Fixed syslog false positives. (#1577)

* syslog: removed unnecessary/unreliable printable string check * added `ndpi_isalnum()` * splitted `ndpi_is_printable_string()` into `ndpi_is_printable_buffer()` and `ndpi_normalize_printable_string()` Signed-off-by: lns <matzeton@googlemail.com>
author: Toni <matzeton@googlemail.com> 2022-06-03 18:21:29 +0200
committer: GitHub <noreply@github.com> 2022-06-03 18:21:29 +0200
commit: 09fbe0a64a11b08a35435f516e9a19f7e0c20d7c (patch)
tree: 3a1f16a822cd21e52da4b9e56486906cb104bb62 /tests
parent: 6149c0f880163b0bebd513fa957ece325c77cb88 (diff)
4 files changed, 25 insertions, 14 deletions
diff --git a/tests/pcap/syslog.pcap b/tests/pcap/syslog.pcap
new file mode 100644
index 000000000..3756ab667
--- /dev/null
+++ b/tests/pcap/syslog.pcap
diff --git a/tests/pcap/syslog.pcapng b/tests/pcap/syslog.pcapng
deleted file mode 100644
index 24b62f5bf..000000000
--- a/tests/pcap/syslog.pcapng
+++ /dev/null
diff --git a/tests/result/syslog.pcap.out b/tests/result/syslog.pcap.out
new file mode 100644
index 000000000..108bb4842
--- /dev/null
+++ b/tests/result/syslog.pcap.out
@@ -0,0 +1,25 @@
+Guessed flow protos:	0
+
+DPI Packets (UDP):	18	(1.00 pkts/flow)
+Confidence DPI              : 18 (flows)
+
+Syslog	62	17124	18
+
+	1	UDP [2001:470:6c:a1::2]:38159 -> [2001:470:765b::b15:22]:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][6 pkts/2994 bytes -> 0 pkts/0 bytes][Goodput ratio: 84/0][12.00 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 15/0 2400/0 7985/0 3185/0][Pkt Len c2s/s2c min/avg/max/stddev: 480/0 499/0 537/0 27/0][PLAIN TEXT ( NetScreen device)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,66,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 172.20.51.54:514 -> 172.31.110.40:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][15 pkts/2925 bytes -> 0 pkts/0 bytes][Goodput ratio: 78/0][22.45 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 8/0 1495/0 5398/0 2274/0][Pkt Len c2s/s2c min/avg/max/stddev: 150/0 195/0 234/0 34/0][PLAIN TEXT (854 08/20/2013)][Plen Bins: 0,0,0,20,40,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP 195.120.165.134:514 -> 83.235.169.221:11000 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][4 pkts/1954 bytes -> 0 pkts/0 bytes][Goodput ratio: 90/0][1.03 sec][PLAIN TEXT (1 2022)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,50,0,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP 10.94.80.60:39438 -> 10.94.150.22:514 [VLAN: 2005][proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][1 pkts/1316 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][PLAIN TEXT (Mar  9 04)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+	5	UDP 192.168.126.102:57166 -> 172.19.177.230:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][4 pkts/1157 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][26.59 sec][PLAIN TEXT (syslog@9 s)][Plen Bins: 0,0,0,0,0,0,0,75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	UDP 10.22.179.215:57166 -> 172.26.54.76:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][5 pkts/852 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][35.05 sec][PLAIN TEXT (syslog@9 s)][Plen Bins: 0,0,0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	UDP 10.11.105.154:20627 -> 10.6.15.11:514 [VLAN: 408][proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][1 pkts/761 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][PLAIN TEXT (09 time)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	8	UDP 10.94.232.21:57374 -> 10.94.150.21:514 [VLAN: 2005][proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][5 pkts/740 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.00 sec][PLAIN TEXT (Mar  9 04)][Plen Bins: 0,0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	9	UDP 10.224.43.149:57166 -> 172.23.243.89:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][3 pkts/736 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][5.49 sec][PLAIN TEXT (facility)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	10	UDP 95.136.242.54:514 -> 93.20.126.110:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][1 pkts/703 bytes -> 0 pkts/0 bytes][Goodput ratio: 93/0][< 1 sec][PLAIN TEXT (Jan 01 00)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	11	UDP 192.168.121.10:50080 -> 192.168.120.10:514 [VLAN: 