From a4b3ac6d5fdff79ddafe959000b85acd7680818c Mon Sep 17 00:00:00 2001 From: 0xA50C1A1 Date: Sun, 3 Mar 2024 06:25:17 +0300 Subject: [PATCH] Add Naraka Bladepoint detection support --- doc/protocols.rst | 9 +++ src/include/ndpi_private.h | 1 + src/include/ndpi_protocol_ids.h | 1 + src/lib/ndpi_main.c | 7 ++ src/lib/protocols/naraka.c | 60 ++++++++++++++++++ tests/cfgs/caches_cfg/result/teams.pcap.out | 2 +- .../result/lru_ipv6_caches.pcapng.out | 2 +- .../cfgs/caches_global/result/teams.pcap.out | 2 +- .../caches_global/result/zoom_p2p.pcapng.out | 2 +- .../default/pcap/naraka_bladepoint.pcapng | Bin 0 -> 1284 bytes tests/cfgs/default/result/1kxun.pcap.out | 2 +- tests/cfgs/default/result/4in4tunnel.pcap.out | 2 +- tests/cfgs/default/result/6in6tunnel.pcap.out | 2 +- tests/cfgs/default/result/EAQ.pcap.out | 2 +- .../FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out | 2 +- .../default/result/KakaoTalk_talk.pcap.out | 2 +- .../default/result/anyconnect-vpn.pcap.out | 2 +- tests/cfgs/default/result/collectd.pcap.out | 2 +- .../result/custom_rules_ipv6.pcapng.out | 2 +- ...om_rules_same-ip_multiple_ports.pcapng.out | 4 +- .../cfgs/default/result/dhcp-fuzz.pcapng.out | 2 +- tests/cfgs/default/result/discord.pcap.out | 2 +- .../default/result/discord_mid_flow.pcap.out | 2 +- .../dnscrypt-v1-and-resolver-pings.pcap.out | 2 +- .../cfgs/default/result/dnscrypt-v2.pcap.out | 2 +- .../dnscrypt_skype_false_positive.pcapng.out | 2 +- .../cfgs/default/result/epicgames.pcapng.out | 2 +- .../result/fuzz-2006-06-26-2594.pcap.out | 2 +- .../result/fuzz-2020-02-16-11740.pcap.out | 2 +- tests/cfgs/default/result/gnutella.pcap.out | 2 +- .../result/gtp_false_positive.pcapng.out | 2 +- tests/cfgs/default/result/h323.pcap.out | 2 +- tests/cfgs/default/result/http_ipv6.pcap.out | 2 +- tests/cfgs/default/result/imo.pcap.out | 2 +- tests/cfgs/default/result/instagram.pcap.out | 2 +- tests/cfgs/default/result/iphone.pcap.out | 2 +- .../cfgs/default/result/ipv6_in_gtp.pcap.out | 2 +- tests/cfgs/default/result/kontiki.pcap.out | 2 +- .../result/linecall_falsepositve.pcap.out | 2 +- .../default/result/lru_ipv6_caches.pcapng.out | 2 +- .../default/result/mullvad_wireguard.pcap.out | 2 +- tests/cfgs/default/result/mumble.pcapng.out | 2 +- .../result/naraka_bladepoint.pcapng.out | 28 ++++++++ tests/cfgs/default/result/nintendo.pcap.out | 2 +- .../default/result/openvpn-tlscrypt.pcap.out | 2 +- tests/cfgs/default/result/openvpn.pcap.out | 2 +- .../default/result/openvpn_nohmac.pcapng.out | 2 +- .../ossfuzz_seed_fake_traces_1.pcapng.out | 2 +- .../ossfuzz_seed_fake_traces_2.pcapng.out | 2 +- .../ossfuzz_seed_fake_traces_4.pcapng.out | 2 +- tests/cfgs/default/result/pps.pcap.out | 2 +- tests/cfgs/default/result/protonvpn.pcap.out | 2 +- tests/cfgs/default/result/quic.pcap.out | 2 +- tests/cfgs/default/result/quic_0RTT.pcap.out | 2 +- tests/cfgs/default/result/raknet.pcap.out | 2 +- tests/cfgs/default/result/rdp2.pcap.out | 2 +- tests/cfgs/default/result/rtp.pcapng.out | 2 +- tests/cfgs/default/result/rx.pcap.out | 2 +- tests/cfgs/default/result/sflow.pcap.out | 2 +- tests/cfgs/default/result/sip.pcap.out | 2 +- .../cfgs/default/result/sip_hello.pcapng.out | 2 +- tests/cfgs/default/result/skinny.pcap.out | 2 +- tests/cfgs/default/result/softether.pcap.out | 2 +- .../default/result/starcraft_battle.pcap.out | 2 +- tests/cfgs/default/result/synscan.pcap.out | 4 +- tests/cfgs/default/result/teams.pcap.out | 2 +- tests/cfgs/default/result/teamspeak3.pcap.out | 2 +- tests/cfgs/default/result/teamviewer.pcap.out | 2 +- tests/cfgs/default/result/telegram.pcap.out | 2 +- tests/cfgs/default/result/tftp.pcap.out | 2 +- tests/cfgs/default/result/toca-boca.pcap.out | 2 +- tests/cfgs/default/result/viber.pcap.out | 2 +- tests/cfgs/default/result/webex.pcap.out | 2 +- tests/cfgs/default/result/weibo.pcap.out | 2 +- tests/cfgs/default/result/wireguard.pcap.out | 2 +- tests/cfgs/default/result/zoom.pcap.out | 2 +- tests/cfgs/default/result/zoom_p2p.pcapng.out | 2 +- .../result/dns_long_domainname.pcap.out | 2 +- .../result/quic-mvfst-27.pcapng.out | 2 +- .../enable_payload_stat/result/1kxun.pcap.out | 2 +- .../result/protonvpn.pcap.out | 2 +- .../guessing_disable/result/webex.pcap.out | 2 +- .../ip_lists_disable/result/1kxun.pcap.out | 2 +- windows/nDPI.vcxproj | 1 + windows/nDPI.vcxproj.filters | 1 + 85 files changed, 186 insertions(+), 78 deletions(-) create mode 100644 src/lib/protocols/naraka.c create mode 100644 tests/cfgs/default/pcap/naraka_bladepoint.pcapng create mode 100644 tests/cfgs/default/result/naraka_bladepoint.pcapng.out diff --git a/doc/protocols.rst b/doc/protocols.rst index 2d337c7fa6d..ccd07150328 100644 --- a/doc/protocols.rst +++ b/doc/protocols.rst @@ -647,3 +647,12 @@ References: `RFC `_ Bidirectional Forwarding Detection is a network protocol that is used to detect faults between two routers or switches. References: `RFC `_ + + +.. _Proto 402: + +`NDPI_PROTOCOL_NARAKA` +============================ +Naraka: Bladepoint is a free-to-play action battle royale game developed by 24 Entertainment. + +References: `Main site `_ diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index d8a9026953c..cd955741c69 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -910,6 +910,7 @@ void init_gaijin_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i void init_c1222_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_dlep_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_bfd_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_naraka_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); #endif diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index d57d526e723..8ea516a7ea2 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -430,6 +430,7 @@ typedef enum { NDPI_PROTOCOL_HUAWEI_CLOUD = 399, NDPI_PROTOCOL_DLEP = 400, NDPI_PROTOCOL_BFD = 401, + NDPI_PROTOCOL_NARAKA = 402, #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h" diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ff1dc1a6a77..919eb97e8d8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2250,6 +2250,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "BFD", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 3784, 3785, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_NARAKA, + "NarakaBladepoint", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main.c" @@ -6077,6 +6081,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { /* Bidirectional Forwarding Detection */ init_bfd_dissector(ndpi_str, &a); + /* Naraka: Bladepoint */ + init_naraka_dissector(ndpi_str, &a); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif diff --git a/src/lib/protocols/naraka.c b/src/lib/protocols/naraka.c new file mode 100644 index 00000000000..97479e6d015 --- /dev/null +++ b/src/lib/protocols/naraka.c @@ -0,0 +1,60 @@ +/* + * naraka.c + * + * Copyright (C) 2024 - ntop.org + * Copyright (C) 2024 - V.G + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NARAKA + +#include "ndpi_api.h" +#include "ndpi_private.h" + +static void ndpi_search_naraka(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; + + if (packet->payload_packet_len > 30 && + le32toh(get_u_int32_t(packet->payload, 0)) == 0x0C080807) + { + NDPI_LOG_INFO(ndpi_struct, "found Naraka Bladepoint\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NARAKA, + NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + return; + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + +void init_naraka_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id) +{ + ndpi_set_bitmask_protocol_detection("NarakaBladepoint", ndpi_struct, *id, + NDPI_PROTOCOL_NARAKA, + ndpi_search_naraka, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} diff --git a/tests/cfgs/caches_cfg/result/teams.pcap.out b/tests/cfgs/caches_cfg/result/teams.pcap.out index ac69794006e..28d55350bb6 100644 --- a/tests/cfgs/caches_cfg/result/teams.pcap.out +++ b/tests/cfgs/caches_cfg/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 1 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 537 (6.47 diss/flow) +Num dissector calls: 538 (6.48 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out index ec04655af3a..f1e8cc07abb 100644 --- a/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/caches_global/result/lru_ipv6_caches.pcapng.out @@ -2,7 +2,7 @@ DPI Packets (TCP): 9 (3.00 pkts/flow) DPI Packets (UDP): 30 (3.33 pkts/flow) Confidence DPI (cache) : 4 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 646 (53.83 diss/flow) +Num dissector calls: 648 (54.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 25/7/2 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/caches_global/result/teams.pcap.out b/tests/cfgs/caches_global/result/teams.pcap.out index fe831e6124e..2c0fdc78558 100644 --- a/tests/cfgs/caches_global/result/teams.pcap.out +++ b/tests/cfgs/caches_global/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 1 (flows) Confidence DPI (partial) : 5 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 537 (6.47 diss/flow) +Num dissector calls: 538 (6.48 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out b/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out index b3912973b0d..9e0079349c4 100644 --- a/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/caches_global/result/zoom_p2p.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 52 (5.20 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial cache): 4 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 858 (71.50 diss/flow) +Num dissector calls: 862 (71.83 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/pcap/naraka_bladepoint.pcapng b/tests/cfgs/default/pcap/naraka_bladepoint.pcapng new file mode 100644 index 0000000000000000000000000000000000000000..469497b30a883fece53528b23c14c05d6813b8e5 GIT binary patch literal 1284 zcmd<$<>lJJz`)>ZqbfK+jk~!