From 032e778a6dc1ee2173c4cdb2c671180c5b5df245 Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Wed, 12 Apr 2023 14:39:10 +0200 Subject: [PATCH 1/6] Simplify `ndpi_internal_guess_undetected_protocol()` (#1941) `ndpi_guess_undetected_protocol()/ndpi_internal_guess_undetected_protocol()` is a strange function: * it is exported by the library and it is actively used by `ntopng` * it is intrinsecally ipv4-only * it returns basically something like "classification_by_ip"/"classification_by_port" (these information have already been calculated in `ndpi_do_guess()`...) * it access the bittorrent LRU caches (similarly to `ndpi_detection_giveup()` but without all the other caches...) So: * make the interface IPv4/6 agnostic * use the classifications already available This work will allow to make the Bittorrent caches IPV6-aware (see 81e1ea5). Handle Dropbox classification "by-port" in the "standard" way. --- fuzz/fuzz_config.cpp | 9 ++-- src/include/ndpi_api.h | 10 +--- src/include/ndpi_protocols.h | 3 +- src/lib/ndpi_main.c | 95 ++++++++---------------------------- src/lib/protocols/tcp_udp.c | 17 +------ 5 files changed, 28 insertions(+), 106 deletions(-) diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index 2e0a27ff4c0..177266ba782 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -156,14 +156,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_flow_risk_info(&flow, out, sizeof(out), 1); ndpi_get_flow_ndpi_proto(ndpi_info_mod, &flow, &p2); ndpi_is_proto(p, NDPI_PROTOCOL_TLS); - /* ndpi_guess_undetected_protocol() is a "strange" function (since is ipv4 only) - but it is exported by the library and it is used by ntopng. Try fuzzing it, here */ + /* ndpi_guess_undetected_protocol() is a "strange" function. Try fuzzing it, here */ if(!ndpi_is_protocol_detected(ndpi_info_mod, p)) { + ndpi_guess_undetected_protocol(ndpi_info_mod, bool_value ? &flow : NULL, + flow.l4_proto); if(!flow.is_ipv6) { - ndpi_guess_undetected_protocol(ndpi_info_mod, bool_value ? &flow : NULL, - flow.l4_proto, - flow.c_address.v4, flow.s_address.v4, - flow.c_port, flow.s_port); /* Another "strange" function (ipv4 only): fuzz it here, for lack of a better alternative */ ndpi_find_ipv4_category_userdata(ndpi_info_mod, flow.c_address.v4); } diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 2edcd69ad13..16dc2014df1 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -427,20 +427,12 @@ extern "C" { * @par ndpi_struct = the detection module * @par flow = the flow we're trying to guess, NULL if not available * @par proto = the l4 protocol number - * @par shost = source address in host byte order - * @par sport = source port number - * @par dhost = destination address in host byte order - * @par dport = destination port number * @return the struct ndpi_protocol that match the port base protocol * */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int8_t proto, - u_int32_t shost, - u_int16_t sport, - u_int32_t dhost, - u_int16_t dport); + u_int8_t proto); /** * Check if the string passed match with a protocol * diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index d549fef4743..091d281aeb5 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -46,8 +46,7 @@ ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports, u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t protocol, - u_int32_t saddr, u_int32_t daddr, - u_int16_t sport, u_int16_t dport); + u_int32_t saddr, u_int32_t daddr); void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index cf953765e1b..763538e9633 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -7848,11 +7848,7 @@ u_int16_t ndpi_get_upper_proto(ndpi_protocol proto) { /* ****************************************************** */ static ndpi_protocol ndpi_internal_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_str, - struct ndpi_flow_struct *flow, u_int8_t proto, - u_int32_t shost /* host byte order */, u_int16_t sport, - u_int32_t dhost /* host byte order */, u_int16_t dport) { - u_int32_t rc; - struct in_addr addr; + struct ndpi_flow_struct *flow, u_int8_t proto) { ndpi_protocol ret = NDPI_PROTOCOL_NULL; u_int8_t user_defined_proto; @@ -7860,79 +7856,33 @@ static ndpi_protocol ndpi_internal_guess_undetected_protocol(struct ndpi_detecti return(ret); #ifdef BITTORRENT_CACHE_DEBUG - printf("[%s:%u] ndpi_guess_undetected_protocol(%08X, %u, %08X, %u) [flow: %p]\n", - __FILE__, __LINE__, shost, sport, dhost, dport, flow); + printf("[%s:%u] [flow: %p] proto %u\n", __FILE__, __LINE__, flow, proto); #endif - if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { - rc = ndpi_search_tcp_or_udp_raw(ndpi_str, flow, proto, shost, dhost, sport, dport); + if(flow && ((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP))) { - if(rc != NDPI_PROTOCOL_UNKNOWN) { - if(flow && (proto == IPPROTO_UDP) && - NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) && is_udp_not_guessable_protocol(rc)) - ; - else { - ret.app_protocol = rc, - ret.master_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); - - if(ret.app_protocol == ret.master_protocol) - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; - -#ifdef BITTORRENT_CACHE_DEBUG - printf("[%s:%u] Guessed %u.%u\n", __FILE__, __LINE__, ret.master_protocol, ret.app_protocol); -#endif - - ret.category = ndpi_get_proto_category(ndpi_str, ret); - return(ret); - } - } - - rc = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); - if(rc != NDPI_PROTOCOL_UNKNOWN) { - if(flow && (proto == IPPROTO_UDP) && - NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, rc) && is_udp_not_guessable_protocol(rc)) - ; - else { - ret.app_protocol = rc; - - if(rc == NDPI_PROTOCOL_TLS) - goto check_guessed_skype; - else { -#ifdef BITTORRENT_CACHE_DEBUG - printf("[%s:%u] Guessed %u.%u\n", __FILE__, __LINE__, ret.master_protocol, ret.app_protocol); -#endif - - ret.category = ndpi_get_proto_category(ndpi_str, ret); - return(ret); - } + if(flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { + if(flow->guessed_protocol_id_by_ip != NDPI_PROTOCOL_UNKNOWN) { + ret.master_protocol = flow->guessed_protocol_id; + ret.app_protocol = flow->guessed_protocol_id_by_ip; + } else { + ret.app_protocol = flow->guessed_protocol_id; } + } else { + ret.app_protocol = flow->guessed_protocol_id_by_ip; } - if(ndpi_search_into_bittorrent_cache(ndpi_str, NULL /* flow */, - htonl(shost), htons(sport), - htonl(dhost), htons(dport))) { + if(ret.app_protocol == NDPI_PROTOCOL_UNKNOWN && + !flow->is_ipv6 && /* TODO */ + ndpi_search_into_bittorrent_cache(ndpi_str, flow, + flow->c_address.v4, flow->c_port, + flow->s_address.v4, flow->s_port)) { /* This looks like BitTorrent */ ret.app_protocol = NDPI_PROTOCOL_BITTORRENT; - ret.category = ndpi_get_proto_category(ndpi_str, ret); - -#ifdef BITTORRENT_CACHE_DEBUG - printf("[%s:%u] Guessed %u.%u\n", __FILE__, __LINE__, ret.master_protocol, ret.app_protocol); -#endif - - return(ret); - } - - check_guessed_skype: - addr.s_addr = htonl(shost); - if(ndpi_network_ptree_match(ndpi_str, &addr) == NDPI_PROTOCOL_SKYPE_TEAMS) { - ret.app_protocol = NDPI_PROTOCOL_SKYPE_TEAMS; - } else { - addr.s_addr = htonl(dhost); - if(ndpi_network_ptree_match(ndpi_str, &addr) == NDPI_PROTOCOL_SKYPE_TEAMS) - ret.app_protocol = NDPI_PROTOCOL_SKYPE_TEAMS; } - } else - ret.app_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, sport, dport, &user_defined_proto); + } else { + ret.app_protocol = ndpi_guess_protocol_id(ndpi_str, flow, proto, 0, 0, &user_defined_proto); + } ret.category = ndpi_get_proto_category(ndpi_str, ret); @@ -7946,11 +7896,8 @@ static ndpi_protocol ndpi_internal_guess_undetected_protocol(struct ndpi_detecti /* ****************************************************** */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_str, - struct ndpi_flow_struct *flow, u_int8_t proto, - u_int32_t shost /* host byte order */, u_int16_t sport, - u_int32_t dhost /* host byte order */, u_int16_t dport) { - ndpi_protocol p = ndpi_internal_guess_undetected_protocol(ndpi_str, flow, proto, - shost, sport, dhost, dport); + struct ndpi_flow_struct *flow, u_int8_t proto) { + ndpi_protocol p = ndpi_internal_guess_undetected_protocol(ndpi_str, flow, proto); p.master_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.master_protocol), p.app_protocol = ndpi_map_ndpi_id_to_user_proto_id(ndpi_str, p.app_protocol); diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index ec49e63bae5..473260adf5e 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -25,18 +25,11 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t protocol, - u_int32_t saddr, u_int32_t daddr, /* host endianess */ - u_int16_t sport, u_int16_t dport) /* host endianess */ + u_int32_t saddr, u_int32_t daddr) /* host endianess */ { u_int16_t rc; struct in_addr host; - if(protocol == IPPROTO_UDP) { - if((sport == dport) && (sport == 17500)) { - return(NDPI_PROTOCOL_DROPBOX); - } - } - if(flow) return(flow->guessed_protocol_id_by_ip); else { @@ -51,7 +44,6 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - u_int16_t sport, dport; u_int proto; struct ndpi_packet_struct *packet; @@ -59,10 +51,6 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st return; packet = &ndpi_struct->packet; - - if(packet->udp) sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); - else if(packet->tcp) sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); - else sport = dport = 0; if(packet->iph /* IPv4 Only: we need to support packet->iphv6 at some point */) { proto = ndpi_search_tcp_or_udp_raw(ndpi_struct, @@ -70,8 +58,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st packet->iph ? packet->iph->protocol : packet->iphv6->ip6_hdr.ip6_un1_nxt, ntohl(packet->iph->saddr), - ntohl(packet->iph->daddr), - sport, dport); + ntohl(packet->iph->daddr)); if(proto != NDPI_PROTOCOL_UNKNOWN) ndpi_set_detected_protocol(ndpi_struct, flow, proto, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_MATCH_BY_PORT); From ba993300311158c79c4880a621e43684d4b4a03d Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Fri, 14 Apr 2023 11:17:37 +0200 Subject: [PATCH 2/6] ndpiReader: fix flow stats (#1943) --- example/ndpiReader.c | 2 +- example/reader_util.