Add support for flow client/server information (#1671)

In a lot of places in ndPI we use *packet* source/dest info (address/port/direction) when we are interested in *flow* client/server info, instead. Add basic logic to autodetect this kind of information. nDPI doesn't perform any "flow management" itself but this task is delegated to the external application. It is then likely that the application might provide more reliable hints about flow client/server direction and about the TCP handshake presence: in that case, these information might be (optionally) passed to the library, disabling the internal "autodetect" logic. These new fields have been used in some LRU caches and in the "guessing" algorithm. It is quite likely that some other code needs to be updated.
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2022-07-24 17:46:24 +0200
committer: GitHub <noreply@github.com> 2022-07-24 17:46:24 +0200
commit: e6b332aa4a1399e33df68998cf8351bccaee3fc4 (patch)
tree: 3fd8ebf02b0af5334b203055e22e4fe139f0cbf4 /tests
parent: 523f22b942b1649272e7b89000d25db6278aa1b0 (diff)
25 files changed, 25 insertions, 25 deletions
diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out
index e5e3c3b70..bd2117a80 100644
--- a/tests/result/1kxun.pcap.out
+++ b/tests/result/1kxun.pcap.out
@@ -6,7 +6,7 @@ Confidence Unknown          : 14 (flows)
 Confidence Match by port    : 5 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 177 (flows)
-Num dissector calls: 5061 (25.69 diss/flow)
+Num dissector calls: 5058 (25.68 diss/flow)
 
 Unknown	24	6428	14
 DNS	2	378	1
diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out
index 82202b385..dce0a11c3 100644
--- a/tests/result/KakaoTalk_chat.pcap.out
+++ b/tests/result/KakaoTalk_chat.pcap.out
@@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Match by port    : 4 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 33 (flows)
-Num dissector calls: 878 (23.11 diss/flow)
+Num dissector calls: 879 (23.13 diss/flow)
 
 DNS	2	217	1
 HTTP	1	56	1
diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out
index 924b9ab62..00c6824c1 100644
--- a/tests/result/KakaoTalk_talk.pcap.out
+++ b/tests/result/KakaoTalk_talk.pcap.out
@@ -5,7 +5,7 @@ DPI Packets (UDP):	6	(1.20 pkts/flow)
 Confidence Match by port    : 4 (flows)
 Confidence Match by IP      : 5 (flows)
 Confidence DPI              : 11 (flows)
-Num dissector calls: 993 (49.65 diss/flow)
+Num dissector calls: 999 (49.95 diss/flow)
 
 HTTP	5	280	1
 QQ	15	1727	1
diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out
index a82f38290..c24351f0b 100644
--- a/tests/result/Oscar.pcap.out
+++ b/tests/result/Oscar.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	33	(33.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 351 (351.00 diss/flow)
+Num dissector calls: 352 (352.00 diss/flow)
 
 TLS	71	9386	1
 
diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out
index 725522d60..a0013433f 100644
--- a/tests/result/amqp.pcap.out
+++ b/tests/result/amqp.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	9	(3.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 398 (132.67 diss/flow)
+Num dissector calls: 401 (133.67 diss/flow)
 
 AMQP	160	23514	3
 
diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out
index e08b1c6df..6d04f9f3d 100644
--- a/tests/result/anyconnect-vpn.pcap.out
+++ b/tests/result/anyconnect-vpn.pcap.out
@@ -7,7 +7,7 @@ Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 5 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 61 (flows)
-Num dissector calls: 1165 (16.88 diss/flow)
+Num dissector calls: 1170 (16.96 diss/flow)
 
 Unknown	19	1054	2
 DNS	32	3655	16
diff --git a/tests/result/cloudflare-warp.pcap.out b/tests/result/cloudflare-warp.pcap.out
index fffdf6aeb..eff72b17d 100644
--- a/tests/result/cloudflare-warp.pcap.out
+++ b/tests/result/cloudflare-warp.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	4
 DPI Packets (TCP):	41	(5.12 pkts/flow)
 Confidence Match by IP      : 3 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 285 (35.62 diss/flow)
+Num dissector calls: 286 (35.75 diss/flow)
 
 Jabber	11	890	1
 Google	8	476	3
diff --git a/tests/result/dnp3.pcap.out b/tests/result/dnp3.pcap.out
index d5da026aa..ece43267b 100644
--- a/tests/result/dnp3.pcap.out
+++ b/tests/result/dnp3.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	80	(10.00 pkts/flow)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 351 (43.88 diss/flow)
+Num dissector calls: 248 (31.00 diss/flow)
 
