Add support for vxlan decapsulation (#1441) (#1900)

Close #1441

1 files changed, 19 insertions, 18 deletions

diff --git a/tests/result/vxlan.pcap.out b/tests/result/vxlan.pcap.out
index fa5e837a9..3fd877354 100644
--- a/tests/result/vxlan.pcap.out
+++ b/tests/result/vxlan.pcap.out
@@ -1,8 +1,9 @@
 Guessed flow protos:	0
 
-DPI Packets (UDP):	9	(1.00 pkts/flow)
-Confidence DPI              : 9 (flows)
-Num dissector calls: 9 (1.00 diss/flow)
+DPI Packets (TCP):	12	(6.00 pkts/flow)
+DPI Packets (UDP):	6	(3.00 pkts/flow)
+Confidence DPI              : 4 (flows)
+Num dissector calls: 4 (1.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
@@ -11,23 +12,23 @@ LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 LRU cache stun_zoom:  0/0/0 (insert/search/found)
-Automa host:          0/0 (search/found)
-Automa domain:        0/0 (search/found)
+Automa host:          8/8 (search/found)
+Automa domain:        8/0 (search/found)
 Automa tls cert:      0/0 (search/found)
-Automa risk mask:     0/0 (search/found)
+Automa risk mask:     2/0 (search/found)
 Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   18/0 (search/found)
+Patricia risk mask:   8/0 (search/found)
 Patricia risk:        0/0 (search/found)
-Patricia protocols:   18/0 (search/found)
+Patricia protocols:   4/4 (search/found)
 
-VXLAN	127	85322	9
+Facebook	127	85322	4
 
-	1	UDP 192.168.22.5:36286 -> 192.168.22.4:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][56 pkts/71223 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/0 113/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 1272/0 1500/0 477/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Ev0@ED)][Plen Bins: 0,0,10,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
-	2	UDP 192.168.22.5:60230 -> 192.168.22.4:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][13 pkts/5656 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][0.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/0 233/0 70/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 435/0 1500/0 497/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,55,7,0,0,0,7,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
-	3	UDP 192.168.22.4:40646 -> 192.168.22.5:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][35 pkts/4938 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/0 150/0 30/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 141/0 438/0 66/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (www.facebook.com)][Plen Bins: 0,0,91,0,2,0,0,2,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	UDP 192.168.22.4:49762 -> 192.168.22.5:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][12 pkts/2011 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][0.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/0 81/0 25/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 168/0 434/0 92/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (facebook.com)][Plen Bins: 0,0,67,8,8,0,0,8,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	UDP 192.168.22.5:50251 -> 192.168.22.4:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/362 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (facebook)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	6	UDP 192.168.22.4:60230 -> 192.168.22.5:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][3 pkts/324 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	7	UDP 192.168.22.5:43866 -> 192.168.22.4:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/296 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (facebook)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	8	UDP 192.168.22.4:60351 -> 192.168.22.5:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/260 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (facebook)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	9	UDP 192.168.22.4:60887 -> 192.168.22.5:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/252 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (facebook)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 10.10.20.4               	 1      
+
+
+	1	TCP 10.10.20.4:45228 <-> 157.240.224.35:443 [VLAN: 5][proto: VXLAN:91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][35 pkts/4938 bytes <-> 56 pkts/71223 bytes][Goodput ratio: 15/91][0.34 sec][Hostname/SNI: www.facebook.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.870 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/6 81/140 17/26][Pkt Len c2s/s2c min/avg/max/stddev: 120/120 141/1272 438/1500 66/477][Risk: ** TLS (probably) Not Carrying HTTPS **** Malicious JA3 Fingerp. **][Risk Score: 60][Risk Info: 40adfd923eb82b89d8836ba37a19bca1 / No ALPN][TLSv1.3][JA3C: 40adfd923eb82b89d8836ba37a19bca1][JA3S: 475c9302dc42b2751db9edcac3b74891][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 0,0,1,0,0,5,0,0,0,1,0,0,0,0,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,87,0,0,0,0]
+	2	TCP 10.10.20.4:45226 <-> 157.240.224.35:443 [VLAN: 5][proto: VXLAN:91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 6][cat: SocialNetwork/6][15 pkts/2335 bytes <-> 13 pkts/5656 bytes][Goodput ratio: 24/72][0.38 sec][Hostname/SNI: facebook.com][TLS Supported Versions: TLSv1.3;TLSv1.2;TLSv1.1;TLSv1][bytes ratio: -0.416 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/15 224/113 62/35][Pkt Len c2s/s2c min/avg/max/stddev: 108/120 156/435 434/1500 86/497][Risk: ** TLS (probably) Not Carrying HTTPS **** Malicious JA3 Fingerp. **][Risk Score: 60][Risk Info: 40adfd923eb82b89d8836ba37a19bca1 / No ALPN][TLSv1.3][JA3C: 40adfd923eb82b89d8836ba37a19bca1][JA3S: 475c9302dc42b2751db9edcac3b74891][Firefox][Cipher: TLS_CHACHA20_POLY1305_SHA256][Plen Bins: 20,0,10,0,0,20,0,0,0,10,0,0,0,0,10,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0]
+	3	UDP 10.10.20.4:32860 <-> 8.8.8.8:53 [VLAN: 5][proto: VXLAN:5.119/DNS.Facebook][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/260 bytes <-> 2 pkts/362 bytes][Goodput ratio: 26/47][0.07 sec][Hostname/SNI: www.facebook.com][157.240.224.35][PLAIN TEXT (facebook)][Plen Bins: 0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 10.10.20.4:44437 <-> 8.8.8.8:53 [VLAN: 5][proto: VXLAN:5.119/DNS.Facebook][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/252 bytes <-> 2 pkts/296 bytes][Goodput ratio: 24/35][0.07 sec][Hostname/SNI: facebook.com][157.240.224.35][PLAIN TEXT (facebook)][Plen Bins: 50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]