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 38da4e842e5..05f362ce909 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -818,7 +818,7 @@ static void parseOptions(int argc, char **argv) { for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++) aggressiveness[i] = -1; /* Use the default value */ - while((opt = getopt_long(argc, argv, "a:Ab:B:e:Ec:C:dDf:g:i:Ij:k:K:S:hHp:pP:l:r:s:tu:v:V:n:rp:x:w:zZ:q0123:456:7:89:m:MT:U:", + while((opt = getopt_long(argc, argv, "a:Ab:B:e:Ec:C:dDFf:g:i:Ij:k:K:S:hHp:pP:l:r:s:tu:v:V:n:rp:x:w:zZ:q0123:456:7:89:m:MT:U:", longopts, &option_idx)) != EOF) { #ifdef DEBUG_TRACE if(trace) fprintf(trace, " #### Handling option -%c [%s] #### \n", opt, optarg ? optarg : ""); diff --git a/example/reader_util.c b/example/reader_util.c index 3395153b024..18059f7942b 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -983,7 +983,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow *src_to_dst_direction = 1; } if(enable_flow_stats) { - if(src_to_dst_direction) { + if(*src_to_dst_direction) { if(rflow->entropy->src2dst_pkt_count < max_num_packets_per_flow) { rflow->entropy->src2dst_pkt_len[rflow->entropy->src2dst_pkt_count] = l4_data_len; rflow->entropy->src2dst_pkt_time[rflow->entropy->src2dst_pkt_count] = when; From 85751ba9d7a67dfcb371d71803432918d70e2f3c Mon Sep 17 00:00:00 2001 From: Toni Date: Fri, 21 Apr 2023 11:30:10 +0200 Subject: [PATCH 3/6] Added OICQ dissector. (#1950) Signed-off-by: lns Signed-off-by: Toni Uhlig --- src/include/ndpi_protocol_ids.h | 1 + src/include/ndpi_protocols.h | 1 + src/lib/ndpi_main.c | 7 ++ src/lib/protocols/oicq.c | 102 ++++++++++++++++++ tests/cfgs/default/pcap/oicq.pcap | Bin 0 -> 3030 bytes tests/cfgs/default/result/1kxun.pcap.out | 2 +- tests/cfgs/default/result/4in4tunnel.pcap.out | 2 +- tests/cfgs/default/result/6in6tunnel.pcap.out | 2 +- tests/cfgs/default/result/EAQ.pcap.out | 2 +- .../default/result/adult_content.pcap.out | 2 +- .../default/result/anyconnect-vpn.pcap.out | 2 +- tests/cfgs/default/result/collectd.pcap.out | 2 +- ...om_rules_same-ip_multiple_ports.pcapng.out | 4 +- .../cfgs/default/result/dhcp-fuzz.pcapng.out | 2 +- tests/cfgs/default/result/discord.pcap.out | 2 +- .../default/result/discord_mid_flow.pcap.out | 2 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 2 +- .../cfgs/default/result/dnscrypt-v2.pcap.out | 2 +- .../dnscrypt_skype_false_positive.pcapng.out | 2 +- .../result/fuzz-2006-06-26-2594.pcap.out | 2 +- .../result/fuzz-2020-02-16-11740.pcap.out | 2 +- tests/cfgs/default/result/gnutella.pcap.out | 2 +- .../result/gtp_false_positive.pcapng.out | 2 +- tests/cfgs/default/result/h323.pcap.out | 2 +- tests/cfgs/default/result/http_ipv6.pcap.out | 2 +- tests/cfgs/default/result/imo.pcap.out | 2 +- tests/cfgs/default/result/instagram.pcap.out | 2 +- tests/cfgs/default/result/iphone.pcap.out | 2 +- tests/cfgs/default/result/kontiki.pcap.out | 2 +- tests/cfgs/default/result/line.pcap.out | 2 +- .../result/linecall_falsepositve.pcap.out | 2 +- .../default/result/lru_ipv6_caches.pcapng.out | 2 +- tests/cfgs/default/result/nintendo.pcap.out | 2 +- tests/cfgs/default/result/oicq.pcap.out | 53 +++++++++ tests/cfgs/default/result/openvpn.pcap.out | 2 +- .../ossfuzz_seed_fake_traces_1.pcapng.out | 2 +- .../ossfuzz_seed_fake_traces_2.pcapng.out | 2 +- .../ossfuzz_seed_fake_traces_4.pcapng.out | 2 +- tests/cfgs/default/result/pps.pcap.out | 2 +- tests/cfgs/default/result/quic.pcap.out | 2 +- tests/cfgs/default/result/quic_0RTT.pcap.out | 2 +- .../result/radius_false_positive.pcapng.out | 2 +- tests/cfgs/default/result/raknet.pcap.out | 2 +- tests/cfgs/default/result/rx.pcap.out | 2 +- tests/cfgs/default/result/sflow.pcap.out | 2 +- .../cfgs/default/result/sip_hello.pcapng.out | 2 +- tests/cfgs/default/result/skype_udp.pcap.out | 2 +- tests/cfgs/default/result/softether.pcap.out | 2 +- .../default/result/starcraft_battle.pcap.out | 2 +- tests/cfgs/default/result/stun.pcap.out | 2 +- .../default/result/stun_signal.pcapng.out | 2 +- tests/cfgs/default/result/synscan.pcap.out | 4 +- tests/cfgs/default/result/teams.pcap.out | 2 +- tests/cfgs/default/result/teamspeak3.pcap.out | 2 +- tests/cfgs/default/result/teamviewer.pcap.out | 2 +- tests/cfgs/default/result/telegram.pcap.out | 2 +- tests/cfgs/default/result/tftp.pcap.out | 2 +- tests/cfgs/default/result/toca-boca.pcap.out | 2 +- tests/cfgs/default/result/viber.pcap.out | 2 +- tests/cfgs/default/result/webex.pcap.out | 2 +- tests/cfgs/default/result/weibo.pcap.out | 2 +- tests/cfgs/default/result/wireguard.pcap.out | 2 +- tests/cfgs/default/result/zoom2.pcap.out | 2 +- tests/cfgs/default/result/zoom_p2p.pcapng.out | 2 +- .../result/dns_long_domainname.pcap.out | 2 +- .../result/quic-mvfst-27.pcapng.out | 2 +- windows/nDPI.vcxproj | 1 + 67 files changed, 227 insertions(+), 62 deletions(-) create mode 100644 src/lib/protocols/oicq.c create mode 100644 tests/cfgs/default/pcap/oicq.pcap create mode 100644 tests/cfgs/default/result/oicq.pcap.out diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index ddd848a3ad7..adaf68e9c49 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -363,6 +363,7 @@ typedef enum { NDPI_PROTOCOL_TPLINK_SHP = 332, /* TP-LINK Smart Home Protocol */ NDPI_PROTOCOL_SOURCE_ENGINE = 333, NDPI_PROTOCOL_BACNET = 334, + NDPI_PROTOCOL_OICQ = 335, #ifdef CUSTOM_NDPI_PROTOCOLS diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 091d281aeb5..5ace20d88f3 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -238,6 +238,7 @@ void init_merakicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct void init_tailscale_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_source_engine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_bacnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); /* ndpi_main.c */ extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 763538e9633..8b3a09cdf05 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2060,6 +2060,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "BACnet", NDPI_PROTOCOL_CATEGORY_IOT_SCADA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 47808, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OICQ, + "OICQ", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 8000, 0, 0, 0, 0) /* UDP */); #ifdef CUSTOM_NDPI_PROTOCOLS @@ -4899,6 +4903,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { /* BACnet */ init_bacnet_dissector(ndpi_str, &a); + /* OICQ */ + init_oicq_dissector(ndpi_str, &a); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif diff --git a/src/lib/protocols/oicq.c b/src/lib/protocols/oicq.c new file mode 100644 index 00000000000..6a1dd489470 --- /dev/null +++ b/src/lib/protocols/oicq.c @@ -0,0 +1,102 @@ +/* + * oicq.c + * + * OICQ / Tencent QQ + * + * Copyright (C) 2023 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OICQ + +#include "ndpi_api.h" + +PACK_ON +struct oicq_hdr { + uint8_t flag; + uint16_t version; + uint16_t command; + uint16_t sequence; +} PACK_OFF; + +static void ndpi_int_oicq_add_connection(struct ndpi_detection_module_struct * const ndpi_struct, + struct ndpi_flow_struct * const flow) +{ + NDPI_LOG_INFO(ndpi_struct, "found OICQ\n"); + + ndpi_set_detected_protocol(ndpi_struct, flow, + NDPI_PROTOCOL_OICQ, + NDPI_PROTOCOL_UNKNOWN, + NDPI_CONFIDENCE_DPI); +} + +/* ***************************************************** */ + +static void ndpi_search_oicq(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; + struct oicq_hdr const * const hdr = (struct oicq_hdr *)&packet->payload[0]; + + NDPI_LOG_DBG(ndpi_struct, "search OICQ\n"); + + if (packet->payload_packet_len < sizeof(*hdr)) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + if (hdr->flag != 0x02) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + if (ntohs(hdr->version) != 0x3b0b) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + uint16_t command = ntohs(hdr->command); + if (command == 0x0000 || (command > 0x00b5 && command < 0x03f7) || + command > 0x03f7) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + + ndpi_int_oicq_add_connection(ndpi_struct, flow); +} + +/* ***************************************************** */ + +void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id) +{ + ndpi_set_bitmask_protocol_detection("OICQ", ndpi_struct, *id, + NDPI_PROTOCOL_OICQ, + ndpi_search_oicq, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK + ); + + *id += 1; +} diff --git a/tests/cfgs/default/pcap/oicq.pcap b/tests/cfgs/default/pcap/oicq.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a65c497f10034f31b36538b7d55908f65a29bf1f GIT binary patch literal 3030 zcmaLZeKb^Q90%|_9`9zwC@+awsXOxiHW5Q=Qi_V&2o)W-7pWX1IXYfyvn>@dUe-$* z96O;Xh1w($)nd_TO(C^xcBieFW8@`v?!8^-p0j7~oO92a`_KKH@AG|r&v}H+xA=09 zJVgBF=OKtDdvPCtk?cb1bMiyASgjouR0*py~l~8 zY9VGb-5~qqDmiC0*%x$tne;f~qkzsUs_~)w|Juvyz7o3A!}3XtG7YG20uh5Sa`v7o zm12S^RfO`a5>@=Xa7CA_WEs);_gnVfIkEVa+R~=bqU%$Fl#Y$;bnt8lMg#$JRLUw$ zxj`tM^QaVF*8i5B$WOFRPl<& z6@9Yua`Wjjt?p$tQ&+!J=E3<9>=l_>dY=ZZ!Si=8Vr!%T?UOZ#KL2Uo+r=DHN(e=o zE>k$gyKrS0S>Z=tHqyJ(FmY&L`^d!*E$)wyL~LO5&Ss;BN;m>_nIxH6cWmFkxb#l1mVhZvcfnO z?EbN{L6Y9cgvNxQ70W9$*;fp>uDW)Mj;8KBn+L+CU_>%cc^24VS}CE42GL9&;kaf@ z*3|#$;19TI>zwCGPuVCPuQ;GWkI9o<;)0xM7^&@|?8hEc7Urj;4pk5>TvtRR^D|LKdbMl z?b_9(R8>_fjMES>dKE6zdIFDm7}2&=rczd83ZGC~Qc=aW7*}AjqSfyweDP+su7s5s zHX%3>>kvEHajSn?6P$op$i};rbK`(1R|#bfQ)<(3g+*3`4cu6RF8^Hr0b#<((C0Zg zIi5YZIPWQ#0xYDvNSW$fbHtP!LisCCmW5-;z!ej+!atC6?k2k@YG2Q2a(fxAFvMOO zZgS8)G+NwJoTC5BbFf5_g?K-qQ)z23Et}BZGf-{(2(GOnYq?zAw+-fPp_d##o>$XP z)qWNA%slP%g-cELW?Snje`*3gGOfD(8>*h1Fl}Lu-Y-Ub()rqxDOuC+6Gip3PC5rf zZaI|mG@DtNX0?4**b)RT%9MSrl!`N^6cCx-Y(-_Etk;VYM_};f4xyzk+sgl&BFy|sggB&T>4zUoUs`-{%9g! zSfK`Nm08HO1j_Tx4O158XjBeWM1goFYqIj#xuMsrChG9E>XFLnN2i 3.3.3.3:443 [proto: 91.341/TLS.CustomProtocolA][IP: 341/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 342/CustomProtocolB][IP: 342/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.342/TLS.CustomProtocolA][IP: 342/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 343/CustomProtocolB][IP: 343/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out index 87f8e3c57c4..f1bed90e7e8 100644 --- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out +++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 108 (108.00 diss/flow) +Num dissector calls: 109 (109.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out index fd5d7eddec8..5d0c45e9cb5 100644 --- a/tests/cfgs/default/result/discord.pcap.out +++ b/tests/cfgs/default/result/discord.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) DPI Packets (UDP): 60 (1.82 pkts/flow) Confidence DPI : 34 (flows) -Num dissector calls: 3985 (117.21 diss/flow) +Num dissector calls: 4012 (118.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord_mid_flow.pcap.out b/tests/cfgs/default/result/discord_mid_flow.pcap.out index ef504c43cce..a7953a3b710 100644 --- a/tests/cfgs/default/result/discord_mid_flow.pcap.out +++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 145 (145.00 diss/flow) +Num dissector calls: 146 (146.