 DNP3	543	38754	8
 
diff --git a/tests/result/emotet.pcap.out b/tests/result/emotet.pcap.out
index 06a71411f..8db6960f8 100644
--- a/tests/result/emotet.pcap.out
+++ b/tests/result/emotet.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	48	(8.00 pkts/flow)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 281 (46.83 diss/flow)
+Num dissector calls: 280 (46.67 diss/flow)
 
 SMTP	626	438465	1
 HTTP	1601	1581542	3
diff --git a/tests/result/ftp_failed.pcap.out b/tests/result/ftp_failed.pcap.out
index 3944a87a0..a0c746116 100644
--- a/tests/result/ftp_failed.pcap.out
+++ b/tests/result/ftp_failed.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	8	(8.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 161 (161.00 diss/flow)
+Num dissector calls: 160 (160.00 diss/flow)
 
 FTP_CONTROL	18	1700	1
 
diff --git a/tests/result/fuzz-2006-06-26-2594.pcap.out b/tests/result/fuzz-2006-06-26-2594.pcap.out
index 574fb4a87..fbe9512e3 100644
--- a/tests/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/result/fuzz-2006-06-26-2594.pcap.out
@@ -6,7 +6,7 @@ DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Unknown          : 30 (flows)
 Confidence Match by port    : 28 (flows)
 Confidence DPI              : 193 (flows)
-Num dissector calls: 5303 (21.13 diss/flow)
+Num dissector calls: 5266 (20.98 diss/flow)
 
 Unknown	30	3356	30
 FTP_CONTROL	36	2569	12
diff --git a/tests/result/fuzz-2006-09-29-28586.pcap.out b/tests/result/fuzz-2006-09-29-28586.pcap.out
index 686de394a..d85f4a68d 100644
--- a/tests/result/fuzz-2006-09-29-28586.pcap.out
+++ b/tests/result/fuzz-2006-09-29-28586.pcap.out
@@ -6,7 +6,7 @@ Confidence Unknown          : 3 (flows)
 Confidence Match by port    : 23 (flows)
 Confidence Match by IP      : 2 (flows)
 Confidence DPI              : 12 (flows)
-Num dissector calls: 1227 (30.67 diss/flow)
+Num dissector calls: 1232 (30.80 diss/flow)
 
 Unknown	3	655	3
 HTTP	116	27378	35
diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out
index 478bd4763..7494ce9e6 100644
--- a/tests/result/google_ssl.pcap.out
+++ b/tests/result/google_ssl.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	28	(28.00 pkts/flow)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 252 (252.00 diss/flow)
+Num dissector calls: 253 (253.00 diss/flow)
 
 Google	28	9108	1
 
diff --git a/tests/result/imap-starttls.pcap.out b/tests/result/imap-starttls.pcap.out
index 65dd10236..8158a847f 100644
--- a/tests/result/imap-starttls.pcap.out
+++ b/tests/result/imap-starttls.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	10	(10.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 193 (193.00 diss/flow)
+Num dissector calls: 192 (192.00 diss/flow)
 
 IMAPS	32	7975	1
 
diff --git a/tests/result/instagram.pcap.out b/tests/result/instagram.pcap.out
index c5ea01f7f..74fa6bad6 100644
--- a/tests/result/instagram.pcap.out
+++ b/tests/result/instagram.pcap.out
@@ -7,7 +7,7 @@ Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 30 (flows)
-Num dissector calls: 2069 (54.45 diss/flow)
+Num dissector calls: 2042 (53.74 diss/flow)
 
 Unknown	1	66	1
 HTTP	116	91784	6
diff --git a/tests/result/irc.pcap.out b/tests/result/irc.pcap.out
index bb49ebbfe..f8a32d808 100644
--- a/tests/result/irc.pcap.out
+++ b/tests/result/irc.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (TCP):	7	(7.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 168 (168.00 diss/flow)
+Num dissector calls: 169 (169.00 diss/flow)
 
 IRC	29	8945	1
 
diff --git a/tests/result/mongo_false_positive.pcapng.out b/tests/result/mongo_false_positive.pcapng.out
index 7b369de91..decbd9361 100644
--- a/tests/result/mongo_false_positive.pcapng.out
+++ b/tests/result/mongo_false_positive.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	26	(26.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 413 (413.00 diss/flow)
+Num dissector calls: 414 (414.00 diss/flow)
 
