diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-10-06 17:09:26 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-06 17:09:26 +0200 |
| commit | 1796a1d814494fa85f75d395703edbc86ead3520 (patch) | |
| tree | 55b13727f8cfcf541ef235533b3ad2875bf3208f | |
| parent | e4dcec560edf392ff7d962d430aa8a9e12e73097 (diff) | |
LINE_CALL: add detection of LINE voip calls (#1761)
These flows are classifed as `LINE_CALL`; another option was
`RTP/LINE_CALL`. No sure about the best solution...
Extend LINE domains list.
Remove RTP dead code.
59 files changed, 196 insertions, 343 deletions
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 06a74107c..0b7582e54 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -344,6 +344,7 @@ typedef enum { NDPI_PROTOCOL_SYNCTHING = 313, NDPI_PROTOCOL_CRYNET = 314, NDPI_PROTOCOL_LINE = 315, + NDPI_PROTOCOL_LINE_CALL = 316, #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h" diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 86751c262..506774a7c 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -243,6 +243,7 @@ void init_fastcgi_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ void init_natpmp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_syncthing_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_crynet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_line_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); /* ndpi_main.c */ extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index e6cc194e5..4652463ab 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -824,6 +824,10 @@ struct ndpi_flow_udp_struct { /* NDPI_PROTOCOL_IMO */ u_int8_t imo_last_one_byte_pkt, imo_last_byte; + + /* NDPI_PROTOCOL_LINE_CALL */ + u_int8_t line_pkts[2]; + u_int8_t line_base_cnt[2]; }; /* ************************************************** */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 5adaa58ce..eb39fc191 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1726,6 +1726,11 @@ static ndpi_protocol_match host_match[] = { "discovery.syncthing.net", "Syncthing", NDPI_PROTOCOL_SYNCTHING, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL }, { ".line-apps.com", "Line", NDPI_PROTOCOL_LINE, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { ".line-scdn.net", "Line", NDPI_PROTOCOL_LINE, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "line.me", "Line", NDPI_PROTOCOL_LINE, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { "line-website.com", "Line", NDPI_PROTOCOL_LINE, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { ".linecorp.com", "Line", NDPI_PROTOCOL_LINE, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, + { ".line.naver.jp", "Line", NDPI_PROTOCOL_LINE, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DEFAULT_LEVEL }, #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_content_match_host_match.c.inc" diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7c3f63d64..d1adffe9e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2001,6 +2001,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "Line", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, 0 /* encrypted */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LINE_CALL, + "LineCall", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); #ifdef CUSTOM_NDPI_PROTOCOLS @@ -4687,6 +4691,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { /* CryNetwork */ init_crynet_dissector(ndpi_str, &a, detection_bitmask); + /* Line voip */ + init_line_dissector(ndpi_str, &a, detection_bitmask); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif diff --git a/src/lib/protocols/line.c b/src/lib/protocols/line.c new file mode 100644 index 000000000..a94b39037 --- /dev/null +++ b/src/lib/protocols/line.c @@ -0,0 +1,91 @@ +/* + * line.c + * + * Copyright (C) 2022 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LINE_CALL + +#include "ndpi_api.h" + +extern int is_valid_rtp_payload_type(uint8_t type); + +static void ndpi_int_line_add_connection(struct ndpi_detection_module_struct * const ndpi_struct, + struct ndpi_flow_struct * const flow) +{ + NDPI_LOG_INFO(ndpi_struct, "found LineCall\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UNKNOWN, + NDPI_PROTOCOL_LINE_CALL, NDPI_CONFIDENCE_DPI); +} + +void ndpi_search_line(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; + + NDPI_LOG_DBG(ndpi_struct, "searching LineCall\n"); + + /* Some "random" UDP packets before the standard RTP stream: + it seems that the 4th bytes of these packets is some kind of packet + number. Look for 4 packets per direction with consecutive numbers. */ + + if(packet->payload_packet_len > 10) { + if(flow->l4.udp.line_pkts[packet->packet_direction] == 0) { + flow->l4.udp.line_base_cnt[packet->packet_direction] = packet->payload[3]; + flow->l4.udp.line_pkts[packet->packet_direction] += 1; + return; + } else { + /* It might be a RTP/RTCP packet. Ignore it and keep looking for the + LINE packet numbers */ + /* Basic RTP detection */ + if((packet->payload[0] >> 6) == 2 && /* Version 2 */ + (packet->payload[1] == 201 || /* RTCP, Receiver Report */ + packet->payload[1] == 200 || /* RTCP, Sender Report */ + is_valid_rtp_payload_type(packet->payload[1] & 0x7F)) /* RTP */) { + NDPI_LOG_DBG(ndpi_struct, "Probably RTP; keep looking for LINE"); + return; + } else { + if((u_int8_t)(flow->l4.udp.line_base_cnt[packet->packet_direction] + + flow->l4.udp.line_pkts[packet->packet_direction]) == packet->payload[3]) { + flow->l4.udp.line_pkts[packet->packet_direction] += 1; + if(flow->l4.udp.line_pkts[0] >= 4 && flow->l4.udp.line_pkts[1] >= 4) + ndpi_int_line_add_connection(ndpi_struct, flow); + return; + } + } + } + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; +} + +void init_line_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("LineCall", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_LINE_CALL, + ndpi_search_line, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 4909846b1..cbfaa9fd1 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -47,6 +47,7 @@ extern int processClientServerHello(struct ndpi_detection_module_struct *ndpi_st extern int http_process_user_agent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const u_int8_t *ua_ptr, u_int16_t ua_ptr_len); +extern int is_valid_rtp_payload_type(uint8_t type); /* Versions */ #define V_1 0x00000001 @@ -1609,12 +1610,6 @@ static int eval_extra_processing(struct ndpi_detection_module_struct *ndpi_struc return 0; } -static