#%S^p$x(KcM900NMEL2mVd(jZfr7}yw6^9sz04Hy_WfwG)HIUWLT0V)BT!3Lz~fH**KKw+o2 zWyEKR8Xy~lJyv#cDd&FBFInsSm4m^Rfgx|D0|SGDpy!DLDvsxKWFtOY0fgWLsjU!L|ecSbGF*C4mO zc-stgKFD2lEDVgyHp|VspEn#>I`d#e(<{-5TS6yBSUky?Vz|O-F6+zwz~^8aaT6ks zZ>no4%qzvM0>6yRD)pNiw>rr^(^>N9wKdPs%Ni!EPlb8wx+O6iVUZfBNN z-d($wRZOxUA*7)oAZNV*jOsSbWSK~nXnRPnW zEiAQPKw%6HYp51bSbJ{JkOrkO5XMLcb}K!=>EHuOI?!t01PbeYHCwsB;S36ICJeiP z=7H>51H>QzvTN=PE$MC`8-y|Js$J;`wrc~5U7774L3SN#ss+jd;}m2UGXp~)Lj%LA zP9P5oEJ1XvkP(pNQb@5(GDtH|Nij9FOtUacO*Kh2F)%YTOG-<%OiD3KF_dDrG%__b zwlGv;EiOq-%mup<nYv(Le*&rYrgwfL=gNy20P#T=%ikt=+4Ax76+!}mK z43se;X%OhvASAZ}1)%_B7b_6wK>0g_*cdAP>JKq8$S^qPm*$nE78NTL6y=v?rT~kF pq)LSpNP)t{z`+1k`{P^#Gn8HCTYrcJ$Yu~`0-MGPVj}^N9RNlED<=Q| literal 0 HcmV?d00001 diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index c3faa383adb..a4e35e1d336 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 120 (1.21 pkts/flow) Confidence Unknown : 14 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4993 (25.35 diss/flow) +Num dissector calls: 5007 (25.42 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/60/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/4in4tunnel.pcap.out b/tests/cfgs/default/result/4in4tunnel.pcap.out index 90a31427e5e..ae3770c57e9 100644 --- a/tests/cfgs/default/result/4in4tunnel.pcap.out +++ b/tests/cfgs/default/result/4in4tunnel.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 5 (5.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 192 (192.00 diss/flow) +Num dissector calls: 193 (193.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/6in6tunnel.pcap.out b/tests/cfgs/default/result/6in6tunnel.pcap.out index c8de278b635..b806b34ef97 100644 --- a/tests/cfgs/default/result/6in6tunnel.pcap.out +++ b/tests/cfgs/default/result/6in6tunnel.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 147 (147.00 diss/flow) +Num dissector calls: 148 (148.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/EAQ.pcap.out b/tests/cfgs/default/result/EAQ.pcap.out index 572691cb9a3..461dd375b1b 100644 --- a/tests/cfgs/default/result/EAQ.pcap.out +++ b/tests/cfgs/default/result/EAQ.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 116 (4.00 pkts/flow) Confidence DPI : 31 (flows) -Num dissector calls: 4952 (159.74 diss/flow) +Num dissector calls: 4981 (160.68 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 937514321bb..793c19d8c26 100644 --- a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 7 (1.40 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 156 (31.20 diss/flow) +Num dissector calls: 157 (31.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out index 345bc3efec8..e4c2dbbf2cb 100644 --- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence Match by port : 8 (flows) Confidence DPI : 11 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1216 (60.80 diss/flow) +Num dissector calls: 1218 (60.90 diss/flow) LRU cache ookla: 0/2/0 (insert/search/found) LRU cache bittorrent: 0/27/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index 7d5bb7ad153..ec91907893d 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 61 (flows) -Num dissector calls: 869 (12.59 diss/flow) +Num dissector calls: 870 (12.61 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/collectd.pcap.out b/tests/cfgs/default/result/collectd.pcap.out index e3b469b4b47..f94666d9148 100644 --- a/tests/cfgs/default/result/collectd.pcap.out +++ b/tests/cfgs/default/result/collectd.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 13 (1.62 pkts/flow) Confidence Match by port : 3 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 467 (58.38 diss/flow) +Num dissector calls: 470 (58.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out index 908c8c2ffc6..8d61592e1b6 100644 --- a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out @@ -1,7 +1,7 @@ DPI Packets (UDP): 7 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by custom rule: 6 (flows) -Num dissector calls: 131 (18.71 diss/flow) +Num dissector calls: 132 (18.86 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out index d13d5567d83..75d58f3c8c3 100644 --- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out @@ -27,6 +27,6 @@ CustomProtocolC 3 222 1 Acceptable 8 592 3 - 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.408/TLS.CustomProtocolA][IP: 408/CustomProtocolA][Encrypted][Confidence: Match by custom rule][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.409/TLS.CustomProtocolA][IP: 409/CustomProtocolA][Encrypted][Confidence: Match by custom rule][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 800/CustomProtocolC][IP: 800/CustomProtocolC][ClearText][Confidence: Match by custom rule][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 409/CustomProtocolB][IP: 409/CustomProtocolB][ClearText][Confidence: Match by custom rule][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 410/CustomProtocolB][IP: 410/CustomProtocolB][ClearText][Confidence: Match by custom rule][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out index a8a75ed5401..f45ef4add70 100644 --- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out +++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 135 (135.00 diss/flow) +Num dissector calls: 136 (136.