diff options
158 files changed, 341 insertions, 206 deletions
diff --git a/doc/protocols.rst b/doc/protocols.rst index d4b813017..ef3846d80 100644 --- a/doc/protocols.rst +++ b/doc/protocols.rst @@ -8,10 +8,10 @@ Work in progress! .. _Proto 72: `NDPI_PROTOCOL_HART_IP` -============================ +======================= Highway Addressable Remote Transducer over IP -References: `Protocol Specs: <https://library.fieldcommgroup.org/20085/TS20085>`_. +References: `Protocol Specs: <https://library.fieldcommgroup.org/20085/TS20085>`_ .. _Proto 96: @@ -26,19 +26,19 @@ References: `RFC1350 <https://datatracker.ietf.org/doc/html/rfc1350>`_ and `RFC2 .. _Proto 127: `NDPI_PROTOCOL_MS_RPCH` -==================== +======================= A Remote Procedure Call protocol over HTTP from Microsoft. -References: `Protocol Specs: <https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rpch/c0f4c9c5-1a61-4d10-b8e2-005378d1d212`_. +References: `Protocol Specs: <https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rpch/c0f4c9c5-1a61-4d10-b8e2-005378d1d212`_ .. _Proto 201: `NDPI_PROTOCOL_GOOGLE_MEET` -==================== +=========================== Google Meet is a video conferencing service from Google. -References: `Main site: <https://meet.google.com/>`_. +References: `Main site: <https://meet.google.com/>`_ .. _Proto 338: @@ -47,7 +47,7 @@ References: `Main site: <https://meet.google.com/>`_. ==================== The Secure Real-time Transport Protocol (SRTP) is a profile for Real-time Transport Protocol (RTP) intended to provide encryption, message authentication, integrity, and replay attack protection to the RTP data. -References: `RFC3711 <https://datatracker.ietf.org/doc/html/rfc3711>`_. +References: `RFC3711 <https://datatracker.ietf.org/doc/html/rfc3711>`_ Notes: @@ -61,7 +61,7 @@ Notes: ========================= Opera VPN is a free VPN included with Opera Browser. -References: `Main site <https://www.opera.com/it/features/free-vpn>`_. +References: `Main site <https://www.opera.com/it/features/free-vpn>`_ .. _Proto 340: @@ -70,7 +70,7 @@ References: `Main site <https://www.opera.com/it/features/free-vpn>`_. ========================= Epic Games is a video game company developing the Unreal Engine and some successful games as Fortnite and Gears of War. -References: `Main site <https://store.epicgames.com/en-US/>`_ and `Fortnite <https://www.fortnite.com/>`_. +References: `Main site <https://store.epicgames.com/en-US/>`_ and `Fortnite <https://www.fortnite.com/>`_ .. _Proto 341: @@ -79,7 +79,7 @@ References: `Main site <https://store.epicgames.com/en-US/>`_ and `Fortnite <htt ========================== GeForce Now is the brand used by Nvidia for its cloud gaming service. -References: `Main site <https://www.nvidia.com/en-us/geforce-now/>`_. +References: `Main site <https://www.nvidia.com/en-us/geforce-now/>`_ .. _Proto 342: @@ -88,7 +88,7 @@ References: `Main site <https://www.nvidia.com/en-us/geforce-now/>`_. ====================== Generic web traffic from Nvidia sites. -References: `Main site <https://www.nvidia.com>`_. +References: `Main site <https://www.nvidia.com>`_ .. _Proto 343: @@ -97,7 +97,7 @@ References: `Main site <https://www.nvidia.com>`_. ======================= Bitcoin is one of the most common crypto currencies. -References: `Main site <https://en.bitcoin.it/wiki/Protocol_documentation>`_. +References: `Main site <https://en.bitcoin.it/wiki/Protocol_documentation>`_ Notes: @@ -112,7 +112,7 @@ Notes: ========================= Proton VPN is a VPN service operated by the Swiss company Proton AG, the company behind the email service Proton Mail -References: `Main site <https://protonvpn.com/>`_. +References: `Main site <https://protonvpn.com/>`_ .. _Proto 345: @@ -121,7 +121,7 @@ References: `Main site <https://protonvpn.com/>`_. ====================== Apache Thrift is a generic data interchange framework that supports a bunch of different languages and platforms. -References: `Official site <https://thrift.apache.org>`_ and `Github <https://github.com/apache/thrift>`_. +References: `Official site <https://thrift.apache.org>`_ and `Github <https://github.com/apache/thrift>`_ .. _Proto 346: @@ -130,7 +130,7 @@ References: `Official site <https://thrift.apache.org>`_ and `Github <https://gi ====================== Roblox is an online game platform and game creation system. -References: `Main site <https://www.roblox.com/>`_. +References: `Main site <https://www.roblox.com/>`_ Notes: @@ -143,7 +143,7 @@ Notes: ================================ The Service Location Protocol