int is_valid_rtp_payload_type(uint8_t type) -{ - /* https://www.iana.org/assignments/rtp-parameters/rtp-parameters.xhtml */ - return type <= 34 || (type >= 96 && type <= 127); -} - static void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); static int ndpi_search_quic_extra(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 7c2eafd92..a5fcec4e9 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -71,6 +71,12 @@ static u_int8_t isValidMSRTPType(u_int8_t payloadType) { } } +int is_valid_rtp_payload_type(uint8_t type) +{ + /* https://www.iana.org/assignments/rtp-parameters/rtp-parameters.xhtml */ + return type <= 34 || (type >= 96 && type <= 127); +} + /* *************************************************************** */ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, @@ -96,14 +102,16 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, if((payload_len >= 12) && (((payload[0] & 0xFF) == 0x80) || ((payload[0] & 0xFF) == 0xA0)) /* RTP magic byte[1] */ && ((payload_type < 72) || (payload_type > 76)) - && ((payload_type <= 34) - || ((payload_type >= 96) && (payload_type <= 127)) - /* http://www.iana.org/assignments/rtp-parameters/rtp-parameters.xhtml */ - ) + && (is_valid_rtp_payload_type(payload_type)) ) { - NDPI_LOG_INFO(ndpi_struct, "Found RTP\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); - return; + if(flow->l4.udp.line_pkts[0] >= 2 && flow->l4.udp.line_pkts[1] >= 2) { + /* It seems that it is a LINE stuff; let its dissector to evaluate */ + return; + } else { + NDPI_LOG_INFO(ndpi_struct, "Found RTP\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); + return; + } } else if((payload_len >= 12) && (((payload[0] & 0xFF) == 0x80) || ((payload[0] & 0xFF) == 0xA0)) /* RTP magic byte[1] */ && (payloadType = isValidMSRTPType(payload[1] & 0xFF))) { @@ -141,263 +149,6 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd /* *************************************************************** */ -#if 0 -/* Original (messy) OpenDPI code */ - -#define RTP_MAX_OUT_OF_ORDER 11 - -static void ndpi_int_rtp_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI); -} - -/* - * maintenance of current highest sequence number, cycle count, packet counter - * adapted from RFC3550 Appendix A.1 - * - * In their formulation, it is not possible to represent "no packets sent yet". This is fixed here by defining - * baseseq to be the sequence number of the first packet minus 1 (in other words, the sequence number of the - * zeroth packet). - * - * Note: As described in the RFC, the number of packets received includes retransmitted packets. - * This means the "packets lost" count (seq_num-isn+1)-received can become negative. - * - * include_current_packet should be - * 1, if the current packet should count towards the total, or - * 0, if it it regarded as belonging to the previous reporting interval - */ - -#if !defined(WIN32) -static inline -#elif defined(MINGW_GCC) -__mingw_forceinline static -#else -__forceinline static -#endif -void init_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int8_t direction, u_int16_t seq, u_int8_t include_current_packet) -{ - flow->rtp_seqnum[direction] = seq; - NDPI_LOG_DBG(ndpi_struct, "rtp_seqnum[%u] = %u\n", direction, seq); -} - -/* returns difference between old and new highest sequence number */ - -#if !defined(WIN32) -static inline -#elif defined(MINGW_GCC) -__mingw_forceinline static -#else -__forceinline static -#endif -u_int16_t update_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, - u_int8_t direction, u_int16_t seq) -{ - u_int16_t delta = seq - flow->rtp_seqnum[direction]; - - - if(delta < RTP_MAX_OUT_OF_ORDER) { /* in order, with permissible gap */ - flow->rtp_seqnum[direction] = seq; - NDPI_LOG_DBG(ndpi_struct, "rtp_seqnum[%u] = %u (increased by %u)\n", - direction, seq, delta); - return delta; - } else { - NDPI_LOG_DBG(ndpi_struct, "retransmission (dir %u, seqnum %u)\n", - direction, seq); - return 0; - } -} - -static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - const u_int8_t * payload, const u_int16_t payload_len) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - u_int8_t stage; - u_int16_t seqnum = ntohs(get_u_int16_t(payload, 2)); - - NDPI_LOG_DBG(ndpi_struct, "search rtp\n"); - - if(payload_len == 4 && get_u_int32_t(packet->payload, 0) == 0 && flow->packet_counter < 8) { - NDPI_LOG_DBG(ndpi_struct, "need next packet, maybe ClearSea out calls\n"); - return; - } - - if(payload_len == 5 && memcmp(payload, "hello", 5) == 0) { - NDPI_LOG_DBG(ndpi_struct, - "need next packet, initial hello packet of SIP out calls.\n"); - return; - } - - if(payload_len == 1 && payload[0] == 0) { - NDPI_LOG_DBG(ndpi_struct, - "need next packet, payload_packet_len == 1 && payload[0] == 0.\n"); - return; - } - - if(payload_len == 3 && memcmp(payload, "png", 3) == 0) { - /* weird packet found in Ninja GlobalIP trace */ - NDPI_LOG_DBG(ndpi_struct, "skipping packet with len = 3 and png payload\n"); - return; - } - - if(payload_len < 12) { - NDPI_LOG_DBG(ndpi_struct, "minimal packet size for rtp packets: 12\n"); - goto exclude_rtp; - } - - if(payload_len == 12 && get_u_int32_t(payload, 0) == 0 && get_u_int32_t(payload, 4) == 0 && get_u_int32_t(payload, 8) == 0) { - NDPI_LOG_DBG(ndpi_struct, "skipping packet with len = 12 and only 0-bytes\n"); - return; - } - - if((payload[0] & 0xc0) == 0xc0 || (payload[0] & 0xc0) == 0x40 || (payload[0] & 0xc0) == 0x00) { - NDPI_LOG_DBG(ndpi_struct, "version = 3 || 1 || 0, maybe first rtp packet\n"); - return; - } - - if((payload[0] & 0xc0) != 0x80) { - NDPI_LOG_DBG(ndpi_struct, "rtp version must be 2, first two bits of a packets must be 10\n"); - goto exclude_rtp; - } - - /* rtp_payload_type are the last seven bits of the second byte */ - if(flow->rtp_payload_type[packet->packet_direction] != (payload[1] & 0x7F)) { - NDPI_LOG_DBG(ndpi_struct, "payload_type has changed, reset stages\n"); - packet->packet_direction == 0 ? (flow->rtp_stage1 = 0) : (flow->rtp_stage2 = 0); - } - /* first bit of first byte is not part of payload_type */ - flow->rtp_payload_type[packet->packet_direction] = payload[1] & 0x7F; - - stage = (packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2); - - if(stage > 0) { - NDPI_LOG_DBG(ndpi_struct, "stage = %u\n", packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2); - if(flow->rtp_ssid[packet->packet_direction] != get_u_int32_t(payload, 8)) { - NDPI_LOG_DBG(ndpi_struct, "ssid has changed, goto exclude rtp\n"); - goto exclude_rtp; - } - - if(seqnum == flow->rtp_seqnum[packet->packet_direction]) { - NDPI_LOG_DBG(ndpi_struct, "maybe \"retransmission\", need next packet\n"); - return; - } else if((u_int16_t) (seqnum - flow->rtp_seqnum[packet->packet_direction]) < RTP_MAX_OUT_OF_ORDER) { - NDPI_LOG_DBG(ndpi_struct, - "new packet has larger sequence number (within valid range)\n"); - update_seq(ndpi_struct, flow, packet->packet_direction, seqnum); - } else if((u_int16_t) (flow->rtp_seqnum[packet->packet_direction] - seqnum) < RTP_MAX_OUT_OF_ORDER) { - NDPI_LOG_DBG(ndpi_struct, - "new packet has smaller sequence number (within valid range)\n"); - init_seq(ndpi_struct, flow, packet->packet_direction, seqnum, 1); - } else { - NDPI_LOG_DBG(ndpi_struct, - "sequence number diff is too big, goto exclude rtp.