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out index aa5cd3712ad..417dc07627d 100644 --- a/tests/cfgs/default/result/discord.pcap.out +++ b/tests/cfgs/default/result/discord.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 5 (5.00 pkts/flow) DPI Packets (UDP): 60 (1.82 pkts/flow) Confidence DPI : 34 (flows) -Num dissector calls: 4615 (135.74 diss/flow) +Num dissector calls: 4642 (136.53 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord_mid_flow.pcap.out b/tests/cfgs/default/result/discord_mid_flow.pcap.out index 9eb880f0d37..aa4eecad6f0 100644 --- a/tests/cfgs/default/result/discord_mid_flow.pcap.out +++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 166 (166.00 diss/flow) +Num dissector calls: 167 (167.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out index 99eaa970d35..31508af72db 100644 --- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 256 (1.04 pkts/flow) Confidence DPI : 245 (flows) -Num dissector calls: 20350 (83.06 diss/flow) +Num dissector calls: 20361 (83.11 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/513/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v2.pcap.out b/tests/cfgs/default/result/dnscrypt-v2.pcap.out index 267445ef3e9..d9ac4fd7d12 100644 --- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 6 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 444 (148.00 diss/flow) +Num dissector calls: 447 (149.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out index 9faf7786992..4069cef5fe1 100644 --- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 148 (148.00 diss/flow) +Num dissector calls: 149 (149.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/epicgames.pcapng.out b/tests/cfgs/default/result/epicgames.pcapng.out index 239638440ea..388eb9387ec 100644 --- a/tests/cfgs/default/result/epicgames.pcapng.out +++ b/tests/cfgs/default/result/epicgames.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 12 (3.00 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 674 (168.50 diss/flow) +Num dissector calls: 678 (169.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index d46386a2324..3251ddd305c 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 34 (flows) Confidence Match by port : 27 (flows) Confidence DPI : 190 (flows) -Num dissector calls: 7335 (29.22 diss/flow) +Num dissector calls: 7373 (29.37 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/189/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out index 846878fca5e..3b8311750b0 100644 --- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Unknown : 19 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 55 (flows) -Num dissector calls: 2221 (28.84 diss/flow) +Num dissector calls: 2237 (29.05 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/66/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index 444b7842f79..4a3bdc5e0be 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 389 (flows) Confidence Match by port : 1 (flows) Confidence DPI : 370 (flows) -Num dissector calls: 49327 (64.90 diss/flow) +Num dissector calls: 49636 (65.31 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/1170/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gtp_false_positive.pcapng.out b/tests/cfgs/default/result/gtp_false_positive.pcapng.out index 4ecb5191d74..e64e15d47fb 100644 --- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out +++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (UDP): 7 (2.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) -Num dissector calls: 464 (154.67 diss/flow) +Num dissector calls: 467 (155.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/h323.pcap.out b/tests/cfgs/default/result/h323.pcap.out index 12be34569f6..6e38450b859 100644 --- a/tests/cfgs/default/result/h323.pcap.out +++ b/tests/cfgs/default/result/h323.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 1 (1.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 137 (68.50 diss/flow) +Num dissector calls: 138 (69.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index 971aa54934f..ca3b5befc92 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (5.92 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 7 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 168 (11.20 diss/flow) +Num dissector calls: 169 (11.27 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/21/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/imo.pcap.out b/tests/cfgs/default/result/imo.pcap.out index dafe571d402..5ff65573139 100644 --- a/tests/cfgs/default/result/imo.pcap.out +++ b/tests/cfgs/default/result/imo.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 7 (3.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 331 (165.50 diss/flow) +Num dissector calls: 333 (166.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out index a724823b532..1046e8d984e 100644 --- a/tests/cfgs/default/result/instagram.pcap.out +++ b/tests/cfgs/default/result/instagram.