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out index 657329cb72c..603155ac2c7 100644 --- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 256 (1.04 pkts/flow) Confidence DPI : 245 (flows) -Num dissector calls: 20792 (84.87 diss/flow) +Num dissector calls: 20803 (84.91 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/513/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v2.pcap.out b/tests/cfgs/default/result/dnscrypt-v2.pcap.out index b2dd5dccec2..040fb8ccab1 100644 --- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 372 (124.00 diss/flow) +Num dissector calls: 375 (125.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out index 413a04d7fed..1e69087465e 100644 --- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 125 (125.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index dd68154be0f..ec3582d8750 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5433 (21.65 diss/flow) +Num dissector calls: 5466 (21.78 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/180/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out index 3714b7c90f2..8892d5df297 100644 --- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Unknown : 19 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 55 (flows) -Num dissector calls: 1789 (23.23 diss/flow) +Num dissector calls: 1805 (23.44 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/66/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index 33e657a34ac..b4b386298d7 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 591 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 167 (flows) -Num dissector calls: 67170 (88.38 diss/flow) +Num dissector calls: 67682 (89.06 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/1779/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gtp_false_positive.pcapng.out b/tests/cfgs/default/result/gtp_false_positive.pcapng.out index 04c7c1d3168..d2d1cfe568d 100644 --- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out +++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 7 (2.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) -Num dissector calls: 397 (132.33 diss/flow) +Num dissector calls: 400 (133.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/h323.pcap.out b/tests/cfgs/default/result/h323.pcap.out index eccbc0b9023..6f2c0689afd 100644 --- a/tests/cfgs/default/result/h323.pcap.out +++ b/tests/cfgs/default/result/h323.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 2 (2.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 226 (113.00 diss/flow) +Num dissector calls: 227 (113.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index f7de1a5f477..ca3f8dadea3 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (5.92 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 7 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 146 (9.73 diss/flow) +Num dissector calls: 147 (9.80 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/21/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/imo.pcap.out b/tests/cfgs/default/result/imo.pcap.out index fee86270f35..5e2ab42592a 100644 --- a/tests/cfgs/default/result/imo.pcap.out +++ b/tests/cfgs/default/result/imo.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 7 (3.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 288 (144.00 diss/flow) +Num dissector calls: 290 (145.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out index 4c16e3fa0a1..c2bd7039c34 100644 --- a/tests/cfgs/default/result/instagram.pcap.out +++ b/tests/cfgs/default/result/instagram.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1768 (46.53 diss/flow) +Num dissector calls: 1769 (46.55 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out index e45e30062a5..e3e81374335 100644 --- a/tests/cfgs/default/result/iphone.pcap.out +++ b/tests/cfgs/default/result/iphone.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 55 (1.77 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 50 (flows) -Num dissector calls: 348 (6.82 diss/flow) +Num dissector calls: 349 (6.84 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/kontiki.pcap.out b/tests/cfgs/default/result/kontiki.pcap.out index 0949e44dfc9..946b301eea0 100644 --- a/tests/cfgs/default/result/kontiki.pcap.out +++ b/tests/cfgs/default/result/kontiki.pcap.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 320 (40.00 diss/flow) +Num dissector calls: 322 (40.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/line.pcap.out b/tests/cfgs/default/result/line.pcap.out index 54f0a8bb818..af1b0644e0e 100644 --- a/tests/cfgs/default/result/line.pcap.out +++ b/tests/cfgs/default/result/line.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 13 (6.50 pkts/flow) DPI Packets (UDP): 40 (13.33 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 719 (143.80 diss/flow) +Num dissector calls: 722 (144.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/linecall_falsepositve.pcap.out b/tests/cfgs/default/result/linecall_falsepositve.pcap.out index 139dafcca0a..24744c56350 100644 --- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out +++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 25 (25.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 299 (299.00 diss/flow) +Num dissector calls: 300 (300.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out index af7b0573ea8..67e9ff4ff9b 100644 --- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 42 (4.67 pkts/flow) Confidence Unknown : 4 (flows) Confidence DPI (cache) : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 1240 (103.33 diss/flow) +Num dissector calls: 1248 (104.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/nintendo.pcap.out b/tests/cfgs/default/result/nintendo.pcap.out index ec989544b44..48a286a1f5a 100644 --- a/tests/cfgs/default/result/nintendo.pcap.out +++ b/tests/cfgs/default/result/nintendo.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 15 (flows) Confidence Match by IP : 5 (flows) -Num dissector calls: 1270 (60.48 diss/flow) +Num dissector calls: 1275 (60.71 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/18/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/oicq.pcap.out b/tests/cfgs/default/result/oicq.pcap.out new file mode 100644 index 00000000000..a5b5fd92a0f --- /dev/null +++ b/tests/cfgs/default/result/oicq.pcap.out @@ -0,0 +1,53 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 29 (1.00 pkts/flow) +Confidence DPI : 29 (flows) +Num dissector calls: 29 (1.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 58/0 (search/found) +Patricia risk: 58/0 (search/found) +Patricia protocols: 58/0 (search/found) + +OICQ 29 2542 29 + + 1 UDP 90.147.69.210:54233 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 90.147.69.210:59802 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 90.147.69.210:60434 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 90.147.69.210:61163 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 90.147.69.210:63120 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 6 UDP 90.147.69.210:64415 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 7 UDP 90.147.69.210:49199 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 8 UDP 90.147.69.210:49340 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 9 UDP 90.147.69.210:50315 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 10 UDP 90.147.69.210:51884 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 11 UDP 90.147.69.210:52663 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 12 UDP 90.147.69.210:52991 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 13 UDP 90.147.69.210:54462 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 14 UDP 90.147.69.210:55338 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 15 UDP 90.147.69.210:55774 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 16 UDP 90.147.69.210:56476 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 17 UDP 90.147.69.210:57677 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 18 UDP 90.147.69.210:57872 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 19 UDP 90.147.69.210:58434 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 20 UDP 90.147.69.210:58797 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 21 UDP 90.147.69.210:59394 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 22 UDP 90.147.69.210:60213 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 23 UDP 90.147.69.210:60288 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 24 UDP 90.147.69.210:60436 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 25 UDP 90.147.69.210:61686 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 26 UDP 90.147.69.210:64420 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 27 UDP 90.147.69.210:64916 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 28 UDP 90.147.69.210:65163 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 29 UDP 90.147.69.210:65276 -> 58.60.10.45:8000 [proto: 335/OICQ][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Chat/9][1 pkts/86 bytes -> 0 pkts/0 bytes][Goodput ratio: 51/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out index 9038a50ec15..b555d6e79a0 100644 --- a/tests/cfgs/default/result/openvpn.pcap.out +++ b/tests/cfgs/default/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 390 (130.00 diss/flow) +Num dissector calls: 392 (130.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out index 344b5419c33..63485817456 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (1.33 pkts/flow) DPI Packets (UDP): 13 (3.25 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 698 (69.80 diss/flow) +Num dissector calls: 701 (70.10 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/15/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out index 85e84e650a0..76a94da3064 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 3 (flows) -Num dissector calls: 483 (120.75 diss/flow) +Num dissector calls: 485 (121.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out index ad3044e91fb..d8d6a917114 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 126 (126.00 diss/flow) +Num dissector calls: 127 (127.