\n"); - goto exclude_rtp; - } - } else { - NDPI_LOG_DBG(ndpi_struct, "rtp_ssid[%u] = %u\n", packet->packet_direction, - flow->rtp_ssid[packet->packet_direction]); - flow->rtp_ssid[packet->packet_direction] = get_u_int32_t(payload, 8); - if(flow->packet_counter < 3) { - NDPI_LOG_DBG(ndpi_struct, "packet_counter < 3, need next packet\n"); - } - init_seq(ndpi_struct, flow, packet->packet_direction, seqnum, 1); - } - if(seqnum <= 3) { - NDPI_LOG_DBG(ndpi_struct, "sequence_number = %u, too small, need next packet, return\n", seqnum); - return; - } - - if(stage == 3) { - NDPI_LOG_DBG(ndpi_struct, "add connection I\n"); - ndpi_int_rtp_add_connection(ndpi_struct, flow); - } else { - packet->packet_direction == 0 ? flow->rtp_stage1++ : flow->rtp_stage2++; - NDPI_LOG_DBG(ndpi_struct, "stage[%u]++; need next packet\n", - packet->packet_direction); - } - return; - -exclude_rtp: - if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN - || /* packet->real_protocol_read_only == NDPI_PROTOCOL_STUN */) { - NDPI_LOG_DBG(ndpi_struct, "STUN: is detected, need next packet\n"); - return; - } - - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); -} - -/* *************************************************************** */ - -void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - - if(packet->udp) { - ndpi_rtp_search(ndpi_struct, flow, packet->payload, packet->payload_packet_len); - } else if(packet->tcp) { - - /* skip special packets seen at yahoo traces */ - if(packet->payload_packet_len >= 20 && ntohs(get_u_int16_t(packet->payload, 2)) + 20 == packet->payload_packet_len && - packet->payload[0] == 0x90 && packet->payload[1] >= 0x01 && packet->payload[1] <= 0x07) { - if(flow->packet_counter == 2) - flow->l4.tcp.rtp_special_packets_seen = 1; - NDPI_LOG_DBG(ndpi_struct, - "skipping STUN-like, special yahoo packets with payload[0] == 0x90.\n"); - return; - } - - /* TODO the rtp detection sometimes doesn't exclude rtp - * so for TCP flows only run the detection if STUN has been - * detected (or RTP is already detected) - * If flows will be seen which start directly with RTP - * we can remove this restriction - */ - - if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN - || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_RTP) { - - /* RTP may be encapsulated in TCP packets */ - - if(packet->payload_packet_len >= 2 && ntohs(get_u_int16_t(packet->payload, 0)) + 2 == packet->payload_packet_len) { - - /* TODO there could be several RTP packets in a single TCP packet so maybe the detection could be - * improved by checking only the RTP packet of given length */ - - ndpi_rtp_search(ndpi_struct, flow, packet->payload + 2, packet->payload_packet_len - 2); - - return; - } - } - - if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN && flow->l4.tcp.rtp_special_packets_seen == 1) { - - if(packet->payload_packet_len >= 4 && ntohl(get_u_int32_t(packet->payload, 0)) + 4 == packet->payload_packet_len) { - - /* TODO there could be several RTP packets in a single TCP packet so maybe the detection could be - * improved by checking only the RTP packet of given length */ - - ndpi_rtp_search(ndpi_struct, flow, packet->payload + 4, packet->payload_packet_len - 4); - - return; - } - } - - if(NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_STUN)) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - } else { - NDPI_LOG_DBG(ndpi_struct, "STUN not yet excluded, need next packet\n"); - } - } -} -#endif - -/* *************************************************************** */ - void init_rtp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("RTP", ndpi_struct, detection_bitmask, *id, diff --git a/tests/pcap/line.pcap b/tests/pcap/line.pcap Binary files differindex 7fca1cd48..2002cc0d2 100755..100644 --- a/tests/pcap/line.pcap +++ b/tests/pcap/line.pcap diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index c9fa548d9..4ed7eb61e 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 120 (1.21 pkts/flow) Confidence Unknown : 14 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4762 (24.17 diss/flow) +Num dissector calls: 4783 (24.28 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/45/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -13,7 +13,7 @@ LRU cache stun: 0/0/0 (insert/search/found) LRU cache tls_cert: 0/8/0 (insert/search/found) LRU cache mining: 0/16/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) -Automa host: 164/68 (search/found) +Automa host: 164/72 (search/found) Automa domain: 156/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 18/0 (search/found) @@ -23,8 +23,7 @@ Patricia risk: 6/0 (search/found) Patricia protocols: 359/38 (search/found) Unknown 24 6428 14 -DNS 2 378 1 -HTTP 808 1076769 36 +HTTP 780 1058113 34 MDNS 1 82 1 NTP 1 90 1 NetBIOS 26 2392 6 @@ -39,6 +38,7 @@ LLMNR 91 6931 48 GoogleServices 17 30330 1 MpegDash 1 299 1 1kxun 1209 3841345 48 +Line 30 19034 3 JA3 Host Stats: IP Address # JA3C @@ -80,8 +80,8 @@ JA3 Host Stats: 33 TCP 192.168.2.126:45388 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Streaming/17][2 pkts/1315 bytes <-> 8 pkts/18984 bytes][Goodput ratio: 90/97][4.33 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 3965/0 3965/593 3965/3966 0/1379][Pkt Len c2s/s2c min/avg/max/stddev: 509/1287 658/2373 806/8258 148/2234][URL: mangaweb.1kxun.mobi/js/swiper/swiper.min.css][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/swiper/swiper.min.css H)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,10,0,0,0,0,40,0,20] 34 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Goodput ratio: 77/90][1.19 sec][Hostname/SNI: 