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 7 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1393 (36.66 diss/flow) +Num dissector calls: 1394 (36.68 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out index 7bbca9e6e3f..42abd06ade8 100644 --- a/tests/cfgs/default/result/iphone.pcap.out +++ b/tests/cfgs/default/result/iphone.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 55 (1.77 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 50 (flows) -Num dissector calls: 363 (7.12 diss/flow) +Num dissector calls: 364 (7.14 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out index 2fc45e7eec9..ed49b518b7a 100644 --- a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out +++ b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out @@ -2,7 +2,7 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 132 (66.00 diss/flow) +Num dissector calls: 133 (66.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/kontiki.pcap.out b/tests/cfgs/default/result/kontiki.pcap.out index 6154ef95ae3..c1a47439393 100644 --- a/tests/cfgs/default/result/kontiki.pcap.out +++ b/tests/cfgs/default/result/kontiki.pcap.out @@ -2,7 +2,7 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 365 (45.62 diss/flow) +Num dissector calls: 367 (45.88 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/linecall_falsepositve.pcap.out b/tests/cfgs/default/result/linecall_falsepositve.pcap.out index 0b4b1b45ac7..61405397346 100644 --- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out +++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 13 (13.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 216 (216.00 diss/flow) +Num dissector calls: 217 (217.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out index ec04655af3a..f1e8cc07abb 100644 --- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out @@ -2,7 +2,7 @@ DPI Packets (TCP): 9 (3.00 pkts/flow) DPI Packets (UDP): 30 (3.33 pkts/flow) Confidence DPI (cache) : 4 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 646 (53.83 diss/flow) +Num dissector calls: 648 (54.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 25/7/2 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/mullvad_wireguard.pcap.out b/tests/cfgs/default/result/mullvad_wireguard.pcap.out index 9c194624fa9..70fcfca217c 100644 --- a/tests/cfgs/default/result/mullvad_wireguard.pcap.out +++ b/tests/cfgs/default/result/mullvad_wireguard.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 153 (153.00 diss/flow) +Num dissector calls: 154 (154.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/mumble.pcapng.out b/tests/cfgs/default/result/mumble.pcapng.out index 61f683686ba..408a8482a11 100644 --- a/tests/cfgs/default/result/mumble.pcapng.out +++ b/tests/cfgs/default/result/mumble.pcapng.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 305 (101.67 diss/flow) +Num dissector calls: 307 (102.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/naraka_bladepoint.pcapng.out b/tests/cfgs/default/result/naraka_bladepoint.pcapng.out new file mode 100644 index 00000000000..6ef35a1877b --- /dev/null +++ b/tests/cfgs/default/result/naraka_bladepoint.pcapng.out @@ -0,0 +1,28 @@ +DPI Packets (UDP): 1 (1.00 pkts/flow) +Confidence DPI : 1 (flows) +Num dissector calls: 136 (136.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 1/1 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +NarakaBladepoint 5 753 1 + +Fun 5 753 1 + + 1 UDP 192.168.88.231:58951 <-> 34.141.75.90:28203 [proto: 402/NarakaBladepoint][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][3 pkts/339 bytes <-> 2 pkts/414 bytes][Goodput ratio: 63/80][0.07 sec][PLAIN TEXT (9251381)][Plen Bins: 0,40,20,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/nintendo.pcap.out b/tests/cfgs/default/result/nintendo.pcap.out index 1c2e06fd5db..1ffebd6f55e 100644 --- a/tests/cfgs/default/result/nintendo.pcap.out +++ b/tests/cfgs/default/result/nintendo.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 15 (flows) Confidence Match by IP : 5 (flows) -Num dissector calls: 1339 (63.76 diss/flow) +Num dissector calls: 1344 (64.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/18/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out b/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out index 488555a98fb..fa2b7ce63f9 100644 --- a/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out +++ b/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 165 (165.00 diss/flow) +Num dissector calls: 166 (166.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out index f27db29c1b5..c172eae08ce 100644 --- a/tests/cfgs/default/result/openvpn.pcap.out +++ b/tests/cfgs/default/result/openvpn.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 24 (8.00 pkts/flow) DPI Packets (UDP): 15 (3.00 pkts/flow) Confidence DPI : 8 (flows) -Num dissector calls: 1323 (165.38 diss/flow) +Num dissector calls: 1328 (166.