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out index 6654be33aaa..e12cf17731e 100644 --- a/tests/cfgs/default/result/pps.pcap.out +++ b/tests/cfgs/default/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 196 (4.45 pkts/flow) Confidence Unknown : 29 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 5826 (54.45 diss/flow) +Num dissector calls: 5855 (54.72 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/93/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index 3326eb0dc5d..a56d5e4ae3a 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 12 (1.20 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 9 (flows) -Num dissector calls: 212 (21.20 diss/flow) +Num dissector calls: 213 (21.30 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out index bd86ca808ac..ff8ffde70cb 100644 --- a/tests/cfgs/default/result/quic_0RTT.pcap.out +++ b/tests/cfgs/default/result/quic_0RTT.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 187 (93.50 diss/flow) +Num dissector calls: 188 (94.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/radius_false_positive.pcapng.out b/tests/cfgs/default/result/radius_false_positive.pcapng.out index 826b9e598b8..8111546e84d 100644 --- a/tests/cfgs/default/result/radius_false_positive.pcapng.out +++ b/tests/cfgs/default/result/radius_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 10 (10.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 202 (202.00 diss/flow) +Num dissector calls: 203 (203.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/raknet.pcap.out b/tests/cfgs/default/result/raknet.pcap.out index cd0bfaf3a46..492e85f2dac 100644 --- a/tests/cfgs/default/result/raknet.pcap.out +++ b/tests/cfgs/default/result/raknet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 24 (2.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1416 (118.00 diss/flow) +Num dissector calls: 1422 (118.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rx.pcap.out b/tests/cfgs/default/result/rx.pcap.out index c9d2de1a06e..12fca81e4dc 100644 --- a/tests/cfgs/default/result/rx.pcap.out +++ b/tests/cfgs/default/result/rx.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 617 (123.40 diss/flow) +Num dissector calls: 622 (124.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sflow.pcap.out b/tests/cfgs/default/result/sflow.pcap.out index 892c6b491f1..51e5af57c82 100644 --- a/tests/cfgs/default/result/sflow.pcap.out +++ b/tests/cfgs/default/result/sflow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 109 (109.00 diss/flow) +Num dissector calls: 110 (110.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sip_hello.pcapng.out b/tests/cfgs/default/result/sip_hello.pcapng.out index 5760405c0b6..1cc57fc0ec3 100644 --- a/tests/cfgs/default/result/sip_hello.pcapng.out +++ b/tests/cfgs/default/result/sip_hello.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 205 (205.00 diss/flow) +Num dissector calls: 206 (206.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skype_udp.pcap.out b/tests/cfgs/default/result/skype_udp.pcap.out index 89bbcd16641..ad0bb5c3da7 100644 --- a/tests/cfgs/default/result/skype_udp.pcap.out +++ b/tests/cfgs/default/result/skype_udp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 124 (124.00 diss/flow) +Num dissector calls: 125 (125.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/softether.pcap.out b/tests/cfgs/default/result/softether.pcap.out index e442f653f18..e19b3a40bc2 100644 --- a/tests/cfgs/default/result/softether.pcap.out +++ b/tests/cfgs/default/result/softether.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 31 (10.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 367 (91.75 diss/flow) +Num dissector calls: 369 (92.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index 2c6a2fb44e6..72a29cfde8e 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -7,7 +7,7 @@ Confidence Match by port : 8 (flows) Confidence DPI (partial) : 4 (flows) Confidence DPI : 39 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1426 (27.42 diss/flow) +Num dissector calls: 1431 (27.52 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/39/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out index b3d46e76c0f..a84cacc7828 100644 --- a/tests/cfgs/default/result/stun.pcap.out +++ b/tests/cfgs/default/result/stun.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 13 (4.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 578 (144.50 diss/flow) +Num dissector calls: 581 (145.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/stun_signal.pcapng.out b/tests/cfgs/default/result/stun_signal.pcapng.out index a158125bdba..5199317c460 100644 --- a/tests/cfgs/default/result/stun_signal.pcapng.out +++ b/tests/cfgs/default/result/stun_signal.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 72 (3.43 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 22 (flows) -Num dissector calls: 2315 (100.65 diss/flow) +Num dissector calls: 2330 (101.30 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out index 12f5f914e15..6bcb2a859d8 100644 --- a/tests/cfgs/default/result/synscan.pcap.out +++ b/tests/cfgs/default/result/synscan.pcap.out @@ -124,7 +124,7 @@ iSCSI 2 116 2 44 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 335/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 336/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 172.16.0.8:36050 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -188,7 +188,7 @@ iSCSI 2 116 2 108 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 109 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 111 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 335/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 111 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 336/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 113 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 114 TCP 172.16.0.8:36051 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index 2afdcc16c1a..bf18b986f89 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI (partial) : 2 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 594 (7.16 diss/flow) +Num dissector calls: 595 (7.17 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamspeak3.pcap.out b/tests/cfgs/default/result/teamspeak3.pcap.out index 5c12584ab58..7ed97acae4c 100644 --- a/tests/cfgs/default/result/teamspeak3.pcap.out +++ b/tests/cfgs/default/result/teamspeak3.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 198 (99.00 diss/flow) +Num dissector calls: 199 (99.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamviewer.pcap.out b/tests/cfgs/default/result/teamviewer.pcap.out index 27a898acdf6..84a211f7cc9 100644 --- a/tests/cfgs/default/result/teamviewer.pcap.out +++ b/tests/cfgs/default/result/teamviewer.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 152 (76.00 diss/flow) +Num dissector calls: 153 (76.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out index 3a8ef4d46fc..05f40a32e32 100644 --- a/tests/cfgs/default/result/telegram.pcap.out +++ b/tests/cfgs/default/result/telegram.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 5 DPI Packets (UDP): 93 (1.94 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 46 (flows) -Num dissector calls: 1584 (33.00 diss/flow) +Num dissector calls: 1586 (33.04 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tftp.pcap.out b/tests/cfgs/default/result/tftp.pcap.out index 976b9b3216a..10a4de98044 100644 --- a/tests/cfgs/default/result/tftp.pcap.out +++ b/tests/cfgs/default/result/tftp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 13 (1.86 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 313 (44.71 diss/flow) +Num dissector calls: 315 (45.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/toca-boca.pcap.out b/tests/cfgs/default/result/toca-boca.pcap.out index 580d96cd5a4..a0b13178ea9 100644 --- a/tests/cfgs/default/result/toca-boca.pcap.out +++ b/tests/cfgs/default/result/toca-boca.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (UDP): 21 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 17 (flows) -Num dissector calls: 449 (21.38 diss/flow) +Num dissector calls: 453 (21.57 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index a6a085fc9b0..14e23df3593 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 518 (17.86 diss/flow) +Num dissector calls: 519 (17.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index 028624e68b0..f89ccb0d77c 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -6,7 +6,7 @@ Confidence Match by port : 1 (flows) Confidence DPI (partial) : 2 (flows) Confidence DPI : 53 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 319 (5.60 diss/flow) +Num dissector calls: 320 (5.61 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index 4772a960a8f..affc00fe805 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 44 (3.14 pkts/flow) Confidence Match by port : 13 (flows) Confidence DPI (partial) : 8 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 570 (12.95 diss/flow) +Num dissector calls: 572 (13.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/63/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/wireguard.pcap.out b/tests/cfgs/default/result/wireguard.pcap.out index 485a98f2fdf..51199156d81 100644 --- a/tests/cfgs/default/result/wireguard.pcap.out +++ b/tests/cfgs/default/result/wireguard.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (3.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 257 (128.50 diss/flow) +Num dissector calls: 259 (129.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom2.pcap.out b/tests/cfgs/default/result/zoom2.pcap.out index 7d66ebc7480..cf99397f9a1 100644 --- a/tests/cfgs/default/result/zoom2.pcap.out +++ b/tests/cfgs/default/result/zoom2.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 8 (8.00 pkts/flow) DPI Packets (UDP): 15 (5.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 488 (97.60 diss/flow) +Num dissector calls: 491 (98.20 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 1/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom_p2p.pcapng.out b/tests/cfgs/default/result/zoom_p2p.pcapng.out index 64973bc4c84..c1e41f20149 100644 --- a/tests/cfgs/default/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 88 (8.80 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial cache): 4 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 1095 (91.25 diss/flow) +Num dissector calls: 1099 (91.58 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out index 7bd62339d05..e8a6aa07e2a 100644 --- a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out +++ b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 124 (124.00 diss/flow) +Num dissector calls: 125 (125.