42.120.51.152][bytes ratio: -0.195 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 49/52 298/178 81/57][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 236/539 499/1314 193/556][URL: 42.120.51.152:8080/api/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo][StatusCode: 100][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0][Risk: ** Known Proto on Non Std Port **** HTTP Numeric IP Address **][Risk Score: 60][Risk Info: Found host 42.120.51.152 / Expected on port 80][PLAIN TEXT (POST /api/proxy)][Plen Bins: 11,0,0,0,0,0,0,22,0,0,0,0,0,33,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,22,0,0,0,0,0,0,0,0] 35 TCP 192.168.2.126:37100 <-> 52.29.177.177:80 [proto: 7/HTTP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][cat: Web/5][12 pkts/8973 bytes <-> 4 pkts/687 bytes][Goodput ratio: 91/61][7.04 sec][bytes ratio: 0.858 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/185 697/1192 4610/2198 1454/1006][Pkt Len c2s/s2c min/avg/max/stddev: 86/169 748/172 1506/180 594/5][PLAIN TEXT (GET /track)][Plen Bins: 25,0,0,25,0,0,0,0,0,0,0,0,0,0,12,6,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0] - 36 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Goodput ratio: 40/94][0.02 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/2 10/8 4/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1103 334/1514 99/610][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] - 37 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Web/5][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Goodput ratio: 40/94][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 10/6 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1060 334/1514 99/620][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] + 36 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Goodput ratio: 40/94][0.02 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.858 (Download)][IAT c2s/s2c min/avg/max/stddev: 1/0 4/2 10/8 4/3][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1103 334/1514 99/610][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716954688/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (FGET /r/talk/m/4697716954688/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] + 37 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.315/HTTP.Line][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Chat/9][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Goodput ratio: 40/94][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][bytes ratio: -0.852 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 10/6 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 113/1060 334/1514 99/620][URL: dl-obs.official.line.naver.jp/r/talk/m/4697716971500/preview][StatusCode: 200][Content-Type: image/jpeg][User-Agent: DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)][PLAIN TEXT (GGET /r/talk/m/4697716971500/pr)][Plen Bins: 0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,71,0,0] 38 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][16 pkts/8921 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][8.40 sec][Hostname/SNI: [ff02::c]:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 103/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 510/0 558/0 590/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,12,56,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 39 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][16 pkts/8473 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][8.40 sec][Hostname/SNI: 239.255.255.250:1900][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 102/0 512/0 2044/0 527/0][Pkt Len c2s/s2c min/avg/max/stddev: 482/0 530/0 562/0 30/0][PLAIN TEXT (NOTIFY )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,12,18,51,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 40 TCP 192.168.2.126:45422 <-> 161.117.13.29:80 [proto: 7.295/HTTP.1kxun][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Streaming/17][3 pkts/2139 bytes <-> 4 pkts/6060 bytes][Goodput ratio: 91/96][4.31 sec][Hostname/SNI: mangaweb.1kxun.mobi][bytes ratio: -0.478 (Download)][IAT c2s/s2c min/avg/max/stddev: 221/224 2062/1374 3902/3898 1841/1787][Pkt Len c2s/s2c min/avg/max/stddev: 502/1413 713/1515 819/1720 149/124][URL: mangaweb.1kxun.mobi/js/application.min.js?1644808200][StatusCode: 200][User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86 Build/RSR1.201013.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.106 Mobile Safari/537.36][PLAIN TEXT (GET /js/application.min.j)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,14,0,14] @@ -159,7 +159,7 @@ JA3 Host Stats: 112 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10.16/NetBIOS.SMBv1][IP: 0/Unknown][ClearText][Confidence: DPI][cat: System/18][2 pkts/549 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][< 1 sec][Hostname/SNI: sanji-lifebook-][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT ( FDEBEOEKEJ)][Plen Bins: 0,0,0,0,0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 113 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][5 pkts/490 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][15.56 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 114 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][4 pkts/392 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][14.54 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 115 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Goodput ratio: 52/85][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][203.69.81.73][PLAIN TEXT (official)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 115 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5.315/DNS.Line][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/89 bytes <-> 1 pkts/289 bytes][Goodput ratio: 52/85][0.01 sec][Hostname/SNI: dl-obs.official.line.naver.jp][203.69.81.73][PLAIN TEXT (official)][Plen Bins: 0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 116 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][cat: Web/5][4 pkts/220 bytes <-> 2 pkts/132 bytes][Goodput ratio: 2/0][45.01 sec][bytes ratio: 0.250 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/45002 14999/45002 44996/45002 21211/0][Pkt Len c2s/s2c min/avg/max/stddev: 55/66 55/66 55/66 0/0][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 117 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: joanna-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (Joanna)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 118 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][1 pkts/342 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][Hostname/SNI: kevin-pc][DHCP Fingerprint: 1,15,3,6,44,46,47,31,33,121,249,43,252][DHCP Class Ident: MSFT 5.0][PLAIN TEXT (MSFT 5.07)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/4in4tunnel.pcap.out b/tests/result/4in4tunnel.pcap.out index d0a82df6d..9ed6f69c9 100644 --- a/tests/result/4in4tunnel.pcap.out +++ b/tests/result/4in4tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 5 (5.