/cfgs/default/result/oicq.pcap.out @@ -0,0 +1,53 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 29 (1.00 pkts/flow) +Confidence DPI : 29 (flows) +Num dissector calls: 29 (1.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 58/0 (search/found) +Patricia risk: 58/0 (search/found) +Patricia protocols: 58/0 (search/found) + +OICQ 29 2542 29 + + 1 UDP 90.147.69.210:54233 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 90.147.69.210:59802 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 90.147.69.210:60434 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 90.147.69.210:61163 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 90.147.69.210:63120 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 90.147.69.210:64415 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 90.147.69.210:49199 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 90.147.69.210:49340 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 90.147.69.210:50315 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 90.147.69.210:51884 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 90.147.69.210:52663 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 90.147.69.210:52991 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 90.147.69.210:54462 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 90.147.69.210:55338 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 UDP 90.147.69.210:55774 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 90.147.69.210:56476 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 90.147.69.210:57677 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 90.147.69.210:57872 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 90.147.69.210:58434 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 90.147.69.210:58797 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 90.147.69.210:59394 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 90.147.69.210:60213 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 90.147.69.210:60288 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 UDP 90.147.69.210:60436 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 UDP 90.147.69.210:61686 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 90.147.69.210:64420 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 UDP 90.147.69.210:64916 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 UDP 90.147.69.210:65163 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 UDP 90.147.69.210:65276 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out index 9038a50ec15..2dc85fc95b2 100644 --- a/tests/cfgs/default/result/openvpn.pcap.out +++ b/tests/cfgs/default/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 390 (130.00 diss/flow) +Num dissector calls: 394 (131.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out index 344b5419c33..48fbbe613ce 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (1.33 pkts/flow) DPI Packets (UDP): 13 (3.25 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 698 (69.80 diss/flow) +Num dissector calls: 704 (70.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/15/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out index 85e84e650a0..224f7ae37d0 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 3 (flows) -Num dissector calls: 483 (120.75 diss/flow) +Num dissector calls: 487 (121.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out index ad3044e91fb..bddc0ff70d2 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 126 (126.00 diss/flow) +Num dissector calls: 128 (128.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out index 6654be33aaa..58985da3cb0 100644 --- a/tests/cfgs/default/result/pps.pcap.out +++ b/tests/cfgs/default/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 196 (4.45 pkts/flow) Confidence Unknown : 29 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 5826 (54.45 diss/flow) +Num dissector calls: 5884 (54.99 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/93/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index 3326eb0dc5d..b79c74f6502 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 12 (1.20 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 9 (flows) -Num dissector calls: 212 (21.20 diss/flow) +Num dissector calls: 214 (21.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out index bd86ca808ac..0361810194e 100644 --- a/tests/cfgs/default/result/quic_0RTT.pcap.out +++ b/tests/cfgs/default/result/quic_0RTT.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 187 (93.50 diss/flow) +Num dissector calls: 189 (94.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/radius_false_positive.pcapng.out b/tests/cfgs/default/result/radius_false_positive.pcapng.out index 826b9e598b8..8111546e84d 100644 --- a/tests/cfgs/default/result/radius_false_positive.pcapng.out +++ b/tests/cfgs/default/result/radius_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 10 (10.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 202 (202.00 diss/flow) +Num dissector calls: 203 (203.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/raknet.pcap.out b/tests/cfgs/default/result/raknet.pcap.out index cd0bfaf3a46..83bfa352374 100644 --- a/tests/cfgs/default/result/raknet.pcap.out +++ b/tests/cfgs/default/result/raknet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 24 (2.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1416 (118.00 diss/flow) +Num dissector calls: 1428 (119.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rx.pcap.out b/tests/cfgs/default/result/rx.pcap.out index c9d2de1a06e..1356a2f550e 100644 --- a/tests/cfgs/default/result/rx.pcap.out +++ b/tests/cfgs/default/result/rx.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 617 (123.40 diss/flow) +Num dissector calls: 627 (125.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sflow.pcap.out b/tests/cfgs/default/result/sflow.pcap.out index 892c6b491f1..e625c8a7049 100644 --- a/tests/cfgs/default/result/sflow.pcap.out +++ b/tests/cfgs/default/result/sflow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 109 (109.00 diss/flow) +Num dissector calls: 111 (111.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sip_hello.pcapng.out b/tests/cfgs/default/result/sip_hello.pcapng.out index 5760405c0b6..fe9006a3303 100644 --- a/tests/cfgs/default/result/sip_hello.pcapng.out +++ b/tests/cfgs/default/result/sip_hello.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 205 (205.00 diss/flow) +Num dissector calls: 207 (207.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skype_udp.pcap.out b/tests/cfgs/default/result/skype_udp.pcap.out index 89bbcd16641..f26093a3cb1 100644 --- a/tests/cfgs/default/result/skype_udp.pcap.out +++ b/tests/cfgs/default/result/skype_udp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 124 (124.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/softether.pcap.out b/tests/cfgs/default/result/softether.pcap.out index e442f653f18..e2a773a60ca 100644 --- a/tests/cfgs/default/result/softether.pcap.out +++ b/tests/cfgs/default/result/softether.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 31 (10.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 367 (91.75 diss/flow) +Num dissector calls: 371 (92.