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/openvpn_nohmac.pcapng.out b/tests/cfgs/default/result/openvpn_nohmac.pcapng.out index 8e201b3710a..d81ed0b7117 100644 --- a/tests/cfgs/default/result/openvpn_nohmac.pcapng.out +++ b/tests/cfgs/default/result/openvpn_nohmac.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 136 (136.00 diss/flow) +Num dissector calls: 137 (137.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out index b12adb80bc3..aa0b101207e 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out @@ -2,7 +2,7 @@ DPI Packets (TCP): 8 (1.33 pkts/flow) DPI Packets (UDP): 9 (2.25 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 9 (flows) -Num dissector calls: 796 (79.60 diss/flow) +Num dissector calls: 799 (79.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out index 628d62460da..978bbc5e42d 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 38 (6.33 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 7 (flows) -Num dissector calls: 994 (124.25 diss/flow) +Num dissector calls: 996 (124.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out index b557358d075..8b4ac048c32 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 149 (149.00 diss/flow) +Num dissector calls: 150 (150.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out index 703be5964dd..930eed88579 100644 --- a/tests/cfgs/default/result/pps.pcap.out +++ b/tests/cfgs/default/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 136 (3.09 pkts/flow) Confidence Unknown : 29 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 6085 (56.87 diss/flow) +Num dissector calls: 6114 (57.14 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/93/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/protonvpn.pcap.out b/tests/cfgs/default/result/protonvpn.pcap.out index f7c8c08f2ca..5c4584d3010 100644 --- a/tests/cfgs/default/result/protonvpn.pcap.out +++ b/tests/cfgs/default/result/protonvpn.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 149 (49.67 diss/flow) +Num dissector calls: 150 (50.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index 3a91112a83e..57105bd07e7 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 12 (1.20 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 9 (flows) -Num dissector calls: 232 (23.20 diss/flow) +Num dissector calls: 233 (23.30 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out index 900ba608d99..a4644168de8 100644 --- a/tests/cfgs/default/result/quic_0RTT.pcap.out +++ b/tests/cfgs/default/result/quic_0RTT.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 210 (105.00 diss/flow) +Num dissector calls: 211 (105.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/raknet.pcap.out b/tests/cfgs/default/result/raknet.pcap.out index 53d673a2cda..6bff7507c2f 100644 --- a/tests/cfgs/default/result/raknet.pcap.out +++ b/tests/cfgs/default/result/raknet.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 24 (2.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1523 (126.92 diss/flow) +Num dissector calls: 1529 (127.42 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rdp2.pcap.out b/tests/cfgs/default/result/rdp2.pcap.out index f96c1ea8e54..06459c46e16 100644 --- a/tests/cfgs/default/result/rdp2.pcap.out +++ b/tests/cfgs/default/result/rdp2.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 8 (2.67 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 442 (147.33 diss/flow) +Num dissector calls: 445 (148.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rtp.pcapng.out b/tests/cfgs/default/result/rtp.pcapng.out index 1b96bab49b7..ddf9191aa76 100644 --- a/tests/cfgs/default/result/rtp.pcapng.out +++ b/tests/cfgs/default/result/rtp.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 9 (3.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 470 (156.67 diss/flow) +Num dissector calls: 473 (157.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rx.pcap.out b/tests/cfgs/default/result/rx.pcap.out index 6e14e12cb43..6aba2447fb9 100644 --- a/tests/cfgs/default/result/rx.pcap.out +++ b/tests/cfgs/default/result/rx.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 740 (148.00 diss/flow) +Num dissector calls: 745 (149.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sflow.pcap.out b/tests/cfgs/default/result/sflow.pcap.out index 1bfd3ea7c18..c5752780b42 100644 --- a/tests/cfgs/default/result/sflow.pcap.out +++ b/tests/cfgs/default/result/sflow.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 136 (136.00 diss/flow) +Num dissector calls: 137 (137.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sip.pcap.out b/tests/cfgs/default/result/sip.pcap.out index c0031c071d5..22a8cec55c0 100644 --- a/tests/cfgs/default/result/sip.pcap.out +++ b/tests/cfgs/default/result/sip.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 209 (52.25 diss/flow) +Num dissector calls: 210 (52.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sip_hello.pcapng.out b/tests/cfgs/default/result/sip_hello.pcapng.out index e19c1e9997d..2c8911a3f15 100644 --- a/tests/cfgs/default/result/sip_hello.pcapng.out +++ b/tests/cfgs/default/result/sip_hello.