diff options
| author | Toni <matzeton@googlemail.com> | 2022-07-29 19:29:54 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-29 19:29:54 +0200 |
| commit | ed4f106a0d6ba2d644e95354891b4b68f927c535 (patch) | |
| tree | 9dcd51e78edaa9eb1d41149242ba37fe2eb9811d | |
| parent | 405a52ed65c0b641b26f0571bf6a6c369c5251d7 (diff) | |
Add Softether dissector. (#1679)
Signed-off-by: lns <matzeton@googlemail.com>
58 files changed, 514 insertions, 72 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 930220801..f4c0f427a 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1462,6 +1462,25 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa } break; + case INFO_SOFTETHER: + if (flow->softether.ip[0] != '\0') + { + fprintf(out, "[Client IP: %s]", flow->softether.ip); + } + if (flow->softether.port[0] != '\0') + { + fprintf(out, "[Client Port: %s]", flow->softether.port); + } + if (flow->softether.hostname[0] != '\0') + { + fprintf(out, "[Hostname: %s]", flow->softether.hostname); + } + if (flow->softether.fqdn[0] != '\0') + { + fprintf(out, "[FQDN: %s]", flow->softether.fqdn); + } + break; + case INFO_FTP_IMAP_POP_SMTP: if (flow->ftp_imap_pop_smtp.username[0] != '\0') { @@ -1888,6 +1907,13 @@ static void printFlowSerialized(u_int16_t thread_id, } break; + case INFO_SOFTETHER: + ndpi_serialize_string_string(serializer, "client_ip", flow->softether.ip); + ndpi_serialize_string_string(serializer, "client_port", flow->softether.port); + ndpi_serialize_string_string(serializer, "hostname", flow->softether.hostname); + ndpi_serialize_string_string(serializer, "fqdn", flow->softether.fqdn); + break; + case INFO_FTP_IMAP_POP_SMTP: ndpi_serialize_string_string(serializer, "username", flow->ftp_imap_pop_smtp.username); diff --git a/example/reader_util.c b/example/reader_util.c index dfeeb8672..48f522cbf 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1080,6 +1080,18 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->bittorent_hash[j] = '\0'; } } + /* SOFTETHER */ + else if(is_ndpi_proto(flow, NDPI_PROTOCOL_SOFTETHER) && !is_ndpi_proto(flow, NDPI_PROTOCOL_HTTP)) { + flow->info_type = INFO_SOFTETHER; + ndpi_snprintf(flow->softether.ip, sizeof(flow->softether.ip), "%s", + flow->ndpi_flow->protos.softether.ip); + ndpi_snprintf(flow->softether.port, sizeof(flow->softether.port), "%s", + flow->ndpi_flow->protos.softether.port); + ndpi_snprintf(flow->softether.hostname, sizeof(flow->softether.hostname), "%s", + flow->ndpi_flow->protos.softether.hostname); + ndpi_snprintf(flow->softether.fqdn, sizeof(flow->softether.fqdn), "%s", + flow->ndpi_flow->protos.softether.fqdn); + } /* DNS */ else if(is_ndpi_proto(flow, NDPI_PROTOCOL_DNS)) { if(flow->ndpi_flow->protos.dns.rsp_type == 0x1) diff --git a/example/reader_util.h b/example/reader_util.h index e73df42b2..e61167837 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -162,6 +162,7 @@ enum info_type { INFO_INVALID = 0, INFO_GENERIC, INFO_KERBEROS, + INFO_SOFTETHER, INFO_FTP_IMAP_POP_SMTP, INFO_TLS_QUIC_ALPN_VERSION, INFO_TLS_QUIC_ALPN_ONLY, @@ -227,6 +228,12 @@ typedef struct ndpi_flow_info { char hostname[85]; char username[86]; } kerberos; + struct { + char ip[16]; + char port[6]; + char hostname[48]; + char fqdn[48]; + } softether; }; char flow_extra_info[16]; diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index e591f3eda..5c552c0d7 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -390,9 +390,9 @@ static inline u_int64_t get_u_int64_t(const u_int8_t* X, int O) #define htole32(x) (x) #define be32toh(x) ntohl(x) #define le32toh(x) (x) -#define htobe64(x) htonll(x) +#define htobe64(x) ndpi_htonll(x) #define htole64(x) (x) -#define be64toh(x) ntohll(x) +#define be64toh(x) ndpi_ntohll(x) #define le64toh(x) (x) #elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index ebd88a837..f674b2849 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -234,6 +234,7 @@ void init_ultrasurf_dissector(struct ndpi_detection_module_struct *ndpi_struct, void init_threema_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_alicloud_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_avast_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_softether_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); /* ndpi_main.c */ extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index f5fccfd56..24302075e 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1362,6 +1362,13 @@ struct ndpi_flow_struct { } kerberos; struct { + char ip[16]; + char port[6]; + char hostname[48]; + char fqdn[48]; + } softether; + + struct { char *server_names, *alpn, *tls_supported_versions, *issuerDN, *subjectDN; u_int32_t notBefore, notAfter; char ja3_client[33], ja3_server[33]; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8835a0643..3c8d91811 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4534,6 +4534,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { /* AVAST */ init_avast_dissector(ndpi_str, &a, detection_bitmask); + /* Softether */ + init_softether_dissector(ndpi_str, &a, detection_bitmask); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif @@ -8251,6 +8254,9 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp case NDPI_PROTOCOL_BITTORRENT: return(1); break; + + case NDPI_PROTOCOL_SOFTETHER: + return(1); } return(0); diff --git a/src/lib/protocols/softether.c b/src/lib/protocols/softether.c new file mode 100644 index 000000000..8a80e6322 --- /dev/null +++ b/src/lib/protocols/softether.c @@ -0,0 +1,379 @@ +/* + * softether.c + * + * Copyright (C) 2022 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOFTETHER + +#include "ndpi_api.h" + +enum softether_value_type { + VALUE_INT = 0u, + VALUE_DATA = 1u, + VALUE_STR = 2u, + VALUE_UNISTR = 3u, + VALUE_INT64 = 4u +}; + +union softether_dissected_value { + int value_int; + u_int64_t value_int64; + union { + void const *raw; + u_int8_t const *value_data; + char const *value_str; + char const *value_unistr; + } ptr; +}; + +struct softether_value { + enum softether_value_type type; + union softether_dissected_value value; + u_int32_t value_size; +}; + +static int ndpi_search_softether_again(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow); + +static void ndpi_int_softether_add_connection(struct ndpi_detection_module_struct * const ndpi_struct, + struct ndpi_flow_struct * const flow) +{ + NDPI_LOG_INFO(ndpi_struct, "found softether\n"); + + flow->check_extra_packets = 1; + flow->max_extra_packets_to_check = 15; + flow->extra_packets_func = ndpi_search_softether_again; + + ndpi_set_detected_protocol(ndpi_struct, flow, + NDPI_PROTOCOL_SOFTETHER, + NDPI_PROTOCOL_UNKNOWN, + NDPI_CONFIDENCE_DPI); +} + +static size_t dissect_softether_type(enum softether_value_type t, + struct softether_value *v, + u_int8_t const *payload, + u_int16_t payload_len) +{ + size_t ret = 0; + v->type = t; + v->value_size = 0; + + switch (t) + { + case VALUE_INT: + if (payload_len < 4) + { + return 0; + } + v->value.value_int = ntohl(get_u_int32_t(payload, 0)); + v->value_size = sizeof(v->value.value_int); + ret = v->value_size; + break; + + case VALUE_DATA: + case VALUE_STR: + case VALUE_UNISTR: + if (payload_len < 4) + { + return 0; + } + v->value.ptr.raw = payload + 4; + u_int32_t siz = ntohl(get_u_int32_t(payload, 0)); + if (payload_len < siz + 3) + { + return 0; + } + if (t == VALUE_DATA) + { + siz--; + } + v->value_size = siz; + ret = siz + sizeof(siz); + break; + + case VALUE_INT64: + if (payload_len < 8) + { + return 0; + } + v->value.value_int64 = be64toh(get_u_int64_t(payload, 0)); + v->value_size = sizeof(v->value.value_int64); + ret = v->value_size; + break; + } + + if (ret > payload_len) + { + return 0; + } + + return ret; +} + +static int softether_type_to_enum(u_int32_t type, enum softether_value_type *result) +{ + switch (type) + { + case VALUE_INT: + case VALUE_DATA: + case VALUE_STR: + case VALUE_UNISTR: + case VALUE_INT64: + *result = (enum softether_value_type)type; + return 0; + } + + return 1; +} + +static size_t dissect_softether_tuples(u_int8_t const *payload, u_int16_t payload_len, + struct softether_value *first_value, + struct softether_value *second_value) +{ + enum softether_value_type first_tuple_type; + enum softether_value_type second_tuple_type; + size_t value_siz; + size_t const tuple_type_len = 8; + + if (payload_len < tuple_type_len) + { + return 0; + } + + if (softether_type_to_enum(ntohl(get_u_int32_t(payload, 0)), &first_tuple_type) != 0 || + softether_type_to_enum(ntohl(get_u_int32_t(payload, 4)), &second_tuple_type) != 0) + { + return 0; + } + + payload += tuple_type_len; + payload_len -= tuple_type_len; + + value_siz = dissect_softether_type(first_tuple_type, first_value, payload, payload_len); + + payload += value_siz; + payload_len -= value_siz; + + value_siz += dissect_softether_type(second_tuple_type, second_value, payload, payload_len); + + return value_siz + tuple_type_len; +} + +static int dissect_softether_host_fqdn(struct ndpi_flow_struct *flow, + struct ndpi_packet_struct const *packet) +{ + u_int8_t const *payload = packet->payload; + u_int16_t payload_len = packet->payload_packet_len; + u_int32_t tuple_count; + size_t value_siz; + struct softether_value val1, val2; + uint8_t got_hostname = 0, got_fqdn = 0; + + if (payload_len < 4) + { + return 1; + } + + tuple_count = ntohl(get_u_int32_t(payload, 0)); + if (tuple_count == 0 || tuple_count * 8 > payload_len) + { + return 1; + } + + payload += 4; + payload_len -= 4; + + value_siz = dissect_softether_type(VALUE_DATA, &val1, payload, payload_len); + if (value_siz == 0) + { + return 1; + } + + payload += value_siz; + payload_len -= value_siz; + + if (strncmp(val1.value.ptr.value_str, "host_name", value_siz) == 0) + { + got_hostname = 1; + } + + for (; tuple_count > 0; --tuple_count) + { + value_siz = dissect_softether_tuples(payload, payload_len, &val1, &val2); + if (value_siz == 0) + { + break; + } + + if (got_hostname == 1) + { + if (val1.type == VALUE_STR && val1.value_size > 0) + { + size_t len = ndpi_min(val1.value_size, sizeof(flow->protos.softether.hostname) - 1); + strncpy(flow->protos.softether.hostname, val1.value.ptr.value_str, len); + flow->protos.softether.hostname[len] = '\0'; + } + got_hostname = 0; + } + if (got_fqdn == 1) + { + if (val1.type == VALUE_STR && val1.value_size > 0) + { + size_t len = ndpi_min(val1.value_size, sizeof(flow->protos.softether.fqdn) - 1); + strncpy(flow->protos.softether.fqdn, val1.value.ptr.value_str, len); + flow->protos.softether.fqdn[len] = '\0'; + } + got_fqdn = 0; + } + + if (val2.type == VALUE_DATA && val2.value_size > 0 && + strncmp(val2.value.ptr.value_str, "ddns_fqdn", val2.value_size) == 0) + { + got_fqdn = 1; + } + + payload += value_siz; + payload_len -= value_siz; + } + + if (payload_len != 0) + { + return 1; + } + + return 0; +} + +static int dissect_softether_ip_port(struct ndpi_flow_struct *flow, + struct ndpi_packet_struct const *packet) +{ + char * ip_port_separator; + size_t ip_len, port_len; + + if (packet->payload_packet_len < NDPI_STATICSTRING_LEN("IP=") + + NDPI_STATICSTRING_LEN(",PORT=")) + { + return 1; + } + + if (strncmp((char *)&packet->payload[0], "IP=", NDPI_STATICSTRING_LEN("IP=")) != 0) + { + return 1; + } + + ip_port_separator = ndpi_strnstr((char const *)packet->payload + NDPI_STATICSTRING_LEN("IP="), + ",PORT=", + packet->payload_packet_len - NDPI_STATICSTRING_LEN("IP=")); + if (ip_port_separator == NULL) + { + return 1; + } + + ip_len = ndpi_min(sizeof(flow->protos.softether.ip) - 1, + ip_port_separator - (char const *)packet->payload - + NDPI_STATICSTRING_LEN("IP=")); + strncpy(flow->protos.softether.ip, (char const *)packet->payload + NDPI_STATICSTRING_LEN("IP="), + ip_len); + flow->protos.softether.ip[ip_len] = '\0'; + + port_len = ndpi_min(sizeof(flow->protos.softether.port) - 1, + ip_port_separator - (char const *)packet->payload - + NDPI_STATICSTRING_LEN("IP=") - NDPI_STATICSTRING_LEN(",PORT=")); + strncpy(flow->protos.softether.port, ip_port_separator + NDPI_STATICSTRING_LEN(",PORT="), + port_len); + flow->protos.softether.port[port_len] = '\0'; + + return 0; +} + +void ndpi_search_softether(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; + + NDPI_LOG_DBG(ndpi_struct, "search softether\n"); + + if (packet->payload_packet_len == 1) + { + if (packet->payload[0] != 0x41 || + flow->packet_counter > 2) + { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } + + return; + } + + if (packet->payload_packet_len > 9 && packet->payload_packet_len < 30) + { + if (dissect_softether_ip_port(flow, packet) == 