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index 2c6a2fb44e6..47d9ad068f4 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -7,7 +7,7 @@ Confidence Match by port : 8 (flows) Confidence DPI (partial) : 4 (flows) Confidence DPI : 39 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1426 (27.42 diss/flow) +Num dissector calls: 1436 (27.62 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/39/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out index b3d46e76c0f..c238967862f 100644 --- a/tests/cfgs/default/result/stun.pcap.out +++ b/tests/cfgs/default/result/stun.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 13 (4.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 578 (144.50 diss/flow) +Num dissector calls: 583 (145.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/stun_signal.pcapng.out b/tests/cfgs/default/result/stun_signal.pcapng.out index a158125bdba..da6a7ed094b 100644 --- a/tests/cfgs/default/result/stun_signal.pcapng.out +++ b/tests/cfgs/default/result/stun_signal.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 72 (3.43 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 22 (flows) -Num dissector calls: 2315 (100.65 diss/flow) +Num dissector calls: 2345 (101.96 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out index 12f5f914e15..525e650d992 100644 --- a/tests/cfgs/default/result/synscan.pcap.out +++ b/tests/cfgs/default/result/synscan.pcap.out @@ -124,7 +124,7 @@ iSCSI 2 116 2 44 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 335/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 337/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 172.16.0.8:36050 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -188,7 +188,7 @@ iSCSI 2 116 2 108 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 109 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 111 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 335/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 111 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 337/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 113 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 114 TCP 172.16.0.8:36051 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index 2afdcc16c1a..21b48ce7ac9 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI (partial) : 2 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 594 (7.16 diss/flow) +Num dissector calls: 596 (7.18 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamspeak3.pcap.out b/tests/cfgs/default/result/teamspeak3.pcap.out index 5c12584ab58..c3082455cb2 100644 --- a/tests/cfgs/default/result/teamspeak3.pcap.out +++ b/tests/cfgs/default/result/teamspeak3.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 198 (99.00 diss/flow) +Num dissector calls: 200 (100.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamviewer.pcap.out b/tests/cfgs/default/result/teamviewer.pcap.out index 27a898acdf6..8b8ac7925a6 100644 --- a/tests/cfgs/default/result/teamviewer.pcap.out +++ b/tests/cfgs/default/result/teamviewer.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 152 (76.00 diss/flow) +Num dissector calls: 154 (77.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out index 3a8ef4d46fc..eceb9e0ef6a 100644 --- a/tests/cfgs/default/result/telegram.pcap.out +++ b/tests/cfgs/default/result/telegram.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 5 DPI Packets (UDP): 93 (1.94 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 46 (flows) -Num dissector calls: 1584 (33.00 diss/flow) +Num dissector calls: 1588 (33.08 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tftp.pcap.out b/tests/cfgs/default/result/tftp.pcap.out index 976b9b3216a..36b7b892902 100644 --- a/tests/cfgs/default/result/tftp.pcap.out +++ b/tests/cfgs/default/result/tftp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 13 (1.86 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 313 (44.71 diss/flow) +Num dissector calls: 317 (45.29 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/toca-boca.pcap.out b/tests/cfgs/default/result/toca-boca.pcap.out index 580d96cd5a4..621c28b328e 100644 --- a/tests/cfgs/default/result/toca-boca.pcap.out +++ b/tests/cfgs/default/result/toca-boca.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (UDP): 21 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 17 (flows) -Num dissector calls: 449 (21.38 diss/flow) +Num dissector calls: 457 (21.76 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index a6a085fc9b0..8f76ea73816 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 518 (17.86 diss/flow) +Num dissector calls: 520 (17.93 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index 028624e68b0..84ed8af8d25 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -6,7 +6,7 @@ Confidence Match by port : 1 (flows) Confidence DPI (partial) : 2 (flows) Confidence DPI : 53 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 319 (5.60 diss/flow) +Num dissector calls: 321 (5.63 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index 4772a960a8f..2f439e9122d 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 44 (3.14 pkts/flow) Confidence Match by port : 13 (flows) Confidence DPI (partial) : 8 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 570 (12.95 diss/flow) +Num dissector calls: 574 (13.05 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/63/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/wireguard.pcap.out b/tests/cfgs/default/result/wireguard.pcap.out index 485a98f2fdf..b47f850717c 100644 --- a/tests/cfgs/default/result/wireguard.pcap.out +++ b/tests/cfgs/default/result/wireguard.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (3.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 257 (128.50 diss/flow) +Num dissector calls: 261 (130.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom2.pcap.out b/tests/cfgs/default/result/zoom2.pcap.out index 7d66ebc7480..45d5eb3b4eb 100644 --- a/tests/cfgs/default/result/zoom2.pcap.out +++ b/tests/cfgs/default/result/zoom2.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 8 (8.00 pkts/flow) DPI Packets (UDP): 15 (5.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 488 (97.60 diss/flow) +Num dissector calls: 494 (98.80 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 1/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom_p2p.pcapng.out b/tests/cfgs/default/result/zoom_p2p.pcapng.out index 64973bc4c84..05a970529b8 100644 --- a/tests/cfgs/default/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 88 (8.80 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial cache): 4 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 1095 (91.25 diss/flow) +Num dissector calls: 1103 (91.92 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out index 7bd62339d05..2854544befc 100644 --- a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out +++ b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 124 (124.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out index d8c9e5e5125..75681a54d99 100644 --- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 20 (20.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 260 (260.00 diss/flow) +Num dissector calls: 262 (262.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj index e33fd5981fe..0c831dc3b75 100644 --- a/windows/nDPI.vcxproj +++ b/windows/nDPI.vcxproj @@ -233,6 +233,7 @@ + @@ -261,6 +262,7 @@ +