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 201 (201.00 diss/flow) +Num dissector calls: 202 (202.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skinny.pcap.out b/tests/cfgs/default/result/skinny.pcap.out index 2f43d5311b3..9e778f567e5 100644 --- a/tests/cfgs/default/result/skinny.pcap.out +++ b/tests/cfgs/default/result/skinny.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 2 (1.00 pkts/flow) DPI Packets (UDP): 15 (3.00 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 762 (108.86 diss/flow) +Num dissector calls: 767 (109.57 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/softether.pcap.out b/tests/cfgs/default/result/softether.pcap.out index 9ca7cb821a7..e968a6ea586 100644 --- a/tests/cfgs/default/result/softether.pcap.out +++ b/tests/cfgs/default/result/softether.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 31 (10.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 413 (103.25 diss/flow) +Num dissector calls: 415 (103.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index e892d84e249..df0865397c5 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 12 (flows) Confidence DPI : 39 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1667 (32.06 diss/flow) +Num dissector calls: 1672 (32.15 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/39/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out index 3030528202d..6a7282d6471 100644 --- a/tests/cfgs/default/result/synscan.pcap.out +++ b/tests/cfgs/default/result/synscan.pcap.out @@ -142,7 +142,7 @@ Unrated 1852 107424 1848 46 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 49 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 402/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 49 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 403/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 172.16.0.8:36050 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 51 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 52 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -213,7 +213,7 @@ Unrated 1852 107424 1848 117 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 118 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 119 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 120 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 402/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 120 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 403/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 121 TCP 172.16.0.8:36051 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 122 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 123 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index fe831e6124e..2c0fdc78558 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 1 (flows) Confidence DPI (partial) : 5 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 537 (6.47 diss/flow) +Num dissector calls: 538 (6.48 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamspeak3.pcap.out b/tests/cfgs/default/result/teamspeak3.pcap.out index 11151595a6b..c108d2405c0 100644 --- a/tests/cfgs/default/result/teamspeak3.pcap.out +++ b/tests/cfgs/default/result/teamspeak3.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 217 (108.50 diss/flow) +Num dissector calls: 218 (109.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamviewer.pcap.out b/tests/cfgs/default/result/teamviewer.pcap.out index 64d6beca89c..db164764933 100644 --- a/tests/cfgs/default/result/teamviewer.pcap.out +++ b/tests/cfgs/default/result/teamviewer.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 177 (88.50 diss/flow) +Num dissector calls: 178 (89.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out index fdb724f67ac..790a8340728 100644 --- a/tests/cfgs/default/result/telegram.pcap.out +++ b/tests/cfgs/default/result/telegram.pcap.out @@ -1,7 +1,7 @@ DPI Packets (UDP): 82 (1.71 pkts/flow) Confidence Unknown : 3 (flows) Confidence DPI : 45 (flows) -Num dissector calls: 1583 (32.98 diss/flow) +Num dissector calls: 1586 (33.04 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tftp.pcap.out b/tests/cfgs/default/result/tftp.pcap.out index e6c77ec9dfc..a54e851ea83 100644 --- a/tests/cfgs/default/result/tftp.pcap.out +++ b/tests/cfgs/default/result/tftp.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (UDP): 15 (1.67 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 7 (flows) -Num dissector calls: 661 (73.44 diss/flow) +Num dissector calls: 665 (73.89 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/toca-boca.pcap.out b/tests/cfgs/default/result/toca-boca.pcap.out index 38444b20507..ebb34cbc813 100644 --- a/tests/cfgs/default/result/toca-boca.pcap.out +++ b/tests/cfgs/default/result/toca-boca.