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 174 (174.00 diss/flow) +Num dissector calls: 176 (176.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/6in6tunnel.pcap.out b/tests/result/6in6tunnel.pcap.out index 1d2efe7d3..b889bed0a 100644 --- a/tests/result/6in6tunnel.pcap.out +++ b/tests/result/6in6tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 120 (120.00 diss/flow) +Num dissector calls: 121 (121.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/EAQ.pcap.out b/tests/result/EAQ.pcap.out index 5625d833c..c65831755 100644 --- a/tests/result/EAQ.pcap.out +++ b/tests/result/EAQ.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 116 (4.00 pkts/flow) Confidence DPI : 31 (flows) -Num dissector calls: 4219 (136.10 diss/flow) +Num dissector calls: 4306 (138.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out index 3255565f4..4851e4a96 100644 --- a/tests/result/anyconnect-vpn.pcap.out +++ b/tests/result/anyconnect-vpn.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 61 (flows) -Num dissector calls: 933 (13.52 diss/flow) +Num dissector calls: 934 (13.54 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/collectd.pcap.out b/tests/result/collectd.pcap.out index ad69e1943..fe1e6c1da 100644 --- a/tests/result/collectd.pcap.out +++ b/tests/result/collectd.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 13 (1.62 pkts/flow) Confidence Match by port : 3 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 394 (49.25 diss/flow) +Num dissector calls: 398 (49.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dhcp-fuzz.pcapng.out b/tests/result/dhcp-fuzz.pcapng.out index 1b7761d8f..bd142dacb 100644 --- a/tests/result/dhcp-fuzz.pcapng.out +++ b/tests/result/dhcp-fuzz.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 106 (106.00 diss/flow) +Num dissector calls: 107 (107.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/discord.pcap.out b/tests/result/discord.pcap.out index 522fe136e..4ba2bd0cc 100644 --- a/tests/result/discord.pcap.out +++ b/tests/result/discord.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) DPI Packets (UDP): 60 (1.82 pkts/flow) Confidence DPI : 34 (flows) -Num dissector calls: 3988 (117.29 diss/flow) +Num dissector calls: 4015 (118.09 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out index a1d95861a..ee12ac58a 100644 --- a/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 256 (1.04 pkts/flow) Confidence DPI : 245 (flows) -Num dissector calls: 21951 (89.60 diss/flow) +Num dissector calls: 21962 (89.64 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/513/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dnscrypt-v2.pcap.out b/tests/result/dnscrypt-v2.pcap.out index c4c91be12..df0070c2f 100644 --- a/tests/result/dnscrypt-v2.pcap.out +++ b/tests/result/dnscrypt-v2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 369 (123.00 diss/flow) +Num dissector calls: 372 (124.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/dnscrypt_skype_false_positive.pcapng.out b/tests/result/dnscrypt_skype_false_positive.pcapng.out index ef11ce4dd..47e8547af 100644 --- a/tests/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/result/dnscrypt_skype_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 124 (124.00 diss/flow) +Num dissector calls: 125 (125.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out index b485e7d7f..83ad20ad8 100644 --- a/tests/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5510 (21.95 diss/flow) +Num dissector calls: 5543 (22.08 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/129/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/fuzz-2020-02-16-11740.pcap.out b/tests/result/fuzz-2020-02-16-11740.pcap.out index 3a044a4c4..0a4207aae 100644 --- a/tests/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/result/fuzz-2020-02-16-11740.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Unknown : 19 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 55 (flows) -Num dissector calls: 1757 (22.82 diss/flow) +Num dissector calls: 1773 (23.03 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/57/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/gnutella.pcap.out b/tests/result/gnutella.pcap.out index 7306d74cd..fb991e755 100644 --- a/tests/result/gnutella.pcap.out +++ b/tests/result/gnutella.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 592 (flows) Confidence Match by port : 1 (flows) Confidence DPI : 167 (flows) -Num dissector calls: 65961 (86.79 diss/flow) +Num dissector calls: 66746 (87.82 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/1776/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/gtp_false_positive.pcapng.out b/tests/result/gtp_false_positive.pcapng.out index 0a52d576b..22db7899e 100644 --- a/tests/result/gtp_false_positive.pcapng.out +++ b/tests/result/gtp_false_positive.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 7 (2.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) -Num dissector calls: 390 (130.00 diss/flow) +Num dissector calls: 394 (131.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/h323-overflow.pcap.out b/tests/result/h323-overflow.pcap.out index 901a6d4e4..93e1e401a 100644 --- a/tests/result/h323-overflow.pcap.out +++ b/tests/result/h323-overflow.pcap.out @@ -21,4 +21,4 @@ Patricia protocols: 0/0 (search/found) HomeRouter 1 58 1 - 1 TCP 192.168.1.1:31337 -> 192.168.1.2:80 [proto: 317/HomeRouter][IP: 0/Unknown][ClearText][Confidence: nBPF][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 7/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.1:31337 -> 192.168.1.2:80 [proto: 318/HomeRouter][IP: 0/Unknown][ClearText][Confidence: nBPF][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 7/0][< 1 sec][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index c9dcdffdf..fee3269bd 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 141 (9.40 diss/flow) +Num dissector calls: 144 (9.60 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/imo.pcap.out b/tests/result/imo.pcap.out index 0a8985443..577f70aff 100644 --- a/tests/result/imo.pcap.out +++ b/tests/result/imo.