0) + { + ndpi_int_softether_add_connection(ndpi_struct, flow); + return; + } + } + + if (packet->payload_packet_len >= 99) + { + if (dissect_softether_host_fqdn(flow, packet) == 0) + { + ndpi_int_softether_add_connection(ndpi_struct, flow); + return; + } + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + +static int ndpi_search_softether_again(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + if (dissect_softether_ip_port(flow, &ndpi_struct->packet) == 0 || + dissect_softether_host_fqdn(flow, &ndpi_struct->packet) == 0) + { + if (flow->protos.softether.ip[0] != '\0' && flow->protos.softether.port[0] != '\0' && + flow->protos.softether.hostname[0] != '\0' && flow->protos.softether.fqdn[0] != '\0') + { + flow->check_extra_packets = 0; + flow->max_extra_packets_to_check = 0; + flow->extra_packets_func = NULL; + + return 0; + } + } + + return 1; +} + +void init_softether_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("Softether", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_SOFTETHER, + ndpi_search_softether, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK + ); + + *id += 1; +} diff --git a/tests/pcap/softether-http.pcap b/tests/pcap/softether-http.pcap Binary files differdeleted file mode 100644 index d6d95987d..000000000 --- a/tests/pcap/softether-http.pcap +++ /dev/null diff --git a/tests/pcap/softether.pcap b/tests/pcap/softether.pcap Binary files differnew file mode 100644 index 000000000..bba8aa3ed --- /dev/null +++ b/tests/pcap/softether.pcap diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 83396d22b..983e721a3 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -6,7 +6,7 @@ Confidence Unknown : 14 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4630 (23.50 diss/flow) +Num dissector calls: 4644 (23.57 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/4in4tunnel.pcap.out b/tests/result/4in4tunnel.pcap.out index cb20e385c..653c96cbd 100644 --- a/tests/result/4in4tunnel.pcap.out +++ b/tests/result/4in4tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 5 (5.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 167 (167.00 diss/flow) +Num dissector calls: 168 (168.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/6in6tunnel.pcap.out b/tests/result/6in6tunnel.pcap.out index 9747eec44..3bda320c0 100644 --- a/tests/result/6in6tunnel.pcap.out +++ b/tests/result/6in6tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 111 (111.00 diss/flow) +Num dissector calls: 112 (112.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index 76beaaeff..cf22158f6 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 116 (4.00 pkts/flow) Confidence DPI : 31 (flows) -Num dissector calls: 4016 (129.55 diss/flow) +Num dissector calls: 4045 (130.48 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index df50ae335..0e5e9bac3 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 2 (flows) Confidence Match by port : 5 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 61 (flows) -Num dissector calls: 917 (13.29 diss/flow) +Num dissector calls: 918 (13.30 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/collectd.pcap.out b/tests/result/collectd.pcap.out index 512fa42a0..1819dcb7e 100644 --- a/tests/result/collectd.pcap.out +++ b/tests/result/collectd.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 13 (1.62 pkts/flow) Confidence Match by port : 3 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 373 (46.62 diss/flow) +Num dissector calls: 376 (47.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dhcp-fuzz.pcapng.out b/tests/result/dhcp-fuzz.pcapng.out index bc84545d3..f1210a16f 100644 --- a/tests/result/dhcp-fuzz.pcapng.out +++ b/tests/result/dhcp-fuzz.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 99 (99.00 diss/flow) +Num dissector calls: 100 (100.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out index 54f8119e5..a446a6229 100644 --- a/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 256 (1.04 pkts/flow) Confidence DPI : 245 (flows) -Num dissector calls: 21874 (89.28 diss/flow) +Num dissector calls: 21885 (89.