diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-12-22 19:54:06 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-22 19:54:06 +0100 |
| commit | 91bb77a8806ee2987e856f66674cf3aa8b1d60db (patch) | |
| tree | 0f2a06cc9b64a8af221552e87ae771ac882ab4b5 /tests/result | |
| parent | 02da143e4567cbfe32b139561ec3a702ce380fc7 (diff) | |
A final(?) effort to reduce memory usage per flow (#1389)
Remove some unused fields and re-organize other ones.
In particular:
* Update the parameters of `ndpi_ssl_version2str()` function
* Zattoo, Thunder: these timestamps aren't really used.
* Ftp/mail: these protocols are dissected only over TCP.
* Attention must be paid to TLS.Bittorrent flows to avoid invalid
read/write to `flow->protos.bittorrent.hash` field.
This is the last(?) commit of a long series (see 22241a1d, 227e586e,
730c2360, a8ffcd8b) aiming to reduce library memory consumption.
Before, at nDPI 4.0 (more precisly, at a6b10cf7, because memory stats
were wrong until that commit):
```
nDPI Memory statistics:
nDPI Memory (once): 221.15 KB
Flow Memory (per flow): 2.94 KB
```
Now:
```
nDPI Memory statistics:
nDPI Memory (once): 231.71 KB
Flow Memory (per flow): 1008 B <---------
```
i.e. memory usage per flow has been reduced by 66%, dropping below the
psychological threshold of 1 KB.
To further reduce this value, we probably need to look into #1279:
let's fight this battle another day.
Diffstat (limited to 'tests/result')
| -rw-r--r-- | tests/result/tls_torrent.pcapng.out | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tests/result/tls_torrent.pcapng.out b/tests/result/tls_torrent.pcapng.out new file mode 100644 index 000000000..8534da1d5 --- /dev/null +++ b/tests/result/tls_torrent.pcapng.out @@ -0,0 +1,12 @@ +Guessed flow protos: 0 + +DPI Packets (TCP): 7 (7.00 pkts/flow) + +BitTorrent 7 6308 1 + +JA3 Host Stats: + IP Address # JA3C + 1 10.10.10.1 1 + + + 1 TCP 10.10.10.1:443 <-> 192.168.0.1:58842 [proto: 91.37/TLS.BitTorrent][Encrypted][cat: Download/7][6 pkts/5922 bytes <-> 1 pkts/386 bytes][Goodput ratio: 94/86][0.16 sec][Hostname/SNI: web.utorrent.com][bytes ratio: 0.878 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 32/0 147/0 58/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/386 987/386 1454/386 651/0][Risk: ** TLS (probably) not carrying HTTPS **** Possibly Malicious JA3 Fingerprint **][Risk Score: 60][TLSv1.2][JA3C: fd80fa9c6120cdeea8520510f3c644ac][ServerNames: *.utorrent.com,utorrent.com][JA3S: 6f84bbe9810ec4ea9061cc1a02eaf83c][Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2][Subject: CN=*.utorrent.com][Certificate SHA-1: E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8][Firefox][Validity: 2021-09-27 07:16:05 - 2022-09-24 22:26:57][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,60,0,0,0,0] |