121][proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][4 pkts/630 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][150.90 sec][PLAIN TEXT ( Mar  3 19)][Plen Bins: 0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	12	UDP 192.168.45.162:57166 -> 10.208.120.95:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][2 pkts/499 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][0.99 sec][PLAIN TEXT (facility)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	13	UDP 192.168.121.2:50352 -> 192.168.120.10:514 [VLAN: 121][proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][2 pkts/385 bytes -> 0 pkts/0 bytes][Goodput ratio: 76/0][0.00 sec][PLAIN TEXT ( Mar  3 20)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	14	UDP 95.136.242.54:514 -> 93.20.126.48:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][1 pkts/379 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][< 1 sec][PLAIN TEXT (Jan 01 00)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	15	UDP 192.168.67.241:62679 -> 10.193.53.6:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][2 pkts/292 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][PLAIN TEXT (Sep 22 13)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	16	UDP 172.21.251.36:62679 -> 172.19.196.11:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][2 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][0.99 sec][PLAIN TEXT (Sep 22 13)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	17	UDP 192.168.72.140:62679 -> 192.168.178.148:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][2 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][1.04 sec][PLAIN TEXT (Sep 22 13)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	18	UDP 10.251.23.139:59194 -> 62.39.3.142:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][2 pkts/236 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][48.30 sec][PLAIN TEXT (Jan  2 10)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/syslog.pcapng.out b/tests/result/syslog.pcapng.out
deleted file mode 100644
index b9f7ba449..000000000
--- a/tests/result/syslog.pcapng.out
+++ /dev/null
@@ -1,14 +0,0 @@
-Guessed flow protos:	0
-
-DPI Packets (UDP):	7	(1.00 pkts/flow)
-Confidence DPI              : 7 (flows)
-
-Syslog	20	4101	7
-
-	1	UDP 192.168.126.102:57166 -> 172.19.177.230:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][4 pkts/1157 bytes -> 0 pkts/0 bytes][Goodput ratio: 85/0][26.59 sec][PLAIN TEXT (syslog@9 s)][Plen Bins: 0,0,0,0,0,0,0,75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 10.22.179.215:57166 -> 172.26.54.76:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][5 pkts/852 bytes -> 0 pkts/0 bytes][Goodput ratio: 75/0][35.05 sec][PLAIN TEXT (syslog@9 s)][Plen Bins: 0,0,0,40,60,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	UDP 10.224.43.149:57166 -> 172.23.243.89:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][3 pkts/736 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][5.49 sec][PLAIN TEXT (facility)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	UDP 192.168.45.162:57166 -> 10.208.120.95:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][2 pkts/499 bytes -> 0 pkts/0 bytes][Goodput ratio: 83/0][0.99 sec][PLAIN TEXT (facility)][Plen Bins: 0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	UDP 192.168.67.241:62679 -> 10.193.53.6:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][2 pkts/292 bytes -> 0 pkts/0 bytes][Goodput ratio: 71/0][< 1 sec][PLAIN TEXT (Sep 22 13)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	6	UDP 172.21.251.36:62679 -> 172.19.196.11:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][2 pkts/284 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][0.99 sec][PLAIN TEXT (Sep 22 13)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	7	UDP 192.168.72.140:62679 -> 192.168.178.148:514 [proto: 17/Syslog][ClearText][Confidence: DPI][cat: System/18][2 pkts/281 bytes -> 0 pkts/0 bytes][Goodput ratio: 70/0][1.04 sec][PLAIN TEXT (Sep 22 13)][Plen Bins: 0,0,50,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Toni <matzeton@googlemail.com>	2022-06-03 18:21:29 +0200
committer	GitHub <noreply@github.com>	2022-06-03 18:21:29 +0200
commit	09fbe0a64a11b08a35435f516e9a19f7e0c20d7c (patch)
tree	3a1f16a822cd21e52da4b9e56486906cb104bb62 /tests
parent	6149c0f880163b0bebd513fa957ece325c77cb88 (diff)