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 7 (3.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 283 (141.50 diss/flow) +Num dissector calls: 286 (143.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out index d968faccf..ead668a2b 100644 --- a/tests/result/instagram.pcap.out +++ b/tests/result/instagram.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 7 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1912 (50.32 diss/flow) +Num dissector calls: 1913 (50.34 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/15/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/iphone.pcap.out b/tests/result/iphone.pcap.out index 95840f281..9be46b503 100644 --- a/tests/result/iphone.pcap.out +++ b/tests/result/iphone.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 55 (1.77 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 50 (flows) -Num dissector calls: 359 (7.04 diss/flow) +Num dissector calls: 361 (7.08 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/kontiki.pcap.out b/tests/result/kontiki.pcap.out index 003a47c30..d8ac391d3 100644 --- a/tests/result/kontiki.pcap.out +++ b/tests/result/kontiki.pcap.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 320 (40.00 diss/flow) +Num dissector calls: 324 (40.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/line.pcap.out b/tests/result/line.pcap.out index 2d162e404..ea900cb40 100644 --- a/tests/result/line.pcap.out +++ b/tests/result/line.pcap.out @@ -1,39 +1,36 @@ -Guessed flow protos: 2 +Guessed flow protos: 0 DPI Packets (TCP): 13 (6.50 pkts/flow) -DPI Packets (UDP): 35 (17.50 pkts/flow) -Confidence Unknown : 2 (flows) -Confidence DPI : 2 (flows) -Num dissector calls: 497 (124.25 diss/flow) +DPI Packets (UDP): 40 (13.33 pkts/flow) +Confidence DPI : 5 (flows) +Num dissector calls: 716 (143.20 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) -LRU cache bittorrent: 0/6/0 (insert/search/found) +LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) LRU cache tls_cert: 0/0/0 (insert/search/found) -LRU cache mining: 0/2/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) Automa host: 1/1 (search/found) Automa domain: 1/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 1/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 8/0 (search/found) +Patricia risk mask: 10/0 (search/found) Patricia risk: 0/0 (search/found) -Patricia protocols: 8/6 (search/found) +Patricia protocols: 12/6 (search/found) -Unknown 24415 20278902 2 TLS 71 8307 1 Line 37 9480 1 +LineCall 24465 20288140 3 JA3 Host Stats: IP Address # JA3C 1 10.200.3.125 1 - 1 TCP 10.200.3.125:58160 <-> 147.92.242.232:443 [proto: 91.315/TLS.Line][IP: 315/Line][Encrypted][Confidence: DPI][cat: Chat/9][16 pkts/4057 bytes <-> 21 pkts/5423 bytes][Goodput ratio: 78/78][70.05 sec][Hostname/SNI: uts-front.line-apps.com][bytes ratio: -0.144 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 5755/2607 29999/29999 11001/7538][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 254/258 627/1514 230/419][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ca75ea4a95a9164cc96e372d7d075183][ServerNames: *.line-apps.com,line-apps.com][JA3S: 567bb420d39046dbfd1f68b558d86382][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com][Certificate SHA-1: 3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96][Firefox][Validity: 2020-08-17 06:21:02 - 2022-11-13 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,15,5,0,0,15,0,0,5,15,5,0,0,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] - 2 TCP 10.200.3.125:57841 <-> 147.92.165.194:443 [proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: DPI][cat: Web/5][30 pkts/3436 bytes <-> 41 pkts/4871 bytes][Goodput ratio: 53/51][85.95 sec][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 34/0 1072/694 14545/14632 3030/2503][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/119 350/388 54/101][Plen Bins: 0,52,10,15,0,5,2,0,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - - -Undetected flows: - 1 UDP 10.200.3.125:51161 <-> 147.92.169.90:29070 [proto: 0/Unknown][IP: 315/Line][ClearText][Confidence: Unknown][11410 pkts/9936925 bytes <-> 12995 pkts/10340033 bytes][Goodput ratio: 95/95][70.07 sec][bytes ratio: -0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/4 225/7269 8/71][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 871/796 1098/1096 304/374][Plen Bins: 1,16,14,21,1,1,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,5,19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 10.200.3.125:51170 <-> 147.92.169.90:29070 [proto: 0/Unknown][IP: 315/Line][ClearText][Confidence: Unknown][5 pkts/898 bytes <-> 5 pkts/1046 bytes][Goodput ratio: 77/80][8.07 sec][bytes ratio: -0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1999/1999 2009/2009 2038/2037 17/16][Pkt Len c2s/s2c min/avg/max/stddev: 174/198 180/209 202/254 11/22][Plen Bins: 0,0,0,0,80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 10.200.3.125:51161 <-> 147.92.169.90:29070 [proto: 316/LineCall][IP: 315/Line][Encrypted][Confidence: DPI][cat: VoIP/10][11410 pkts/9936925 bytes <-> 12995 pkts/10340033 bytes][Goodput ratio: 95/95][70.07 sec][bytes ratio: -0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/4 225/7269 8/71][Pkt Len c2s/s2c min/avg/max/stddev: 62/62 871/796 1098/1096 304/374][Plen Bins: 1,17,15,23,1,1,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,5,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 10.200.3.125:58160 <-> 147.92.242.232:443 [proto: 91.315/TLS.Line][IP: 315/Line][Encrypted][Confidence: DPI][cat: Chat/9][16 pkts/4057 bytes <-> 21 pkts/5423 bytes][Goodput ratio: 78/78][70.05 sec][Hostname/SNI: uts-front.line-apps.com][bytes ratio: -0.144 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1/0 5755/2607 29999/29999 11001/7538][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 254/258 627/1514 230/419][Risk: ** TLS (probably) Not Carrying HTTPS **][Risk Score: 10][Risk Info: No ALPN][TLSv1.2][JA3C: ca75ea4a95a9164cc96e372d7d075183][ServerNames: *.line-apps.com,line-apps.com][JA3S: 567bb420d39046dbfd1f68b558d86382][Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018][Subject: C=JP, ST=Tokyo-to, L=Shinjuku-ku, O=LINE