 TLS	26	12163	1
 
diff --git a/tests/result/oracle12.pcapng.out b/tests/result/oracle12.pcapng.out
index 50adb743b..250c7ca2e 100644
--- a/tests/result/oracle12.pcapng.out
+++ b/tests/result/oracle12.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	20	(20.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 304 (304.00 diss/flow)
+Num dissector calls: 305 (305.00 diss/flow)
 
 Oracle	20	2518	1
 
diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out
index b933d21c2..a5debdcb5 100644
--- a/tests/result/skype.pcap.out
+++ b/tests/result/skype.pcap.out
@@ -7,7 +7,7 @@ Confidence Unknown          : 61 (flows)
 Confidence Match by port    : 27 (flows)
 Confidence Match by IP      : 1 (flows)
 Confidence DPI              : 204 (flows)
-Num dissector calls: 31948 (109.04 diss/flow)
+Num dissector calls: 31972 (109.12 diss/flow)
 
 Unknown	1575	272476	61
 DNS	2	267	1
diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out
index 705fd30fd..4ec4425f6 100644
--- a/tests/result/skype_no_unknown.pcap.out
+++ b/tests/result/skype_no_unknown.pcap.out
@@ -6,7 +6,7 @@ DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Unknown          : 45 (flows)
 Confidence Match by port    : 22 (flows)
 Confidence DPI              : 200 (flows)
-Num dissector calls: 26144 (97.92 diss/flow)
+Num dissector calls: 26166 (98.00 diss/flow)
 
 Unknown	850	152468	45
 DNS	2	267	1
diff --git a/tests/result/socks-http-example.pcap.out b/tests/result/socks-http-example.pcap.out
index 62bfccf7a..0cc599ddd 100644
--- a/tests/result/socks-http-example.pcap.out
+++ b/tests/result/socks-http-example.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	29	(9.67 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 514 (171.33 diss/flow)
+Num dissector calls: 515 (171.67 diss/flow)
 
 SOCKS	46	8383	3
 
diff --git a/tests/result/tinc.pcap.out b/tests/result/tinc.pcap.out
index 698ef2848..7715e523c 100644
--- a/tests/result/tinc.pcap.out
+++ b/tests/result/tinc.pcap.out
@@ -4,7 +4,7 @@ DPI Packets (TCP):	19	(9.50 pkts/flow)
 DPI Packets (UDP):	2	(1.00 pkts/flow)
 Confidence DPI (cache)      : 2 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 555 (138.75 diss/flow)
+Num dissector calls: 556 (139.00 diss/flow)
 
 TINC	317	352291	4
 
diff --git a/tests/result/tls_false_positives.pcapng.out b/tests/result/tls_false_positives.pcapng.out
index ff2734ca3..952f5ee50 100644
--- a/tests/result/tls_false_positives.pcapng.out
+++ b/tests/result/tls_false_positives.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	30	(30.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 409 (409.00 diss/flow)
+Num dissector calls: 410 (410.00 diss/flow)
 
 Unknown	30	37313	1
 
diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out
index f47f1a8c4..78e6cced9 100644
--- a/tests/result/waze.pcap.out
+++ b/tests/result/waze.pcap.out
@@ -5,7 +5,7 @@ DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 9 (flows)
 Confidence DPI              : 23 (flows)
-Num dissector calls: 885 (26.82 diss/flow)
+Num dissector calls: 890 (26.97 diss/flow)
 
 Unknown	10	786	1
 HTTP	65	64777	8
diff --git a/tests/result/z3950.pcapng.out b/tests/result/z3950.pcapng.out
index 40b158e4b..afd8f62d6 100644
--- a/tests/result/z3950.pcapng.out
+++ b/tests/result/z3950.pcapng.out
@@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	26	(13.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 493 (246.50 diss/flow)
+Num dissector calls: 494 (247.00 diss/flow)
 
 Z3950	31	6308	2
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2022-07-24 17:46:24 +0200
committer	GitHub <noreply@github.com>	2022-07-24 17:46:24 +0200
commit	e6b332aa4a1399e33df68998cf8351bccaee3fc4 (patch)
tree	3fd8ebf02b0af5334b203055e22e4fe139f0cbf4 /tests
parent	523f22b942b1649272e7b89000d25db6278aa1b0 (diff)