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out index d8c9e5e5125..debb4452617 100644 --- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 20 (20.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 260 (260.00 diss/flow) +Num dissector calls: 261 (261.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj index e33fd5981fe..7a21b3cab97 100644 --- a/windows/nDPI.vcxproj +++ b/windows/nDPI.vcxproj @@ -261,6 +261,7 @@ + From b6629ba2befccec6356802fabf2d7a076133d900 Mon Sep 17 00:00:00 2001 From: Toni Date: Fri, 21 Apr 2023 12:40:26 +0200 Subject: [PATCH 4/6] Improved debug output. (#1951) * try to get rid of some `printf(..)`s as they do not belong to a shared library * replaced all `exit(..)`s with `abort()`s to indicate an abnormal process termination Signed-off-by: Toni Uhlig --- example/ndpiReader.c | 5 +-- fuzz/fuzz_config.cpp | 4 +- src/include/ndpi_api.h | 1 + src/lib/ndpi_main.c | 63 ++++++++++++++-------------- src/lib/third_party/include/uthash.h | 4 +- 5 files changed, 37 insertions(+), 40 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 05f362ce909..72408409eaf 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -126,7 +126,6 @@ static struct ndpi_detection_module_struct *ndpi_info_mod = NULL; extern u_int8_t enable_doh_dot_detection; extern u_int32_t max_num_packets_per_flow, max_packet_payload_dissection, max_num_reported_top_payloads; extern u_int16_t min_pattern_len, max_pattern_len; -extern void ndpi_self_check_host_match(); /* Self check function */ u_int8_t dump_internal_stats; struct ndpi_bin malloc_bins; @@ -827,7 +826,7 @@ static void parseOptions(int argc, char **argv) { switch (opt) { case 'a': ndpi_generate_options(atoi(optarg)); - break; + exit(0); case 'A': dump_internal_stats = 1; @@ -5198,7 +5197,7 @@ int main(int argc, char **argv) { bitmapUnitTest(); automataUnitTest(); analyzeUnitTest(); - ndpi_self_check_host_match(); + ndpi_self_check_host_match(stderr); analysisUnitTest(); compressedBitmapUnitTest(); #endif diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index 177266ba782..8f98c592983 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -6,8 +6,6 @@ #include #include "fuzzer/FuzzedDataProvider.h" -extern "C" void ndpi_self_check_host_match(); /* Self check function */ - extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fuzzed_data(data, size); struct ndpi_detection_module_struct *ndpi_info_mod; @@ -136,7 +134,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_get_num_supported_protocols(ndpi_info_mod); ndpi_get_ndpi_num_custom_protocols(ndpi_info_mod); - ndpi_self_check_host_match(); + ndpi_self_check_host_match(stderr); /* Basic code to try testing this "config" */ bool_value = fuzzed_data.ConsumeBool(); diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 16dc2014df1..70d9021d299 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -974,6 +974,7 @@ extern "C" { u_int16_t user_proto_id); u_int16_t ndpi_map_ndpi_id_to_user_proto_id(struct ndpi_detection_module_struct *ndpi_str, u_int16_t ndpi_proto_id); + void ndpi_self_check_host_match(FILE *error_out); /* Tells to called on what l4 protocol given application protocol can be found */ ndpi_l4_proto_info ndpi_get_l4_proto_info(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t ndpi_proto_id); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8b3a09cdf05..8dd2944733a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -611,20 +611,6 @@ static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) { /* ******************************************************************** */ -void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT which, const int depth) { - ndpi_default_ports_tree_node_t *f = *(ndpi_default_ports_tree_node_t **) node; - - printf("<%d>Walk on node %s (%u)\n", depth, - which == ndpi_preorder ? - "ndpi_preorder" : - which == ndpi_postorder ? - "ndpi_postorder" : - which == ndpi_endorder ? "ndpi_endorder" : which == ndpi_leaf ? "ndpi_leaf" : "unknown", - f->default_port); -} - -/* ******************************************************************** */ - static int addDefaultPort(struct ndpi_detection_module_struct *ndpi_str, ndpi_port_range *range, ndpi_proto_defaults_t *def, @@ -875,16 +861,19 @@ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_str, /* ******************************************************************** */ /* Self check function to be called only for testing purposes */ -void ndpi_self_check_host_match() { +void ndpi_self_check_host_match(FILE *error_out) { u_int32_t i, j; for(i = 0; host_match[i].string_to_match != NULL; i++) { for(j = 0; host_match[j].string_to_match != NULL; j++) { if((i != j) && (strcmp(host_match[i].string_to_match, host_match[j].string_to_match) == 0)) { - printf("[INTERNAL ERROR]: Duplicate string detected '%s' [id: %u, id %u]\n", - host_match[i].string_to_match, i, j); - printf("\nPlease fix host_match[] in ndpi_content_match.c.inc\n"); - exit(0); + if (error_out != NULL) { + fprintf(error_out, + "[NDPI] INTERNAL ERROR duplicate string detected '%s' [id: %u, id %u]\n", + host_match[i].string_to_match, i, j); + fprintf(error_out, "\nPlease fix host_match[] in ndpi_content_match.c.inc\n"); + } + abort(); } } } @@ -895,20 +884,34 @@ void ndpi_self_check_host_match() { #define XGRAMS_C 26 static int ndpi_xgrams_inited = 0; static unsigned int bigrams_bitmap[(XGRAMS_C*XGRAMS_C+31)/32]; -static unsigned int imposible_bigrams_bitmap[(XGRAMS_C*XGRAMS_C+31)/32]; +static unsigned int impossible_bigrams_bitmap[(XGRAMS_C*XGRAMS_C+31)/32]; static unsigned int trigrams_bitmap[(XGRAMS_C*XGRAMS_C*XGRAMS_C+31)/32]; -static void ndpi_xgrams_init(unsigned int *dst,size_t dn, const char **src,size_t sn, unsigned int l) { +static void ndpi_xgrams_init(struct ndpi_detection_module_struct *ndpi_str, + unsigned int *dst, size_t dn, + const char **src, size_t sn, + unsigned int l) +{ unsigned int i,j,c; for(i=0;i < sn && src[i]; i++) { for(j=0,c=0; j < l; j++) { unsigned char a = (unsigned char)src[i][j]; - if(a < 'a' || a > 'z') { printf("%u: c%u %c\n",i,j,a); abort(); } + if(a < 'a' || a > 'z') { + NDPI_LOG_ERR(ndpi_str, + "[NDPI] INTERNAL ERROR ndpi_xgrams_init %u: c%u %c\n", + i,j,a); + abort(); + } c *= XGRAMS_C; c += a - 'a'; } - if(src[i][l]) { printf("%u: c[%d] != 0\n",i,l); abort(); } + if(src[i][l]) { + NDPI_LOG_ERR(ndpi_str, + "[NDPI] INTERNAL ERROR ndpi_xgrams_init %u: c[%d] != 0\n", + i,l); + abort(); + } if((c >> 3) >= dn) abort(); dst[c >> 5] |= 1u << (c & 0x1f); } @@ -950,12 +953,12 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp if(!ndpi_xgrams_inited) { ndpi_xgrams_inited = 1; - ndpi_xgrams_init(bigrams_bitmap,sizeof(bigrams_bitmap), + ndpi_xgrams_init(ndpi_str,bigrams_bitmap,sizeof(bigrams_bitmap), ndpi_en_bigrams,sizeof(ndpi_en_bigrams)/sizeof(ndpi_en_bigrams[0]), 2); - ndpi_xgrams_init(imposible_bigrams_bitmap,sizeof(imposible_bigrams_bitmap), + ndpi_xgrams_init(ndpi_str,impossible_bigrams_bitmap,sizeof(impossible_bigrams_bitmap), ndpi_en_impossible_bigrams,sizeof(ndpi_en_impossible_bigrams)/sizeof(ndpi_en_impossible_bigrams[0]), 2); - ndpi_xgrams_init(trigrams_bitmap,sizeof(trigrams_bitmap), + ndpi_xgrams_init(ndpi_str,trigrams_bitmap,sizeof(trigrams_bitmap), ndpi_en_trigrams,sizeof(ndpi_en_trigrams)/sizeof(ndpi_en_trigrams[0]), 3); } } @@ -6184,9 +6187,7 @@ static void ndpi_add_connection_as_zoom(struct ndpi_detection_module_struct *ndp */ static void ndpi_check_tcp_flags(struct ndpi_detection_module_struct *ndpi_str, struct ndpi_flow_struct *flow) { -#if 0 - printf("[TOTAL] %u / %u [tot: %u]\n", flow->packet_direction_complete_counter[0], flow->packet_direction_complete_counter[1], flow->all_packets_counter); -#endif + // printf("[TOTAL] %u / %u [tot: %u]\n", flow->packet_direction_complete_counter[0], flow->packet_direction_complete_counter[1], flow->all_packets_counter); if((flow->l4.tcp.cli2srv_tcp_flags & TH_SYN) && (flow->l4.tcp.srv2cli_tcp_flags & TH_RST) @@ -8271,8 +8272,6 @@ void ndpi_generate_options(u_int opt) { printf("WARNING: option -a out of range\n"); break; } - - exit(0); } /* ****************************************************** */ @@ -8577,7 +8576,7 @@ int ndpi_match_bigram(const char *str) { } int ndpi_match_impossible_bigram(const char *str) { - return ndpi_match_xgram(imposible_bigrams_bitmap, 2, str); + return ndpi_match_xgram(impossible_bigrams_bitmap, 2, str); } /* ****************************************************** */ diff --git a/src/lib/third_party/include/uthash.h b/src/lib/third_party/include/uthash.h index 49c69df0301..b7dfe4d3b3c 100644 --- a/src/lib/third_party/include/uthash.h +++ b/src/lib/third_party/include/uthash.h @@ -118,7 +118,7 @@ do { /* malloc failures result in lost memory, hash tables are unusable */ #ifndef uthash_fatal -#define uthash_fatal(msg) exit(-1) /* fatal OOM error */ +#define uthash_fatal(msg) abort() /* fatal OOM error */ #endif #define HASH_RECORD_OOM(oomed) uthash_fatal("out of memory") @@ -513,7 +513,7 @@ do { */ #ifdef HASH_DEBUG #include /* fprintf, stderr */ -#define HASH_OOPS(...) do { fprintf(stderr, __VA_ARGS__); exit(-1); } while (0) +#define HASH_OOPS(...) do { fprintf(stderr, __VA_ARGS__); abort(); } while (0) #define HASH_FSCK(hh,head,where) \ do { \ struct UT_hash_handle *_thh; \ From d3e67faf20960f735ce8c5ee834dfe24829fac88 Mon Sep 17 00:00:00 2001 From: nikitamishagin <100284201+nikitamishagin@users.noreply.github.com> Date: Sat, 22 Apr 2023 20:28:43 +0400 Subject: [PATCH 5/6] Add "Heroes of the Storm" video game signature detection. (#1949) --- src/include/ndpi_protocol_ids.h | 1 + src/include/ndpi_protocols.h | 1 + src/lib/ndpi_main.c | 7 ++ src/lib/protocols/hots.c | 75 ++++++++++++++++++ tests/cfgs/default/pcap/hots.pcapng | Bin 0 -> 13756 bytes tests/cfgs/default/result/1kxun.pcap.out | 2 +- tests/cfgs/default/result/4in4tunnel.pcap.out | 2 +- tests/cfgs/default/result/EAQ.pcap.out | 2 +- .../default/result/adult_content.pcap.out | 2 +- .../default/result/anyconnect-vpn.pcap.out | 2 +- tests/cfgs/default/result/collectd.pcap.out | 2 +- ...om_rules_same-ip_multiple_ports.pcapng.out | 4 +- .../cfgs/default/result/dhcp-fuzz.pcapng.out | 2 +- tests/cfgs/default/result/discord.pcap.out | 2 +- .../default/result/discord_mid_flow.pcap.out | 2 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 2 +- .../cfgs/default/result/dnscrypt-v2.pcap.out | 2 +- .../dnscrypt_skype_false_positive.pcapng.out | 2 +- .../result/fuzz-2006-06-26-2594.pcap.out | 2 +- .../result/fuzz-2020-02-16-11740.pcap.out | 2 +- tests/cfgs/default/result/gnutella.pcap.out | 2 +- .../result/gtp_false_positive.pcapng.out | 2 +- tests/cfgs/default/result/h323.pcap.out | 2 +- tests/cfgs/default/result/hots.pcapng.out | 27 +++++++ tests/cfgs/default/result/imo.pcap.out | 2 +- tests/cfgs/default/result/instagram.pcap.out | 2 +- tests/cfgs/default/result/iphone.pcap.out | 2 +- tests/cfgs/default/result/kontiki.pcap.out | 2 +- tests/cfgs/default/result/line.pcap.out | 2 +- .../result/linecall_falsepositve.pcap.out | 2 +- tests/cfgs/default/result/nintendo.pcap.out | 2 +- tests/cfgs/default/result/openvpn.pcap.out | 2 +- .../ossfuzz_seed_fake_traces_1.pcapng.out | 2 +- .../ossfuzz_seed_fake_traces_2.pcapng.out | 2 +- .../ossfuzz_seed_fake_traces_4.pcapng.out | 2 +- tests/cfgs/default/result/pps.pcap.out | 2 +- tests/cfgs/default/result/quic.pcap.out | 2 +- tests/cfgs/default/result/quic_0RTT.pcap.out | 2 +- tests/cfgs/default/result/raknet.pcap.out | 2 +- tests/cfgs/default/result/rx.pcap.out | 2 +- tests/cfgs/default/result/sflow.pcap.out | 2 +- .../cfgs/default/result/sip_hello.pcapng.out | 2 +- tests/cfgs/default/result/skype_udp.pcap.out | 2 +- tests/cfgs/default/result/softether.pcap.out | 2 +- .../default/result/starcraft_battle.pcap.out | 2 +- tests/cfgs/default/result/stun.pcap.out | 2 +- .../default/result/stun_signal.pcapng.out | 2 +- tests/cfgs/default/result/synscan.pcap.out | 4 +- tests/cfgs/default/result/teams.pcap.out | 2 +- tests/cfgs/default/result/teamspeak3.pcap.out | 2 +- tests/cfgs/default/result/teamviewer.pcap.out | 2 +- tests/cfgs/default/result/telegram.pcap.out | 2 +- tests/cfgs/default/result/tftp.pcap.out | 2 +- tests/cfgs/default/result/toca-boca.pcap.out | 2 +- tests/cfgs/default/result/viber.pcap.out | 2 +- tests/cfgs/default/result/webex.pcap.out | 2 +- tests/cfgs/default/result/weibo.pcap.out | 2 +- tests/cfgs/default/result/wireguard.pcap.out | 2 +- tests/cfgs/default/result/zoom2.pcap.out | 2 +- tests/cfgs/default/result/zoom_p2p.pcapng.out | 2 +- .../result/dns_long_domainname.pcap.out | 2 +- .../result/quic-mvfst-27.pcapng.out | 2 +- windows/nDPI.vcxproj | 1 + 63 files changed, 170 insertions(+), 58 deletions(-) create mode 100644 src/lib/protocols/hots.c create mode 100644 tests/cfgs/default/pcap/hots.pcapng create mode 100644 tests/cfgs/default/result/hots.pcapng.out diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index adaf68e9c49..d8f3d00f825 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -364,6 +364,7 @@ typedef enum { NDPI_PROTOCOL_SOURCE_ENGINE = 333, NDPI_PROTOCOL_BACNET = 334, NDPI_PROTOCOL_OICQ = 335, + NDPI_PROTOCOL_HOTS = 336, /* Heroes of the Storm */ #ifdef CUSTOM_NDPI_PROTOCOLS diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 5ace20d88f3..20804a63246 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -79,6 +79,7 @@ void init_hsrp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_guildwars_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_h323_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_halflife2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_iax_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_icecast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8dd2944733a..6b2210ec1ab 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2067,6 +2067,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "OICQ", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8000, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTS, + "Heroes_of_the_Storm", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); #ifdef CUSTOM_NDPI_PROTOCOLS @@ -4909,6 +4913,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { /* OICQ */ init_oicq_dissector(ndpi_str, &a); + /* Heroes of the Storm */ + init_hots_dissector(ndpi_str, &a); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif diff --git a/src/lib/protocols/hots.c b/src/lib/protocols/hots.c new file mode 100644 index 00000000000..bc058b65302 --- /dev/null +++ b/src/lib/protocols/hots.c @@ -0,0 +1,75 @@ +/* + * hots.c + * + * Copyright (C) 2023 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HOTS + +#include "ndpi_api.h" + +static void ndpi_hots_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HOTS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + NDPI_LOG_INFO(ndpi_struct, "found Heroes of the Storm packet\n"); +} + +void ndpi_search_hots(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + + NDPI_LOG_DBG(ndpi_struct, "search Heroes of the Storm\n"); + + int ports[4] = {1119, 1120, 3724, 6113}; + for (int i = 0; i < 4; i++) { + if (packet->udp->dest == ntohs(ports[i]) || packet->udp->source == ntohs(ports[i])) { + if (packet->payload_packet_len >= 20 && packet->payload_packet_len <= 122) { + if (packet->payload[14] == 0x40 && packet->payload[15] == 0x00) { + if ((packet->payload[2] == 0x03 && packet->payload[3] == 0x00) || + (packet->payload[2] == 0x34 && packet->payload[3] == 0x00) || + (packet->payload[0] == 0x00 && packet->payload[1] == 0x00 && packet->payload[2] == 0x00 && + packet->payload[3] == 0x00 && packet->payload[4] == 0x00 && packet->payload[5] == 0x00 && + packet->payload[6] == 0x00 && packet->payload[7] == 0x00 && packet->payload[8] == 0x00 && + packet->payload[9] == 0x00 && packet->payload[10] == 0x00 && packet->payload[11] == 0x00 && + packet->payload[12] == 0x00 && packet->payload[13] == 0x00)) { + ndpi_hots_add_connection(ndpi_struct, flow); + return; + } + } + } + break; + } + } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + + +void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id) +{ + ndpi_set_bitmask_protocol_detection("HOTS", ndpi_struct, *id, + NDPI_PROTOCOL_HOTS, + ndpi_search_hots, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, /* Only IPv4 UDP traffic is expected. */ + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} \ No newline at end of file diff --git a/tests/cfgs/default/pcap/hots.pcapng b/tests/cfgs/default/pcap/hots.pcapng new file mode 100644 index 0000000000000000000000000000000000000000..abfeb6d419e78bbac1ab4c802b94e2ce06696413 GIT binary patch literal 13756 zcmchdc|26zAIEP(_C_MhkSJx#nh-U%%C3l%N*HBJk0sgHk|;`|P`0wQC`B41jTR+k zDWyDxB$77Lg5N#YXzrbv?jOJ3^Zd^1b=K;J4Q173swT>s>dQ2g z4YZ83m5nu2)eQ_ZR1J)DR)<5-Oo$6I3D`;Y+eHrGhE+LXO+MCqYTBwgbiU=wwKU-O zf&nk_RDH-!yZ)E`?0G_U08cqDu?2ESpM0=I^}xi zii`J>&xgStcU_R_OWD@r1aGQ1M)vt%FJ)Rtm#EZl3 z&mK3fcg+5oI-I@XE9~*YP3T4L0{Gp4pK<+I=pThwiw!J1XtnUW!S}?8EiEmq7xsAN zHlKAZBo0U6#bD1upH_>TViro{Mnkst9aH){eS3oGF?b_a1Z@pmH0S~^bP$+RE9}%t zh^(`Em*IZb5RB6TYb;o61(MoVLrdNm&;)1)5>#Db7S!?b-MzkAZtEYmssj)NJV3tC zUcr*@@w_w5FEnuvIAbRBUrB+A!sKE zg1sJ^MLurd?~qj586~eJ&P(@lro9!cD`h!DF4Ox6Qw~)x??AjhV7!R8B$>RPo5j-m z0G+qOSs(CX@kjKZVDy*ROmFry8#oqNKe}~evPQ^-ZTG1I8T44tUOOgmz0M+D`B<;T z-Au9cnZ?VbyDy3iPo5$CY-obD7x&j;ytrBruOO^fycUz!XR}1Hu7;hxol6A$6FNV! z_DUQ0h~rhxhj{5@y>hddye7<&7kO89IR~4`w;11n8=O_2JH7gZ=Ov1GsbRfLbQryA zc+64_ma-M}uNGafR`e76dsbei9iQ>M%z;}u9t z;!R)hykZcqJ6NwCJti+1v&@;oil*n@*y&08Cd2CztGIZnU-7(B5U(n%SMoTM*HW|7 z=|VcoUKM`7o@Da#EZxhQ_EvEHQVmCNuHSN`=VLBnyomMLOkTQX`K+(s>T4r-u~Z?k zq+s-yyodK3^dLbsu>Q*pF)=r}4|)#&y@H({3;O!~abXnC>kZ=NhV|O6h;{<&Ud?K= z!rdI(Y{RPGs}pniwzKxiE%=7xb%g`*GRAtz)-rjmH!B@^a$d_X_k8x|XOYo#FK60Y zL5*U0#&BwMg$MC6$9NIzrv+#_a9mr>s#(`aCvyxh7WlplzK(P;`b$=E(1bDidCDe~oU*P!XeU>X2cqwU!dgxSwdlmL=4VNII-)%-O?qPBlJ(d*OuYtZ4Wq~7n zI{|^ow2yD&3PJQ|V)V^z^jYa|;tM^in%==18%4U>`>L9aa~&b&((a9ijX%p*Bz_a6 zhKT(XO4RrGAQWUj;8*PmO8^ddJ3)>>5%3J+^MoQiYz#b%YdZnN``_~v02p`xp0Nuu zj-U;}WXjJTt|-8x*oWb9S-1y$nm$Mnj}*CEA^l$4y=v`B0eOWZFMOOt=U=LS>^>vwxDP%DlPQluTo(|=N(`fG-ZPp2 z?EvS|jof!E=j^eVNJjXa(RxX4>$v}7CIh;&%tEk4C8u> za0X*IcWyGI3D6EOXDNALvcV$RrRUe8SC8J>%bv+QQ95*;`czBb#dhTeAITqV1_b5x8#_rad6pEz;N&afnU)=4?)baG~Qo?2$5pf&R_< z^ZEi!K5msO;T-vUV}t|etuxBPBi_yrP2s0zb+9R8JzG8H@#a`oe%rrOYi!;Njq>6nvsGs8j*-^W{9RAPC2SF+3(x z)0+gXTqKB3*`3q#E&pF7T!+*mYt^-1r0oyxvfq}~R((ac`{Pfu+BKW~E!OqetL|>qA&ign?k0^C z8g@SR+$~xjP$~3tAz%c(jb<(1fy*j}u$nNi!uRLsK_c+|Ypi87BaqjR#>$S#@Hv=F zd5z{FA*>P@Rv(Y+Xi{(;@)fuXkf|4n7kZOJ^(-4~*|Uh8yEbJX)9g%8-CVc%F-P>3 z4^p;a%ca@GzTa#n_*%?K{b|EiobWoK@<6qlAH%@c-j&(pla9-gLlSb?xR(n zOa1peFg`IHY65>AaDaNFdCvLc@*G8Y1{rw3;))t1!vDsDUJsWpRK-~jc`hP6Z5SSt zK&Eww-``zaC+Tiq;?Js(r0ky3LK1WD3EH_GSsWR0o^nHJkLB)2X&t_6B|5*? z!yH;npiaiR{1gx-m`r`;E6NEtBn4m&!qjtl_`B}r{hc%c+JOX_E5zE@c;9M;jAA^|J7KLHc!IitBN%{heFZKb0pVk3;JZKd`RSh|!avLBOcMrt1H=53mGC*3O!-q4 zos00T!tfD!cxeK(1DrpP*c0?;1y^YQ4)hPG2vCl~=U_7F$B80)01f?R<*OQRz!RHof?49M?NmaD00aj2mG&8p$E;I7I zgZP?(nTvs$0O#aiX3n5lf;C^aT7Q*%Zt4-Vct~31`*G)n-c6^eNx0;A}Y?GEctYZRX9Z>6ZeygiX^GpsTPH z-~qWrb2aGTa;-$Tx-hx49Ry;i0r&qu!c|1m1o`?!Bv9hvb1<3m6)YNvaHV0m$dn-z z6#NqI%dfG8i-;E82SWs0uD%@oA{Xt{bKlrO^KI(NC;o~}&S{?pE+XM*SRzG_YW{QYbJ%}K4t%UxtGZe#VTf_8x(?UPCbo_DLc!1xv726lxja6UpDk1Uth@e-H@K_4J z&8}ZxMPClR3#7`8nucloxIgjY!xxTH%`_=up*tM%bpK`1!UuI;!!?HjZX>{CsZN~Jj?`rS_L(Rr1@nI^3_$~QFy zODwpTvh|v9xNg_ni$^@RX62gwXpM}x=TS~9e*2&(*SAFn{`_=3ooTY5o?c}_IQx~@ zJQnpNa#_&?Xa|_9KlUkozoMe_Ye$7B;5jLnO#O0POakajv|!?n$=gp8pdF_4A86;R zc;8B2c4SQ&B`51AElQ{%GvCJNnNlUco8$trI8W9`2a&tII^Y zk)1zJ-Yt--!4=I_*87*B@8w(kpU-joR^?7AHOZV6vTAi)%-mkyHjU9P*CsB^kckJq8 zrJpo&9Xae|xB6KFIq4H;_Zqf;w*5Hq6P`Fyc@?yj~(Ho-9Ss50 zA-{PZB?mqSlWBcBDi(^wum=-E#JOJh&8R_wtd_|L!n!HGQM7RM#W&iLDPH?JM`eRMne zS3*zu$J}9&tNlr8dM!PlwpIGeM{4It?j7iy!&wJ=g0;;Vo?rm}5i?P|K21dU?_&6g zoX*I{fB%5_Q{p7)eOgBQ4bYdOicZWPT`E=eL)h#%g0%S_dJG|$iZ}7S-p-kpy%Tn zO8@;eF$&m+!DQ-}gJL%jefaPFsP%f!1*ZRd1oTUunGPDJ8$A+p)r+^FWQU)2j;72# zqnA-VY;aUajXftxc9-;r9bYWC?a~+TYD>AH%e#+c>wGZo-fdyP3;G1jedIkZ_kDzWDFe40EP@&&!vBXGeZSvZCXVyH zM64I#mcww9>rbPg;g=-HdPSTGv5`2g(R?Sv_|xsG!KRa16#F-V?(Fp(f@wznIfq|r zjQKu1CMCMoz|XD3{Ca^)CMP?U(=U8bMKUGtLS-d?(XB5|JHj7Zdw2c*UgAu%0oMt? zmIPkkA@{BlyD*$Yj^#|8adGSEeTRN_>{TQ|Nr2xDCR5*qiVY%pki_Wk_+HIQe@j@p z9eet(^VA(J^Hn@twc6*6Fa7X3Ao~33OQ%xDcelOQG@8BGYKDV@_>3a8U&b|)cZ^N9 z|FxmnN3^gc*p4eqJNK^gn#0d3i+h`3dB6yI4ZW`~%p~I6(}=SntaCA}jx(n>7FY`m zxMt09>*vhh^tL3@?@4LngUQ8Gf=5iLhJC_5hQq#$MuzAaCN>dkzQF>ENc>ARE3o`*}bPeKmC&g*{q4%MDK5~hJpd~vlFCnzF&#EBe7Rt^ldLNeUAb9 zBJI0mUd>LV$gZ%~T=g?Bb|&?;N055WsnIUm8@X3CIW||NKKIwv+jw1VUF?NZrP|^g z!UgfBYhVt*!x*<)D{kE02-jN-7m-~ML`5HP+!1jR^tjRMvSQSHoc%;R7}1Zy={Hjl1pRgc`; z7!h_;O88_9$J&!*!^Z92IuDw-^_`b?%cd2qpV;7CyOn&AXJgr;jITo4b7BJlFUSj; zTZ=;)kNX(HO=jSh0<`o&BEWfx`S-b}FJI7S)&bI#LofoEOxIYXcqzi|h~f6?-brT$ zui$)l#3e5MA|zt$P#izHZ!EO0XL!9-X7zxy|Gc1AJ<8gC2Om#9>EtEq$KT)ZB4r^T s-{m{v`qV%!LG=s?30_N6%}WOhtb=M^%Q 3.3.3.3:443 [proto: 91.342/TLS.CustomProtocolA][IP: 342/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 343/CustomProtocolB][IP: 343/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.343/TLS.CustomProtocolA][IP: 343/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 344/CustomProtocolB][IP: 344/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out index f1bed90e7e8..fe289bbcb57 100644 --- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out +++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 109 (109.00 diss/flow) +Num dissector calls: 110 (110.