diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2025-02-11 13:16:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-11 13:16:03 +0100 |
| commit | d738b60cac411d91d3474ec6cc9457f7c86110dd (patch) | |
| tree | 21ce51937abbf9f2537ca6399f0c99776b4d93bf /tests | |
| parent | 65c224e19cddf78f7579f7954a79746ab729d0c3 (diff) | |
DNS: evaluate all flow risks even if sub-classification is disabled (#2714)
Diffstat (limited to 'tests')
6 files changed, 34 insertions, 3 deletions
diff --git a/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out b/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out index a9f20999b..db13bf433 100644 --- a/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out +++ b/tests/cfgs/dns_subclassification_and_process_response_disable/result/dns.pcap.out @@ -9,7 +9,7 @@ LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache fpc_dns: 0/0/0 (insert/search/found) Automa host: 2/2 (search/found) -Automa domain: 0/0 (search/found) +Automa domain: 2/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 2/0 (search/found) Automa common alpns: 0/0 (search/found) diff --git a/tests/cfgs/dns_subclassification_enable/config.txt b/tests/cfgs/dns_subclassification_enable/config.txt new file mode 100644 index 000000000..76280fbb3 --- /dev/null +++ b/tests/cfgs/dns_subclassification_enable/config.txt @@ -0,0 +1 @@ +--cfg=dns,subclassification,1 diff --git a/tests/cfgs/dns_subclassification_enable/pcap/dns.pcap b/tests/cfgs/dns_subclassification_enable/pcap/dns.pcap new file mode 120000 index 000000000..aea7db12b --- /dev/null +++ b/tests/cfgs/dns_subclassification_enable/pcap/dns.pcap @@ -0,0 +1 @@ +../../default/pcap/dns.pcap
\ No newline at end of file diff --git a/tests/cfgs/dns_subclassification_enable/result/dns.pcap.out b/tests/cfgs/dns_subclassification_enable/result/dns.pcap.out new file mode 100644 index 000000000..7e63e6d78 --- /dev/null +++ b/tests/cfgs/dns_subclassification_enable/result/dns.pcap.out @@ -0,0 +1,29 @@ +DPI Packets (UDP): 3 (1.50 pkts/flow) +Confidence DPI : 2 (flows) +Num dissector calls: 2 (1.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache fpc_dns: 1/0/0 (insert/search/found) +Automa host: 3/3 (search/found) +Automa domain: 3/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 1/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 1/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 4/0 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +Google 3 226 1 +WhatsApp 2 310 1 + +Acceptable 5 536 2 + + 1 UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.142/DNS.WhatsApp, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.l.google.com][0.0.0.0][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out b/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out index e2785ae42..ff7249397 100644 --- a/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out +++ b/tests/cfgs/subclassification_disable/result/anydesk.pcapng.out @@ -10,7 +10,7 @@ LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache fpc_dns: 2/4/0 (insert/search/found) Automa host: 4/4 (search/found) -Automa domain: 0/0 (search/found) +Automa domain: 4/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 2/0 (search/found) Automa common alpns: 1/0 (search/found) diff --git a/tests/cfgs/subclassification_disable/result/dns.pcap.out b/tests/cfgs/subclassification_disable/result/dns.pcap.out index 6046db332..2e62be909 100644 --- a/tests/cfgs/subclassification_disable/result/dns.pcap.out +++ b/tests/cfgs/subclassification_disable/result/dns.pcap.out @@ -9,7 +9,7 @@ LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache fpc_dns: 1/0/0 (insert/search/found) Automa host: 3/3 (search/found) -Automa domain: 0/0 (search/found) +Automa domain: 3/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 2/0 (search/found) Automa common alpns: 0/0 (search/found) |