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (UDP): 21 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 17 (flows) -Num dissector calls: 557 (26.52 diss/flow) +Num dissector calls: 561 (26.71 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index ca461f9b0f2..a982774682b 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 467 (16.10 diss/flow) +Num dissector calls: 468 (16.14 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index 437ed884905..0825e890b6f 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 14 (7.00 pkts/flow) Confidence Match by port : 3 (flows) Confidence DPI : 53 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 287 (5.04 diss/flow) +Num dissector calls: 288 (5.05 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index 2fc36fc7680..ebbf6b3dfdd 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 100 (3.33 pkts/flow) DPI Packets (UDP): 43 (3.07 pkts/flow) Confidence Match by port : 21 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 571 (12.98 diss/flow) +Num dissector calls: 573 (13.02 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/63/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/wireguard.pcap.out b/tests/cfgs/default/result/wireguard.pcap.out index f5d8ddf403f..a9f86c5ccdb 100644 --- a/tests/cfgs/default/result/wireguard.pcap.out +++ b/tests/cfgs/default/result/wireguard.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 6 (3.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 305 (152.50 diss/flow) +Num dissector calls: 307 (153.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom.pcap.out b/tests/cfgs/default/result/zoom.pcap.out index e6a3a75072f..bbf96c7b64f 100644 --- a/tests/cfgs/default/result/zoom.pcap.out +++ b/tests/cfgs/default/result/zoom.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 40 (2.22 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 32 (flows) -Num dissector calls: 1049 (30.85 diss/flow) +Num dissector calls: 1050 (30.88 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 7/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom_p2p.pcapng.out b/tests/cfgs/default/result/zoom_p2p.pcapng.out index b3912973b0d..9e0079349c4 100644 --- a/tests/cfgs/default/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 52 (5.20 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial cache): 4 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 858 (71.50 diss/flow) +Num dissector calls: 862 (71.83 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out index 038041ab160..5380eabb043 100644 --- a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out +++ b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 148 (148.00 diss/flow) +Num dissector calls: 149 (149.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out index f668b2b3ec2..bfe981af0ad 100644 --- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 13 (13.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 202 (202.00 diss/flow) +Num dissector calls: 203 (203.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out index e32a3d399d7..a23c5f8f067 100644 --- a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out +++ b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 120 (1.21 pkts/flow) Confidence Unknown : 14 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4993 (25.35 diss/flow) +Num dissector calls: 5007 (25.42 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/60/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out b/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out index c50075aad92..ba32690ce03 100644 --- a/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out +++ b/tests/cfgs/flow_risk_lists_disable/result/protonvpn.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 149 (49.67 diss/flow) +Num dissector calls: 150 (50.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/guessing_disable/result/webex.pcap.out b/tests/cfgs/guessing_disable/result/webex.pcap.out index 105fb4f409a..10b2246c366 100644 --- a/tests/cfgs/guessing_disable/result/webex.pcap.out +++ b/tests/cfgs/guessing_disable/result/webex.pcap.out @@ -2,7 +2,7 @@ DPI Packets (TCP): 395 (7.18 pkts/flow) DPI Packets (UDP): 14 (7.00 pkts/flow) Confidence Unknown : 4 (flows) Confidence DPI : 53 (flows) -Num dissector calls: 287 (5.04 diss/flow) +Num dissector calls: 288 (5.05 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out index 84ce682cd89..a900809f1d8 100644 --- a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out +++ b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 120 (1.21 pkts/flow) Confidence Unknown : 14 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4993 (25.35 diss/flow) +Num dissector calls: 5007 (25.42 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/60/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj index e161947eedb..23fac64877d 100644 --- a/windows/nDPI.vcxproj +++ b/windows/nDPI.vcxproj @@ -368,6 +368,7 @@ + diff --git a/windows/nDPI.vcxproj.filters b/windows/nDPI.vcxproj.filters index 627f771c1d4..25520b39e09 100644 --- a/windows/nDPI.vcxproj.filters +++ b/windows/nDPI.vcxproj.filters @@ -143,6 +143,7 @@ +