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out index 5d0c45e9cb5..8bcd2b66866 100644 --- a/tests/cfgs/default/result/discord.pcap.out +++ b/tests/cfgs/default/result/discord.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) DPI Packets (UDP): 60 (1.82 pkts/flow) Confidence DPI : 34 (flows) -Num dissector calls: 4012 (118.00 diss/flow) +Num dissector calls: 4039 (118.79 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord_mid_flow.pcap.out b/tests/cfgs/default/result/discord_mid_flow.pcap.out index a7953a3b710..8e0e210932a 100644 --- a/tests/cfgs/default/result/discord_mid_flow.pcap.out +++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 146 (146.00 diss/flow) +Num dissector calls: 147 (147.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out index 603155ac2c7..17089cbe83b 100644 --- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 256 (1.04 pkts/flow) Confidence DPI : 245 (flows) -Num dissector calls: 20803 (84.91 diss/flow) +Num dissector calls: 20814 (84.96 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/513/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v2.pcap.out b/tests/cfgs/default/result/dnscrypt-v2.pcap.out index 040fb8ccab1..df9656e7c72 100644 --- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 375 (125.00 diss/flow) +Num dissector calls: 378 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out index 1e69087465e..e9347fc51eb 100644 --- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 126 (126.00 diss/flow) +Num dissector calls: 127 (127.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index ec3582d8750..5958d60fbeb 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5466 (21.78 diss/flow) +Num dissector calls: 5499 (21.91 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/180/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out index 8892d5df297..a5302a4aad8 100644 --- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Unknown : 19 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 55 (flows) -Num dissector calls: 1805 (23.44 diss/flow) +Num dissector calls: 1821 (23.65 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/66/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index b4b386298d7..cc841d07e97 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 591 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 167 (flows) -Num dissector calls: 67682 (89.06 diss/flow) +Num dissector calls: 68194 (89.73 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/1779/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gtp_false_positive.pcapng.out b/tests/cfgs/default/result/gtp_false_positive.pcapng.out index d2d1cfe568d..c501f03dcda 100644 --- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out +++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 7 (2.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) -Num dissector calls: 400 (133.33 diss/flow) +Num dissector calls: 403 (134.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/h323.pcap.out b/tests/cfgs/default/result/h323.pcap.out index 6f2c0689afd..85749d4ea00 100644 --- a/tests/cfgs/default/result/h323.pcap.out +++ b/tests/cfgs/default/result/h323.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 2 (2.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 227 (113.50 diss/flow) +Num dissector calls: 228 (114.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/hots.pcapng.out b/tests/cfgs/default/result/hots.pcapng.out new file mode 100644 index 00000000000..0c3c9359c26 --- /dev/null +++ b/tests/cfgs/default/result/hots.pcapng.out @@ -0,0 +1,27 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 3 (1.00 pkts/flow) +Confidence DPI : 3 (flows) +Num dissector calls: 330 (110.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 6/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia protocols: 5/3 (search/found) + +Heroes_of_the_Storm 100 10145 3 + + 1 UDP 24.105.57.16:3724 -> 192.168.0.73:50609 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][40 pkts/4753 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][1.26 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 32/0 62/0 18/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 119/0 164/0 34/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 22,0,47,30,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 24.105.57.183:1119 -> 192.168.0.73:50609 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][25 pkts/2978 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][0.94 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 6/0 38/0 63/0 22/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 119/0 158/0 21/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 4,24,40,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.0.73:54598 <-> 24.105.56.13:3724 [proto: 336/Heroes_of_the_Storm][IP: 213/Starcraft][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][14 pkts/908 bytes <-> 21 pkts/1506 bytes][Goodput ratio: 35/41][92.43 sec][bytes ratio: -0.248 (Download)][IAT c2s/s2c min/avg/max/stddev: 3/17 42/51 66/63 22/16][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 65/72 66/74 2/5][Plen Bins: 51,48,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/imo.pcap.out b/tests/cfgs/default/result/imo.pcap.out index 5e2ab42592a..d61bc342e14 100644 --- a/tests/cfgs/default/result/imo.pcap.out +++ b/tests/cfgs/default/result/imo.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 7 (3.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 290 (145.00 diss/flow) +Num dissector calls: 292 (146.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out index c2bd7039c34..5f6d1790632 100644 --- a/tests/cfgs/default/result/instagram.pcap.out +++ b/tests/cfgs/default/result/instagram.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1769 (46.55 diss/flow) +Num dissector calls: 1770 (46.58 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out index e3e81374335..1285b43c77d 100644 --- a/tests/cfgs/default/result/iphone.pcap.out +++ b/tests/cfgs/default/result/iphone.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 55 (1.77 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 50 (flows) -Num dissector calls: 349 (6.84 diss/flow) +Num dissector calls: 350 (6.86 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/kontiki.pcap.out b/tests/cfgs/default/result/kontiki.pcap.out index 946b301eea0..7603abb5826 100644 --- a/tests/cfgs/default/result/kontiki.pcap.out +++ b/tests/cfgs/default/result/kontiki.pcap.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 322 (40.25 diss/flow) +Num dissector calls: 324 (40.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/line.pcap.out b/tests/cfgs/default/result/line.pcap.out index af1b0644e0e..d592f960be2 100644 --- a/tests/cfgs/default/result/line.pcap.out +++ b/tests/cfgs/default/result/line.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 13 (6.50 pkts/flow) DPI Packets (UDP): 40 (13.33 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 722 (144.40 diss/flow) +Num dissector calls: 725 (145.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/linecall_falsepositve.pcap.out b/tests/cfgs/default/result/linecall_falsepositve.pcap.out index 24744c56350..a3db567220f 100644 --- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out +++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 25 (25.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 300 (300.00 diss/flow) +Num dissector calls: 301 (301.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/nintendo.pcap.out b/tests/cfgs/default/result/nintendo.pcap.out index 48a286a1f5a..6b6c8adf80e 100644 --- a/tests/cfgs/default/result/nintendo.pcap.out +++ b/tests/cfgs/default/result/nintendo.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 15 (flows) Confidence Match by IP : 5 (flows) -Num dissector calls: 1275 (60.71 diss/flow) +Num dissector calls: 1280 (60.95 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/18/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out index b555d6e79a0..2dc85fc95b2 100644 --- a/tests/cfgs/default/result/openvpn.pcap.out +++ b/tests/cfgs/default/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 392 (130.67 diss/flow) +Num dissector calls: 394 (131.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out index 63485817456..48fbbe613ce 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (1.33 pkts/flow) DPI Packets (UDP): 13 (3.25 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 701 (70.10 diss/flow) +Num dissector calls: 704 (70.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/15/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out index 76a94da3064..224f7ae37d0 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 3 (flows) -Num dissector calls: 485 (121.25 diss/flow) +Num dissector calls: 487 (121.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out index d8d6a917114..bddc0ff70d2 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 127 (127.00 diss/flow) +Num dissector calls: 128 (128.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out index e12cf17731e..58985da3cb0 100644 --- a/tests/cfgs/default/result/pps.pcap.out +++ b/tests/cfgs/default/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 196 (4.45 pkts/flow) Confidence Unknown : 29 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 5855 (54.72 diss/flow) +Num dissector calls: 5884 (54.99 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/93/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index a56d5e4ae3a..b79c74f6502 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 12 (1.20 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 9 (flows) -Num dissector calls: 213 (21.30 diss/flow) +Num dissector calls: 214 (21.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out index ff8ffde70cb..0361810194e 100644 --- a/tests/cfgs/default/result/quic_0RTT.pcap.out +++ b/tests/cfgs/default/result/quic_0RTT.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 188 (94.00 diss/flow) +Num dissector calls: 189 (94.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/raknet.pcap.out b/tests/cfgs/default/result/raknet.pcap.out index 492e85f2dac..83bfa352374 100644 --- a/tests/cfgs/default/result/raknet.pcap.out +++ b/tests/cfgs/default/result/raknet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 24 (2.