Corporation, CN=*.line-apps.com][Certificate SHA-1: 3C:37:D7:AB:BE:E6:5A:A5:BE:14:62:C8:21:8C:BC:E3:3E:A8:3E:96][Firefox][Validity: 2020-08-17 06:21:02 - 2022-11-13 12:00:00][Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384][Plen Bins: 5,15,5,0,0,15,0,0,5,15,5,0,0,0,0,0,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0] + 3 UDP 10.0.2.15:50835 <-> 125.209.252.210:20610 [proto: 316/LineCall][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VoIP/10][28 pkts/5296 bytes <-> 22 pkts/3942 bytes][Goodput ratio: 78/77][1.93 sec][bytes ratio: 0.147 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 64/59 602/533 152/133][Pkt Len c2s/s2c min/avg/max/stddev: 72/78 189/179 914/782 220/158][Plen Bins: 2,58,4,0,4,8,2,6,6,2,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 TCP 10.200.3.125:57841 <-> 147.92.165.194:443 [proto: 91/TLS][IP: 315/Line][Encrypted][Confidence: DPI][cat: Web/5][30 pkts/3436 bytes <-> 41 pkts/4871 bytes][Goodput ratio: 53/51][85.95 sec][bytes ratio: -0.173 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 34/0 1072/694 14545/14632 3030/2503][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 115/119 350/388 54/101][Plen Bins: 0,52,10,15,0,5,2,0,5,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP 10.200.3.125:51170 <-> 147.92.169.90:29070 [proto: 316/LineCall][IP: 315/Line][Encrypted][Confidence: DPI][cat: VoIP/10][5 pkts/898 bytes <-> 5 pkts/1046 bytes][Goodput ratio: 77/80][8.07 sec][bytes ratio: -0.076 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1999/1999 2009/2009 2038/2037 17/16][Pkt Len c2s/s2c min/avg/max/stddev: 174/198 180/209 202/254 11/22][Plen Bins: 0,0,0,0,80,10,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 33f5d6673..6a627eb71 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence Unknown : 5 (flows) Confidence Match by port : 1 (flows) Confidence DPI : 15 (flows) -Num dissector calls: 1292 (61.52 diss/flow) +Num dissector calls: 1300 (61.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/15/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index 8b93f7673..bcaf8cd39 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 399 (133.00 diss/flow) +Num dissector calls: 402 (134.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index b1be3d40f..62836e5bc 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 201 (4.57 pkts/flow) Confidence Unknown : 34 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 71 (flows) -Num dissector calls: 6492 (60.67 diss/flow) +Num dissector calls: 6563 (61.34 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/102/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/quic.pcap.out b/tests/result/quic.pcap.out index c5cd09a70..4a038b3de 100644 --- a/tests/result/quic.pcap.out +++ b/tests/result/quic.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 12 (1.20 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 9 (flows) -Num dissector calls: 213 (21.30 diss/flow) +Num dissector calls: 216 (21.60 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/quic_0RTT.pcap.out b/tests/result/quic_0RTT.pcap.out index 27125781e..b7b11cc3d 100644 --- a/tests/result/quic_0RTT.pcap.out +++ b/tests/result/quic_0RTT.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 189 (94.50 diss/flow) +Num dissector calls: 191 (95.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/radius_false_positive.pcapng.out b/tests/result/radius_false_positive.pcapng.out index d38161d76..5ec4f33ef 100644 --- a/tests/result/radius_false_positive.pcapng.out +++ b/tests/result/radius_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 10 (10.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 198 (198.00 diss/flow) +Num dissector calls: 200 (200.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/raknet.pcap.out b/tests/result/raknet.pcap.out index 1237a9c31..ef6350096 100644 --- a/tests/result/raknet.pcap.out +++ b/tests/result/raknet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 24 (2.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1434 (119.50 diss/flow) +Num dissector calls: 1446 (120.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/rx.pcap.out b/tests/result/rx.pcap.out index fe84ba31f..30d29e38c 100644 --- a/tests/result/rx.pcap.out +++ b/tests/result/rx.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 612 (122.40 diss/flow) +Num dissector calls: 617 (123.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/sflow.pcap.out b/tests/result/sflow.pcap.out index 3caf75a2e..247525eb7 100644 --- a/tests/result/sflow.pcap.out +++ b/tests/result/sflow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 107 (107.00 diss/flow) +Num dissector calls: 108 (108.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/sip_hello.pcapng.out b/tests/result/sip_hello.pcapng.out index ddda66fc9..8cf191f8c 100644 --- a/tests/result/sip_hello.pcapng.out +++ b/tests/result/sip_hello.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 210 (210.00 diss/flow) +Num dissector calls: 211 (211.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/skype_udp.pcap.out b/tests/result/skype_udp.pcap.out index a5bb2050c..732f44bc0 100644 --- a/tests/result/skype_udp.pcap.out +++ b/tests/result/skype_udp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 123 (123.00 diss/flow) +Num dissector calls: 124 (124.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/softether.pcap.out b/tests/result/softether.pcap.out index 7acf790c4..cd40b3c4c 100644 --- a/tests/result/softether.pcap.out +++ b/tests/result/softether.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 31 (10.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 373 (93.25 diss/flow) +Num dissector calls: 375 (93.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 3aeae96ec..43a868988 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 11 (flows) Confidence DPI : 39 (flows) -Num dissector calls: 1515 (29.13 diss/flow) +Num dissector calls: 1522 (29.27 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/stun.pcap.out b/tests/result/stun.pcap.out index bbcbaebcc..456f6cb75 100644 --- a/tests/result/stun.pcap.out +++ b/tests/result/stun.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 13 (4.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 579 (144.75 diss/flow) +Num dissector calls: 586 (146.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/stun_signal.pcapng.out b/tests/result/stun_signal.pcapng.out index dac7d9e13..cfd87e79e 100644 --- a/tests/result/stun_signal.pcapng.out +++ b/tests/result/stun_signal.