config: DNS: add two configuration options

* Enable/disable sub-classification of DNS flows * Enable/disable processing of DNS responses
author: Nardi Ivan <nardi.ivan@gmail.com> 2024-01-10 10:06:03 +0100
committer: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2024-01-18 10:21:24 +0100
commit: c704be1a20d169bea1c55a720421742f09f4aa88 (patch)
tree: a88a79ec47bdd7910385eac1b187607f80e4ff21 /tests
parent: 950f209a1736e76ca621a8ffebef9dcd2fa9745d (diff)
11 files changed, 124 insertions, 0 deletions
diff --git a/tests/cfgs/default/pcap/dns.pcap b/tests/cfgs/default/pcap/dns.pcap
new file mode 100644
index 000000000..e75aeff6a
--- /dev/null
+++ b/tests/cfgs/default/pcap/dns.pcap
diff --git a/tests/cfgs/default/result/dns.pcap.out b/tests/cfgs/default/result/dns.pcap.out
new file mode 100644
index 000000000..768b51b97
--- /dev/null
+++ b/tests/cfgs/default/result/dns.pcap.out
@@ -0,0 +1,30 @@
+DPI Packets (UDP):	3	(1.50 pkts/flow)
+Confidence DPI              : 2 (flows)
+Num dissector calls: 2 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          3/3 (search/found)
+Automa domain:        3/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        1/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Google	3	226	1
+WhatsApp	2	310	1
+
+Acceptable                       5 536           2            
+
+	1	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.l.google.com][::][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_process_response_disable/config.txt b/tests/cfgs/dns_process_response_disable/config.txt
new file mode 100644
index 000000000..028879f70
--- /dev/null
+++ b/tests/cfgs/dns_process_response_disable/config.txt
@@ -0,0 +1 @@
+--cfg=dns,process_response.enable,0
diff --git a/tests/cfgs/dns_process_response_disable/pcap/dns.pcap b/tests/cfgs/dns_process_response_disable/pcap/dns.pcap
new file mode 120000
index 000000000..aea7db12b
--- /dev/null
+++ b/tests/cfgs/dns_process_response_disable/pcap/dns.pcap
@@ -0,0 +1 @@
+../../default/pcap/dns.pcap
+\ No newline at end of file
diff --git a/tests/cfgs/dns_process_response_disable/result/dns.pcap.out b/tests/cfgs/dns_process_response_disable/result/dns.pcap.out
new file mode 100644
index 000000000..53f29a7f5
--- /dev/null
+++ b/tests/cfgs/dns_process_response_disable/result/dns.pcap.out
@@ -0,0 +1,30 @@
+DPI Packets (UDP):	2	(1.00 pkts/flow)
+Confidence DPI              : 2 (flows)
+Num dissector calls: 2 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          2/2 (search/found)
+Automa domain:        2/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        1/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Google	3	226	1
+WhatsApp	2	310	1
+
+Acceptable                       5 536           2            
+
+	1	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][::][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.l.google.com][::][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_subclassification_and_process_response_disable/config.txt b/tests/cfgs/dns_subclassification_and_process_response_disable/config.txt
new file mode 100644
index 000000000..85e59f245
--- /dev/null
+++ b/tests/cfgs/dns_subclassification_and_process_response_disable/config.txt
@@ -0,0 +1 @@
+--cfg=dns,subclassification.enable,0 --cfg=dns,process_response.enable,0
diff --git a/tests/cfgs/dns_subclassification_and_process_response_disable/pcap/dns.pcap b/tests/cfgs/dns_subclassification_and_process_response_disable/pcap/dns.pcap
new file mode 120000
index 000000000..aea7db12b
--- /dev/null
+++ b/tests/cfgs/dns_subclassification_and_process_response_disable/pcap/dns.pcap
@@ -0,0 +1 @@
+../../default/pcap/dns.pcap
+\ No newline at end of file
diff --git a/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out b/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out
new file mode 100644
index 000000000..08b023648
--- /dev/null
+++ b/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out
@@ -0,0 +1,29 @@
+DPI Packets (UDP):	2	(1.00 pkts/flow)
+Confidence DPI              : 2 (flows)
+Num dissector calls: 2 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     2/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   4/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        1/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+DNS	5	536	2
+
+Acceptable                       5 536           2            
+
+	1	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][::][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.l.google.com][::][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_subclassification_disable/config.txt b/tests/cfgs/dns_subclassification_disable/config.txt
new file mode 100644
index 000000000..09cc4f225
--- /dev/null
+++ b/tests/cfgs/dns_subclassification_disable/config.txt
@@ -0,0 +1 @@
+--cfg=dns,subclassification.enable,0
diff --git a/tests/cfgs/dns_subclassification_disable/pcap/dns.pcap b/tests/cfgs/dns_subclassification_disable/pcap/dns.pcap
new file mode 120000
index 000000000..aea7db12b
--- /dev/null
+++ b/tests/cfgs/dns_subclassification_disable/pcap/dns.pcap
@@ -0,0 +1 @@
+../../default/pcap/dns.pcap
+\ No newline at end of file
diff --git a/tests/cfgs/dns_subclassification_disable/result/dns.pcap.out b/tests/cfgs/dns_subclassification_disable/result/dns.pcap.out
new file mode 100644
index 000000000..51f6be64a
--- /dev/null
+++ b/tests/cfgs/dns_subclassification_disable/result/dns.pcap.out
@@ -0,0 +1,29 @@
+DPI Packets (UDP):	3	(1.50 pkts/flow)
+Confidence DPI              : 2 (flows)
+Num dissector calls: 2 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     2/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   4/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        1/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+DNS	5	536	2
+
+Acceptable                       5 536           2            
+
+	1	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.l.google.com][::][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Nardi Ivan <nardi.ivan@gmail.com>	2024-01-10 10:06:03 +0100
committer	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2024-01-18 10:21:24 +0100
commit	c704be1a20d169bea1c55a720421742f09f4aa88 (patch)
tree	a88a79ec47bdd7910385eac1b187607f80e4ff21 /tests
parent	950f209a1736e76ca621a8ffebef9dcd2fa9745d (diff)