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1422 (118.50 diss/flow) +Num dissector calls: 1428 (119.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rx.pcap.out b/tests/cfgs/default/result/rx.pcap.out index 12fca81e4dc..1356a2f550e 100644 --- a/tests/cfgs/default/result/rx.pcap.out +++ b/tests/cfgs/default/result/rx.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 622 (124.40 diss/flow) +Num dissector calls: 627 (125.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sflow.pcap.out b/tests/cfgs/default/result/sflow.pcap.out index 51e5af57c82..e625c8a7049 100644 --- a/tests/cfgs/default/result/sflow.pcap.out +++ b/tests/cfgs/default/result/sflow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 110 (110.00 diss/flow) +Num dissector calls: 111 (111.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sip_hello.pcapng.out b/tests/cfgs/default/result/sip_hello.pcapng.out index 1cc57fc0ec3..fe9006a3303 100644 --- a/tests/cfgs/default/result/sip_hello.pcapng.out +++ b/tests/cfgs/default/result/sip_hello.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 206 (206.00 diss/flow) +Num dissector calls: 207 (207.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skype_udp.pcap.out b/tests/cfgs/default/result/skype_udp.pcap.out index ad0bb5c3da7..f26093a3cb1 100644 --- a/tests/cfgs/default/result/skype_udp.pcap.out +++ b/tests/cfgs/default/result/skype_udp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 125 (125.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/softether.pcap.out b/tests/cfgs/default/result/softether.pcap.out index e19b3a40bc2..e2a773a60ca 100644 --- a/tests/cfgs/default/result/softether.pcap.out +++ b/tests/cfgs/default/result/softether.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 31 (10.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 369 (92.25 diss/flow) +Num dissector calls: 371 (92.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index 72a29cfde8e..47d9ad068f4 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -7,7 +7,7 @@ Confidence Match by port : 8 (flows) Confidence DPI (partial) : 4 (flows) Confidence DPI : 39 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1431 (27.52 diss/flow) +Num dissector calls: 1436 (27.62 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/39/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out index a84cacc7828..c238967862f 100644 --- a/tests/cfgs/default/result/stun.pcap.out +++ b/tests/cfgs/default/result/stun.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 13 (4.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 581 (145.25 diss/flow) +Num dissector calls: 583 (145.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/stun_signal.pcapng.out b/tests/cfgs/default/result/stun_signal.pcapng.out index 5199317c460..da6a7ed094b 100644 --- a/tests/cfgs/default/result/stun_signal.pcapng.out +++ b/tests/cfgs/default/result/stun_signal.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 72 (3.43 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 22 (flows) -Num dissector calls: 2330 (101.30 diss/flow) +Num dissector calls: 2345 (101.96 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out index 6bcb2a859d8..525e650d992 100644 --- a/tests/cfgs/default/result/synscan.pcap.out +++ b/tests/cfgs/default/result/synscan.pcap.out @@ -124,7 +124,7 @@ iSCSI 2 116 2 44 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 336/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 337/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 172.16.0.8:36050 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -188,7 +188,7 @@ iSCSI 2 116 2 108 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 109 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 111 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 336/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 111 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 337/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 113 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 114 TCP 172.16.0.8:36051 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index bf18b986f89..21b48ce7ac9 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI (partial) : 2 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 595 (7.17 diss/flow) +Num dissector calls: 596 (7.18 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamspeak3.pcap.out b/tests/cfgs/default/result/teamspeak3.pcap.out index 7ed97acae4c..c3082455cb2 100644 --- a/tests/cfgs/default/result/teamspeak3.pcap.out +++ b/tests/cfgs/default/result/teamspeak3.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 199 (99.50 diss/flow) +Num dissector calls: 200 (100.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamviewer.pcap.out b/tests/cfgs/default/result/teamviewer.pcap.out index 84a211f7cc9..8b8ac7925a6 100644 --- a/tests/cfgs/default/result/teamviewer.pcap.out +++ b/tests/cfgs/default/result/teamviewer.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 153 (76.50 diss/flow) +Num dissector calls: 154 (77.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out index 05f40a32e32..eceb9e0ef6a 100644 --- a/tests/cfgs/default/result/telegram.pcap.out +++ b/tests/cfgs/default/result/telegram.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 5 DPI Packets (UDP): 93 (1.94 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 46 (flows) -Num dissector calls: 1586 (33.04 diss/flow) +Num dissector calls: 1588 (33.08 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tftp.pcap.out b/tests/cfgs/default/result/tftp.pcap.out index 10a4de98044..36b7b892902 100644 --- a/tests/cfgs/default/result/tftp.pcap.out +++ b/tests/cfgs/default/result/tftp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 13 (1.86 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 315 (45.00 diss/flow) +Num dissector calls: 317 (45.29 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/toca-boca.pcap.out b/tests/cfgs/default/result/toca-boca.pcap.out index a0b13178ea9..621c28b328e 100644 --- a/tests/cfgs/default/result/toca-boca.pcap.out +++ b/tests/cfgs/default/result/toca-boca.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (UDP): 21 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 17 (flows) -Num dissector calls: 453 (21.57 diss/flow) +Num dissector calls: 457 (21.76 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index 14e23df3593..8f76ea73816 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 519 (17.90 diss/flow) +Num dissector calls: 520 (17.93 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index f89ccb0d77c..84ed8af8d25 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -6,7 +6,7 @@ Confidence Match by port : 1 (flows) Confidence DPI (partial) : 2 (flows) Confidence DPI : 53 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 320 (5.61 diss/flow) +Num dissector calls: 321 (5.63 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index affc00fe805..2f439e9122d 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 44 (3.14 pkts/flow) Confidence Match by port : 13 (flows) Confidence DPI (partial) : 8 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 572 (13.00 diss/flow) +Num dissector calls: 574 (13.05 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/63/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/wireguard.pcap.out b/tests/cfgs/default/result/wireguard.pcap.out index 51199156d81..b47f850717c 100644 --- a/tests/cfgs/default/result/wireguard.pcap.out +++ b/tests/cfgs/default/result/wireguard.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (3.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 259 (129.50 diss/flow) +Num dissector calls: 261 (130.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom2.pcap.out b/tests/cfgs/default/result/zoom2.pcap.out index cf99397f9a1..45d5eb3b4eb 100644 --- a/tests/cfgs/default/result/zoom2.pcap.out +++ b/tests/cfgs/default/result/zoom2.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 8 (8.00 pkts/flow) DPI Packets (UDP): 15 (5.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 491 (98.20 diss/flow) +Num dissector calls: 494 (98.80 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 1/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom_p2p.pcapng.out b/tests/cfgs/default/result/zoom_p2p.pcapng.out index c1e41f20149..05a970529b8 100644 --- a/tests/cfgs/default/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 88 (8.80 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial cache): 4 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 1099 (91.58 diss/flow) +Num dissector calls: 1103 (91.92 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out index e8a6aa07e2a..2854544befc 100644 --- a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out +++ b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 125 (125.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out index debb4452617..75681a54d99 100644 --- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 20 (20.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 261 (261.00 diss/flow) +Num dissector calls: 262 (262.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj index 7a21b3cab97..0c831dc3b75 100644 --- a/windows/nDPI.vcxproj +++ b/windows/nDPI.vcxproj @@ -233,6 +233,7 @@ + From c4ba981370ff437f27a5da5048e3211beb6c7a5a Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 24 Apr 2023 08:49:11 +0200 Subject: [PATCH 6/6] Compilation fix on RH7 --- src/lib/protocols/hots.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lib/protocols/hots.c b/src/lib/protocols/hots.c index bc058b65302..ac11f273bb6 100644 --- a/src/lib/protocols/hots.c +++ b/src/lib/protocols/hots.c @@ -36,11 +36,11 @@ static void ndpi_hots_add_connection(struct ndpi_detection_module_struct *ndpi_s void ndpi_search_hots(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; + int i, ports[4] = {1119, 1120, 3724, 6113}; NDPI_LOG_DBG(ndpi_struct, "search Heroes of the Storm\n"); - int ports[4] = {1119, 1120, 3724, 6113}; - for (int i = 0; i < 4; i++) { + for (i = 0; i < 4; i++) { if (packet->udp->dest == ntohs(ports[i]) || packet->udp->source == ntohs(ports[i])) { if (packet->payload_packet_len >= 20 && packet->payload_packet_len <= 122) { if (packet->payload[14] == 0x40 && packet->payload[15] == 0x00) { @@ -72,4 +72,4 @@ void init_hots_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); *id += 1; -} \ No newline at end of file +}