Fix configuration of ip lists of flow risks (#2859)

Add some new tests about these configuration parameters. Close #2858
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2025-05-28 20:19:19 +0200
committer: GitHub <noreply@github.com> 2025-05-28 20:19:19 +0200
commit: 651daeb01a15c0880c34e7b482710e35b92d98e2 (patch)
tree: 39333aac238a9c293f618b0fe0e128ae172eb6ee
parent: 9e5a67f3690e7f5a5ca6bd796ea9eea6c167a6d5 (diff)
6 files changed, 68 insertions, 1 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index ad23e8aa2..1adae4a3e 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -12154,7 +12154,8 @@ ndpi_cfg_error ndpi_set_config(struct ndpi_detection_module_struct *ndpi_str,
        (proto == NULL && c->proto == NULL &&
 	strncmp(c->param, "flow_risk.$FLOWRISK_NAME_OR_ID", 30) == 0 &&
 	strncmp(param, "flow_risk.", 10) == 0 &&
-	!ndpi_str_endswith(param, ".info")) ||
+	!ndpi_str_endswith(param, ".info") &&
+	!ndpi_str_endswith(param, ".load")) ||
        (proto == NULL && c->proto == NULL &&
 	strncmp(c->param, "flow_risk.$FLOWRISK_NAME_OR_ID.info", 35) == 0 &&
 	strncmp(param, "flow_risk.", 10) == 0 &&
diff --git a/tests/cfgs/default/pcap/flow_risk_lists.pcapng b/tests/cfgs/default/pcap/flow_risk_lists.pcapng
new file mode 100644
index 000000000..9b3caca14
--- /dev/null
+++ b/tests/cfgs/default/pcap/flow_risk_lists.pcapng
diff --git a/tests/cfgs/default/result/flow_risk_lists.pcapng.out b/tests/cfgs/default/result/flow_risk_lists.pcapng.out
new file mode 100644
index 000000000..d8f9568ff
--- /dev/null
+++ b/tests/cfgs/default/result/flow_risk_lists.pcapng.out
@@ -0,0 +1,32 @@
+Guessed flow protos:	2
+
+DPI Packets (TCP):	2	(1.00 pkts/flow)
+Confidence Match by port    : 2 (flows)
+Num dissector calls: 0 (0.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/6/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/2/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/2/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 2/0 (search/found)
+Patricia risk:        1/1 (search/found)
+Patricia risk IPv6:   1/1 (search/found)
+Patricia protocols:   1/1 (search/found)
+Patricia protocols IPv6: 2/0 (search/found)
+
+HTTP	1	74	1
+TLS	1	94	1
+
+Safe                             1 94            1            
+Acceptable                       1 74            1            
+
+	1	TCP [2a02:26f7:d198:400::1]:44878 -> [2001:db8:200::1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Anonymous Subscriber **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 23.98.142.176:53684 -> 8.8.8.8:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Crawler/Bot **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/flow_risk_list_disable/config.txt b/tests/cfgs/flow_risk_list_disable/config.txt
new file mode 100644
index 000000000..4108ff491
--- /dev/null
+++ b/tests/cfgs/flow_risk_list_disable/config.txt
@@ -0,0 +1 @@
+--cfg=flow_risk.crawler_bot.list.load,0 --cfg=flow_risk.anonymous_subscriber.list.icloudprivaterelay.load,0 --cfg=flow_risk.anonymous_subscriber.list.tor.load,0
diff --git a/tests/cfgs/flow_risk_list_disable/pcap/flow_risk_lists.pcapng b/tests/cfgs/flow_risk_list_disable/pcap/flow_risk_lists.pcapng
new file mode 120000
index 000000000..3b34a6c94
--- /dev/null
+++ b/tests/cfgs/flow_risk_list_disable/pcap/flow_risk_lists.pcapng
@@ -0,0 +1 @@
+../../default/pcap/flow_risk_lists.pcapng
+\ No newline at end of file
diff --git a/tests/cfgs/flow_risk_list_disable/result/flow_risk_lists.pcapng.out b/tests/cfgs/flow_risk_list_disable/result/flow_risk_lists.pcapng.out
new file mode 100644
index 000000000..4da069c31
--- /dev/null
+++ b/tests/cfgs/flow_risk_list_disable/result/flow_risk_lists.pcapng.out
@@ -0,0 +1,32 @@
+Guessed flow protos:	2
+
+DPI Packets (TCP):	2	(1.00 pkts/flow)
+Confidence Match by port    : 2 (flows)
+Num dissector calls: 0 (0.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/6/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/2/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/2/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        1/0 (search/found)
+Patricia risk IPv6:   1/0 (search/found)
+Patricia protocols:   1/1 (search/found)
+Patricia protocols IPv6: 2/0 (search/found)
+
+HTTP	1	74	1
+TLS	1	94	1
+
+Safe                             1 94            1            
+Acceptable                       1 74            1            
+
+	1	TCP [2a02:26f7:d198:400::1]:44878 -> [2001:db8:200::1]:443 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Web/5][1 pkts/94 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65320_5c453b01be6e/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 23.98.142.176:53684 -> 8.8.8.8:80 [proto: 7/HTTP][IP: 126/Google][ClearText][Confidence: Match by port][FPC: 126/Google, Confidence: IP address][DPI packets: 1][cat: Web/5][1 pkts/74 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2025-05-28 20:19:19 +0200
committer	GitHub <noreply@github.com>	2025-05-28 20:19:19 +0200
commit	651daeb01a15c0880c34e7b482710e35b92d98e2 (patch)
tree	39333aac238a9c293f618b0fe0e128ae172eb6ee
parent	9e5a67f3690e7f5a5ca6bd796ea9eea6c167a6d5 (diff)