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dnscrypt-v2.pcap.out b/tests/result/dnscrypt-v2.pcap.out index e9acb3952..ffbe8e2ae 100644 --- a/tests/result/dnscrypt-v2.pcap.out +++ b/tests/result/dnscrypt-v2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 348 (116.00 diss/flow) +Num dissector calls: 351 (117.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dnscrypt_skype_false_positive.pcapng.out b/tests/result/dnscrypt_skype_false_positive.pcapng.out index b7fb253f8..120e9797c 100644 --- a/tests/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/result/dnscrypt_skype_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 117 (117.00 diss/flow) +Num dissector calls: 118 (118.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out index a4e0da678..87a759e5e 100644 --- a/tests/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5218 (20.79 diss/flow) +Num dissector calls: 5251 (20.92 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2020-02-16-11740.pcap.out b/tests/result/fuzz-2020-02-16-11740.pcap.out index a336c9247..3aecd7351 100644 --- a/tests/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/result/fuzz-2020-02-16-11740.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Unknown : 19 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 55 (flows) -Num dissector calls: 1645 (21.36 diss/flow) +Num dissector calls: 1661 (21.57 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/gnutella.pcap.out b/tests/result/gnutella.pcap.out index 45f39e850..34e42078a 100644 --- a/tests/result/gnutella.pcap.out +++ b/tests/result/gnutella.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 595 (flows) Confidence Match by port : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 163 (flows) -Num dissector calls: 62705 (82.51 diss/flow) +Num dissector calls: 63221 (83.19 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/gtp_false_positive.pcapng.out b/tests/result/gtp_false_positive.pcapng.out index 653e753ef..8b1ad1887 100644 --- a/tests/result/gtp_false_positive.pcapng.out +++ b/tests/result/gtp_false_positive.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 7 (2.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) -Num dissector calls: 369 (123.00 diss/flow) +Num dissector calls: 372 (124.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index cd98eb0d9..bb5f247a2 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 130 (8.67 diss/flow) +Num dissector calls: 131 (8.73 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/imo.pcap.out b/tests/result/imo.pcap.out index 9b9d31afd..c51c6b086 100644 --- a/tests/result/imo.pcap.out +++ b/tests/result/imo.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 7 (3.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 269 (134.50 diss/flow) +Num dissector calls: 271 (135.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index 203ffb32a..0a9cf7749 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1820 (47.89 diss/flow) +Num dissector calls: 1821 (47.92 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/iphone.pcap.out b/tests/result/iphone.pcap.out index dd84c0624..b42d7dc06 100644 --- a/tests/result/iphone.pcap.out +++ b/tests/result/iphone.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 55 (1.77 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 50 (flows) -Num dissector calls: 352 (6.90 diss/flow) +Num dissector calls: 353 (6.92 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/kontiki.pcap.out b/tests/result/kontiki.pcap.out index 9086e7b2c..6eaa641c2 100644 --- a/tests/result/kontiki.pcap.out +++ b/tests/result/kontiki.pcap.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 306 (38.25 diss/flow) +Num dissector calls: 308 (38.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 078567a60..58161bae0 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 35 (2.33 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 6 (flows) Confidence DPI : 15 (flows) -Num dissector calls: 1257 (59.86 diss/flow) +Num dissector calls: 1262 (60.10 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index e3bbc30e1..fa3adfa76 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 380 (126.67 diss/flow) +Num dissector calls: 382 (127.