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 72 (3.43 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 22 (flows) -Num dissector calls: 2270 (98.70 diss/flow) +Num dissector calls: 2300 (100.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/synscan.pcap.out b/tests/result/synscan.pcap.out index 2525b67b5..77106ea3e 100644 --- a/tests/result/synscan.pcap.out +++ b/tests/result/synscan.pcap.out @@ -121,7 +121,7 @@ iSCSI 2 116 2 44 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 316/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 317/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 172.16.0.8:36050 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -183,7 +183,7 @@ iSCSI 2 116 2 106 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 107 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 108 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 109 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 316/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 109 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 317/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 111 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 TCP 172.16.0.8:36051 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/result/teams.pcap.out b/tests/result/teams.pcap.out index b1f86eeee..306874904 100644 --- a/tests/result/teams.pcap.out +++ b/tests/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 1 (flows) Confidence DPI (partial) : 1 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 607 (7.31 diss/flow) +Num dissector calls: 610 (7.35 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/teamviewer.pcap.out b/tests/result/teamviewer.pcap.out index d4a687d9e..34b72117c 100644 --- a/tests/result/teamviewer.pcap.out +++ b/tests/result/teamviewer.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 149 (74.50 diss/flow) +Num dissector calls: 152 (76.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/telegram.pcap.out b/tests/result/telegram.pcap.out index d34add7bf..96be25430 100644 --- a/tests/result/telegram.pcap.out +++ b/tests/result/telegram.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 5 DPI Packets (UDP): 93 (1.94 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 46 (flows) -Num dissector calls: 1666 (34.71 diss/flow) +Num dissector calls: 1672 (34.83 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/tftp.pcap.out b/tests/result/tftp.pcap.out index 181e04cc1..6dc8203f8 100644 --- a/tests/result/tftp.pcap.out +++ b/tests/result/tftp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 13 (1.86 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 310 (44.29 diss/flow) +Num dissector calls: 313 (44.71 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/toca-boca.pcap.out b/tests/result/toca-boca.pcap.out index 88c8a1bf9..f7880fe8f 100644 --- a/tests/result/toca-boca.pcap.out +++ b/tests/result/toca-boca.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (UDP): 21 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 17 (flows) -Num dissector calls: 441 (21.00 diss/flow) +Num dissector calls: 445 (21.19 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/viber.pcap.out b/tests/result/viber.pcap.out index 8f9f39192..68cc677a2 100644 --- a/tests/result/viber.pcap.out +++ b/tests/result/viber.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 546 (18.83 diss/flow) +Num dissector calls: 548 (18.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 998d4bde3..e530e91c1 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 17 (8.50 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 53 (flows) -Num dissector calls: 323 (5.67 diss/flow) +Num dissector calls: 324 (5.68 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index e496709fe..d40ca0c29 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 44 (3.14 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 19 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 594 (13.50 diss/flow) +Num dissector calls: 598 (13.59 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/wireguard.pcap.out b/tests/result/wireguard.pcap.out index df532a570..c64556e5f 100644 --- a/tests/result/wireguard.pcap.out +++ b/tests/result/wireguard.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 145 (145.00 diss/flow) +Num dissector calls: 147 (147.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/result/zoom.pcap.out b/tests/result/zoom.pcap.out index ee50bb061..d4427cdc1 100644 --- a/tests/result/zoom.pcap.out +++ b/tests/result/zoom.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 29 (1.71 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 31 (flows) -Num dissector calls: 1066 (32.30 diss/flow) +Num dissector calls: 1072 (32.48 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 7/0/0 (insert/search/found) diff --git a/tests/result/zoom2.pcap.out b/tests/result/zoom2.pcap.out index 13f4bf2db..9fa64d393 100644 --- a/tests/result/zoom2.pcap.out +++ b/tests/result/zoom2.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 75 (25.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI (partial cache): 3 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 878 (175.60 diss/flow) +Num dissector calls: 884 (176.80 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 1/3/3 (insert/search/found) diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj index e2ee86452..26b66dd55 100644 --- a/windows/nDPI.vcxproj +++ b/windows/nDPI.vcxproj @@ -163,6 +163,7 @@ <ClCompile Include="..\src\lib\protocols\imo.c" /> <ClCompile Include="..\src\lib\protocols\ipsec.c" /> <ClCompile Include="..\src\lib\protocols\kismet.c" /> + <ClCompile Include="..\src\lib\protocols\line.c" /> <ClCompile Include="..\src\lib\protocols\lisp.c" /> <ClCompile Include="..\src\lib\protocols\memcached.c" /> <ClCompile Include="..\src\lib\protocols\mining.c" /> @@ -388,4 +389,4 @@ <Error Condition="!Exists('packages\pthreads.redist.2.9.1.4\build\native\pthreads.redist.targets')" Text="$([System.String]::Format('$(ErrorText)', 'packages\pthreads.redist.2.9.1.4\build\native\pthreads.redist.targets'))" /> <Error Condition="!Exists('packages\pthreads.2.9.1.4\build\native\pthreads.targets')" Text="$([System.String]::Format('$(ErrorText)', 'packages\pthreads.2.9.1.4\build\native\pthreads.targets'))" /> </Target> -</Project>
\ No newline at end of file +</Project> |