diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-07-24 17:46:24 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-24 17:46:24 +0200 |
| commit | e6b332aa4a1399e33df68998cf8351bccaee3fc4 (patch) | |
| tree | 3fd8ebf02b0af5334b203055e22e4fe139f0cbf4 /tests/result/skype_no_unknown.pcap.out | |
| parent | 523f22b942b1649272e7b89000d25db6278aa1b0 (diff) | |
Add support for flow client/server information (#1671)
In a lot of places in ndPI we use *packet* source/dest info
(address/port/direction) when we are interested in *flow* client/server
info, instead.
Add basic logic to autodetect this kind of information.
nDPI doesn't perform any "flow management" itself but this task is
delegated to the external application. It is then likely that the
application might provide more reliable hints about flow
client/server direction and about the TCP handshake presence: in that case,
these information might be (optionally) passed to the library, disabling
the internal "autodetect" logic.
These new fields have been used in some LRU caches and in the "guessing"
algorithm.
It is quite likely that some other code needs to be updated.
Diffstat (limited to 'tests/result/skype_no_unknown.pcap.out')
| -rw-r--r-- | tests/result/skype_no_unknown.pcap.out | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 705fd30fd..4ec4425f6 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 45 (flows) Confidence Match by port : 22 (flows) Confidence DPI : 200 (flows) -Num dissector calls: 26144 (97.92 diss/flow) +Num dissector calls: 26166 (98.00 diss/flow) Unknown 850 152468 45 DNS 2 267 1 |