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index 31e477311..a97768f2f 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 201 (4.57 pkts/flow) Confidence Unknown : 34 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 71 (flows) -Num dissector calls: 6254 (58.45 diss/flow) +Num dissector calls: 6288 (58.77 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index 0bd395410..77f37a603 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 12 (1.20 pkts/flow) Confidence Match by IP : 1 (flows) Confidence DPI : 9 (flows) -Num dissector calls: 206 (20.60 diss/flow) +Num dissector calls: 207 (20.70 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/radius_false_positive.pcapng.out b/tests/result/radius_false_positive.pcapng.out index 21e6943ae..bf05ab4a3 100644 --- a/tests/result/radius_false_positive.pcapng.out +++ b/tests/result/radius_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 10 (10.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 173 (173.00 diss/flow) +Num dissector calls: 174 (174.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/raknet.pcap.out b/tests/result/raknet.pcap.out index 1842c933b..2cc9997f6 100644 --- a/tests/result/raknet.pcap.out +++ b/tests/result/raknet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 24 (2.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1392 (116.00 diss/flow) +Num dissector calls: 1398 (116.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/rx.pcap.out b/tests/result/rx.pcap.out index 1769cdea6..7f87ff060 100644 --- a/tests/result/rx.pcap.out +++ b/tests/result/rx.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 577 (115.40 diss/flow) +Num dissector calls: 582 (116.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/sflow.pcap.out b/tests/result/sflow.pcap.out index dffafc787..26444d28e 100644 --- a/tests/result/sflow.pcap.out +++ b/tests/result/sflow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 100 (100.00 diss/flow) +Num dissector calls: 101 (101.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/sip_hello.pcapng.out b/tests/result/sip_hello.pcapng.out index b6c5ff64b..5cf94ce1b 100644 --- a/tests/result/sip_hello.pcapng.out +++ b/tests/result/sip_hello.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 203 (203.00 diss/flow) +Num dissector calls: 204 (204.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 1c4e182a7..7ee5ee36b 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 61 (flows) Confidence Match by port : 27 (flows) Confidence Match by IP : 1 (flows) Confidence DPI : 204 (flows) -Num dissector calls: 28684 (97.90 diss/flow) +Num dissector calls: 28686 (97.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index e6d68e681..8925ac38b 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 45 (flows) Confidence Match by port : 22 (flows) Confidence DPI : 200 (flows) -Num dissector calls: 23828 (89.24 diss/flow) +Num dissector calls: 23829 (89.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype_udp.pcap.out b/tests/result/skype_udp.pcap.out index a40401f5d..dc0291111 100644 --- a/tests/result/skype_udp.pcap.out +++ b/tests/result/skype_udp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 116 (116.00 diss/flow) +Num dissector calls: 117 (117.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/softether-http.pcap.out b/tests/result/softether-http.pcap.out deleted file mode 100644 index 2f91c0fdf..000000000 --- a/tests/result/softether-http.pcap.out +++ /dev/null @@ -1,24 +0,0 @@ -Guessed flow protos: 1 - -DPI Packets (TCP): 4 (4.00 pkts/flow) -Confidence DPI : 1 (flows) -Num dissector calls: 15 (15.00 diss/flow) -LRU cache ookla: 0/0/0 (insert/search/found) -LRU cache bittorrent: 0/0/0 (insert/search/found) -LRU cache zoom: 0/0/0 (insert/search/found) -LRU cache stun: 0/0/0 (insert/search/found) -LRU cache tls_cert: 0/0/0 (insert/search/found) -LRU cache mining: 0/0/0 (insert/search/found) -LRU cache msteams: 0/0/0 (insert/search/found) -Automa host: 2/2 (search/found) -Automa domain: 1/0 (search/found) -Automa tls cert: 0/0 (search/found) -Automa risk mask: 0/0 (search/found) -Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) -Patricia risk: 0/0 (search/found) -Patricia protocols: 4/0 (search/found) - -Softether 4 1392 1 - - 1 TCP 192.168.2.100:37504 <-> 