Disabled "known proto on non standard port" for FTP_DATA

2 files changed, 4 insertions, 40 deletions

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index c2583accc..b0a9107c0 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -8560,8 +8560,10 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
 								    ntohs(flow->c_port), ntohs(flow->s_port));
 
 	if((r == NULL)
-	   || ((r->proto->protoId != ret.app_protocol) && (r->proto->protoId != ret.master_protocol)))
-	  ndpi_set_risk(flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT,NULL);
+	   || ((r->proto->protoId != ret.app_protocol) && (r->proto->protoId != ret.master_protocol))) {
+	  if(ret.app_protocol != NDPI_PROTOCOL_FTP_DATA)
+	    ndpi_set_risk(flow, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT,NULL);
+	}
       }
     }
 
diff --git a/tests/cfgs/default/result/ftp.pcap.out b/tests/cfgs/default/result/ftp.pcap.out
deleted file mode 100644
index 96e57e2e4..000000000
--- a/tests/cfgs/default/result/ftp.pcap.out
+++ /dev/null
@@ -1,38 +0,0 @@
-DPI Packets (TCP):	39	(13.00 pkts/flow)
-Confidence Unknown          : 1 (flows)
-Confidence DPI              : 2 (flows)
-Num dissector calls: 541 (180.33 diss/flow)
-LRU cache ookla:      0/0/0 (insert/search/found)
-LRU cache bittorrent: 0/3/0 (insert/search/found)
-LRU cache zoom:       0/0/0 (insert/search/found)
-LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/1/0 (insert/search/found)
-LRU cache msteams:    0/0/0 (insert/search/found)
-LRU cache stun_zoom:  0/0/0 (insert/search/found)
-Automa host:          0/0 (search/found)
-Automa domain:        0/0 (search/found)
-Automa tls cert:      0/0 (search/found)
-Automa risk mask:     0/0 (search/found)
-Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   2/0 (search/found)
-Patricia risk mask IPv6: 0/0 (search/found)
-Patricia risk:        0/0 (search/found)
-Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   6/0 (search/found)
-Patricia protocols IPv6: 0/0 (search/found)
-
-Unknown	132	118184	1
-FTP_CONTROL	68	5571	1
-FTP_DATA	9	1819	1
-
-Acceptable                       9 1819          1            
-Unsafe                          68 5571          1            
-Unrated                        132 118184        1            
-
-	1	TCP 192.168.1.212:50694 <-> 90.130.70.73:21 [proto: 1/FTP_CONTROL][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 12][cat: Download/7][41 pkts/2892 bytes <-> 27 pkts/2679 bytes][Goodput ratio: 6/33][8.48 sec][User: anonymous][Pwd: NcFTP@][bytes ratio: 0.038 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 236/108 4743/1377 849/305][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 71/99 96/307 7/45][Risk: ** Unsafe Protocol **** Clear-Text Credentials **][Risk Score: 110][Risk Info: Found FTP username (anonymous)][PLAIN TEXT (vsFTPd 3.0.3)][Plen Bins: 74,18,5,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	TCP 192.168.1.212:50695 <-> 90.130.70.73:25685 [proto: 175/FTP_DATA][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: Download/7][5 pkts/342 bytes <-> 4 pkts/1477 bytes][Goodput ratio: 0/82][0.09 sec][bytes ratio: -0.624 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/28 14/28 29/29 14/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 68/369 78/1271 5/521][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (    1 0        0        1073741)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0]
-
-
-Undetected flows:
-	1	TCP 192.168.1.212:50696 <-> 90.130.70.73:24523 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][DPI packets: 23][54 pkts/3588 bytes <-> 78 pkts/114596 bytes][Goodput ratio: 0/95][0.15 sec][bytes ratio: -0.939 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2/1 29/29 6/4][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/1469 78/1506 2/227][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]