130.158.75.45:80 [proto: 7.290/HTTP.Softether][ClearText][Confidence: DPI][cat: VPN/2][3 pkts/1318 bytes <-> 1 pkts/74 bytes][Goodput ratio: 84/0][0.26 sec][Hostname/SNI: x0.x0.dev.open.servers.ddns.softether-network.net][URL: x0.x0.dev.open.servers.ddns.softether-network.net/ddns/ddns.aspx?v=9291257684825389030][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0][PLAIN TEXT (POST /ddns/ddns.asp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/softether.pcap.out b/tests/result/softether.pcap.out new file mode 100644 index 000000000..7e767221d --- /dev/null +++ b/tests/result/softether.pcap.out @@ -0,0 +1,28 @@ +Guessed flow protos: 1 + +DPI Packets (TCP): 4 (4.00 pkts/flow) +DPI Packets (UDP): 31 (10.33 pkts/flow) +Confidence DPI : 4 (flows) +Num dissector calls: 361 (90.25 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +Automa host: 2/2 (search/found) +Automa domain: 1/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 8/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia protocols: 18/0 (search/found) + +Softether 177 21287 4 + + 1 UDP 192.168.2.100:51381 <-> 130.158.6.113:5004 [proto: 290/Softether][Encrypted][Confidence: DPI][cat: VPN/2][60 pkts/6549 bytes <-> 53 pkts/6612 bytes][Goodput ratio: 62/66][15284492.00 sec][Client IP: 90.186.132.133][Client Port: 51381][Hostname: vpn][FQDN: moishele.softether.net][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6779570/3173141 3621430369/3621456266 535184640/578624000][Pkt Len c2s/s2c min/avg/max/stddev: 43/69 109/125 522/370 160/114][PLAIN TEXT (90.186.132.133)][Plen Bins: 84,0,0,1,0,0,0,0,1,0,7,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.2.100:51381 <-> 130.158.6.105:5004 [proto: 290/Softether][Encrypted][Confidence: DPI][cat: VPN/2][16 pkts/2201 bytes <-> 14 pkts/2116 bytes][Goodput ratio: 69/72][238448.62 sec][Client IP: 84.59.132.100][Client Port: 51381][Hostname: vpn][FQDN: moishele.softether.net][bytes ratio: 0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18338798/21672040 238159482/238187129 63456764/68468080][Pkt Len c2s/s2c min/avg/max/stddev: 43/69 138/151 522/368 183/130][PLAIN TEXT (opcode)][Plen Bins: 74,0,0,3,0,0,0,0,3,0,10,0,0,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.2.100:51381 <-> 130.158.6.112:5004 [proto: 290/Softether][Encrypted][Confidence: DPI][cat: VPN/2][16 pkts/1167 bytes <-> 14 pkts/1250 bytes][Goodput ratio: 42/53][117087.70 sec][Client IP: 2.207.60.163][Client Port: 51381][bytes ratio: -0.034 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5948/21107 9003169/10639145 116754845/116778948 31105232/33564352][Pkt Len c2s/s2c min/avg/max/stddev: 43/68 73/89 522/366 116/77][PLAIN TEXT (2.207.60.163)][Plen Bins: 93,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 192.168.2.100:37504 <-> 130.158.75.45:80 [proto: 7.290/HTTP.Softether][ClearText][Confidence: DPI][cat: VPN/2][3 pkts/1318 bytes <-> 1 pkts/74 bytes][Goodput ratio: 84/0][0.26 sec][Hostname/SNI: x0.x0.dev.open.servers.ddns.softether-network.net][URL: x0.x0.dev.open.servers.ddns.softether-network.net/ddns/ddns.aspx?v=9291257684825389030][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0][PLAIN TEXT (POST /ddns/ddns.asp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 22e778993..4414ff6eb 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 8 (flows) Confidence Match by IP : 5 (flows) Confidence DPI : 39 (flows) -Num dissector calls: 1464 (28.15 diss/flow) +Num dissector calls: 1469 (28.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/stun_dtls.pcapng.out b/tests/result/stun_dtls.pcapng.out index e4664dd47..fc038131e 100644 --- a/tests/result/stun_dtls.pcapng.out +++ b/tests/result/stun_dtls.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 134 (134.00 diss/flow) +Num dissector calls: 135 (135.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/stun_facebook.pcapng.out b/tests/result/stun_facebook.pcapng.out index 3d1a37ffd..27eb3d6d1 100644 --- a/tests/result/stun_facebook.pcapng.out +++ b/tests/result/stun_facebook.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 100 (100.00 diss/flow) +Num dissector calls: 101 (101.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/stun_signal.pcapng.out b/tests/result/stun_signal.pcapng.out index 6de6f7c88..a90602733 100644 --- a/tests/result/stun_signal.pcapng.out +++ b/tests/result/stun_signal.pcapng.out @@ -5,7 +5,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI (cache) : 2 (flows) Confidence DPI : 20 (flows) -Num dissector calls: 1818 (79.04 diss/flow) +Num dissector calls: 1831 (79.61 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index 22ea89683..988dffd6a 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by IP : 1 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 595 (7.17 diss/flow) +Num dissector calls: 596 (7.18 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/teamviewer.pcap.out b/tests/result/teamviewer.pcap.out index 3abc668b6..b44888cd2 100644 --- a/tests/result/teamviewer.pcap.out +++ b/tests/result/teamviewer.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 142 (71.00 diss/flow) +Num dissector calls: 143 (71.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/telegram.pcap.out b/tests/result/telegram.pcap.out index 1a489c06d..c2ce11d15 100644 --- a/tests/result/telegram.pcap.out +++ b/tests/result/telegram.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 5 DPI Packets (UDP): 93 (1.94 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 46 (flows) -Num dissector calls: 1652 (34.42 diss/flow) +Num dissector calls: 1654 (34.46 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tftp.pcap.out b/tests/result/tftp.pcap.out index 8e09999da..bfa910fb3 100644 --- a/tests/result/tftp.pcap.out +++ b/tests/result/tftp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 13 (1.86 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 296 (42.29 diss/flow) +Num dissector calls: 298 (42.57 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/toca-boca.pcap.out b/tests/result/toca-boca.pcap.out index 6c5057649..125629aac 100644 --- a/tests/result/toca-boca.pcap.out +++ b/tests/result/toca-boca.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (UDP): 21 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 17 (flows) -Num dissector calls: 413 (19.67 diss/flow) +Num dissector calls: 417 (19.86 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 8d0d4d3db..56484be2a 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 518 (17.86 diss/flow) +Num dissector calls: 519 (17.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 3c44df093..adc2afa05 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 17 (8.50 pkts/flow) Confidence Match by port : 1 (flows) Confidence Match by IP : 3 (flows) Confidence DPI : 53 (flows) -Num dissector calls: 316 (5.54 diss/flow) +Num dissector calls: 317 (5.56 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index b2e043ed4..8ac08fedb 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 44 (3.14 pkts/flow) Confidence Match by port : 13 (flows) Confidence Match by IP : 8 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 580 (13.18 diss/flow) +Num dissector calls: 582 (13.23 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/wireguard.pcap.out b/tests/result/wireguard.pcap.out index a3858bd61..0f81244cf 100644 --- a/tests/result/wireguard.pcap.out +++ b/tests/result/wireguard.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 138 (138.00 diss/flow) +Num dissector calls: 139 (139.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index 9dbf5045e..4da11fe91 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 25 (1.47 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by IP : 2 (flows) Confidence DPI : 31 (flows) -Num dissector calls: 805 (24.39 diss/flow) +Num dissector calls: 806 (24.42 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 8/0/0 (insert/search/found) diff --git a/tests/result/zoom2.pcap.out b/tests/result/zoom2.pcap.out index 7c74026d2..032da255c 100644 --- a/tests/result/zoom2.pcap.out +++ b/tests/result/zoom2.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 75 (25.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by IP : 3 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 857 (171.40 diss/flow) +Num dissector calls: 860 (172.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 1/0/0 (insert/search/found) |