is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration. -References: `SLPv1 <https://datatracker.ietf.org/doc/html/rfc2165>`_ and `SLPv2 <https://datatracker.ietf.org/doc/html/rfc2608>`_. +References: `SLPv1 <https://datatracker.ietf.org/doc/html/rfc2165>`_ and `SLPv2 <https://datatracker.ietf.org/doc/html/rfc2608>`_ .. _Proto 348: @@ -152,7 +152,7 @@ References: `SLPv1 <https://datatracker.ietf.org/doc/html/rfc2165>`_ and `SLPv2 ======================= Mullvad is a VPN service operated by Mullvad VPN AB, based in Sweden -References: `Main site <https://mullvad.net/>`_. +References: `Main site <https://mullvad.net/>`_ .. _Proto 349: @@ -161,7 +161,7 @@ References: `Main site <https://mullvad.net/>`_. ===================== HTTP/2 (originally named HTTP/2.0) is a major revision of the HTTP network protocol used by the World Wide Web. -References: `RFC <https://datatracker.ietf.org/doc/html/rfc9113>`_. +References: `RFC <https://datatracker.ietf.org/doc/html/rfc9113>`_ Notes: @@ -174,7 +174,7 @@ Notes: ======================= HAProxy is a free and open source software that provides a high availability load balancer and reverse proxy for TCP and HTTP-based applications that spreads requests across multiple servers. -References: `Main site: <https://www.haproxy.org>`_. +References: `Main site: <https://www.haproxy.org>`_ .. _Proto 351: @@ -183,7 +183,7 @@ References: `Main site: <https://www.haproxy.org>`_. ==================== The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware (BIOS or UEFI) and operating system. -References: `Protocol Specs: <https://www.dmtf.org/sites/default/files/standards/documents/DSP0114.pdf>`_. +References: `Protocol Specs: <https://www.dmtf.org/sites/default/files/standards/documents/DSP0114.pdf>`_ .. _Proto 352: @@ -192,7 +192,7 @@ References: `Protocol Specs: <https://www.dmtf.org/sites/default/files/standards =================== Controller Area Network (CAN) is used extensively in automotive applications, with in excess of 400 million CAN enabled microcontrollers manufactured each year. -References: `Protocol Specs: <https://www.iso.org/standard/63648.html>`_. +References: `Protocol Specs: <https://www.iso.org/standard/63648.html>`_ .. _Proto 353: @@ -201,7 +201,7 @@ References: `Protocol Specs: <https://www.iso.org/standard/63648.html>`_. ======================== Protocol Buffers (Protobuf) is a free and open-source cross-platform data format used to serialize structured data. -References: `Encoding: <https://protobuf.dev/programming-guides/encoding>`_. +References: `Encoding: <https://protobuf.dev/programming-guides/encoding>`_ .. _Proto 354: @@ -210,8 +210,7 @@ References: `Encoding: <https://protobuf.dev/programming-guides/encoding>`_. ======================= Ethereum is a decentralized, open-source blockchain with smart contract functionality. -References: `Main site <https://ethereum.org/en/developers/docs/intro-to-ethereum/>`_. - +References: `Main site <https://ethereum.org/en/developers/docs/intro-to-ethereum/>`_ Notes: @@ -224,7 +223,7 @@ Notes: ============================ Audio/video calls made using the telegram app. -References: `Wikipedia <https://en.wikipedia.org/wiki/telegram_(software)/>`_. +References: `Wikipedia <https://en.wikipedia.org/wiki/telegram_(software)/>`_ .. _Proto 356: @@ -233,7 +232,7 @@ References: `Wikipedia <https://en.wikipedia.org/wiki/telegram_(software)/>`_. ============================ Chinese microblogging (weibo) website. -References: `Wikipedia <https://en.wikipedia.org/wiki/Sina_Weibo>`_. +References: `Wikipedia <https://en.wikipedia.org/wiki/Sina_Weibo>`_ .. _Proto 358: @@ -242,7 +241,7 @@ References: `Wikipedia <https://en.wikipedia.org/wiki/Sina_Weibo>`_. ============================ IEEE 1588-2008 Precision Time Protocol (PTP) Version 2. -References: `Protocol Specs: <https://standards.ieee.org/ieee/1588/4355/>`_. +References: `Protocol Specs: <https://standards.ieee.org/ieee/1588/4355/>`_ .. _Proto 359: @@ -251,7 +250,7 @@ References: `Protocol Specs: <https://standards.ieee.org/ieee/1588/4355/>`_. ============================ Real-Time Publish Subscribe Protocol -References: `Protocol Specs: <https://www.omg.org/spec/DDSI-RTPS/>`_. +References: `Protocol Specs: <https://www.omg.org/spec/DDSI-RTPS/>`_ .. _Proto 360: @@ -260,7 +259,7 @@ References: `Protocol Specs: <https://www.omg.org/spec/DDSI-RTPS/>`_. ============================ IEC62541 OPC Unified Architecture -References: `Protocol Specs: <https://reference.opcfoundation.org/>`_. +References: `Protocol Specs: <https://reference.opcfoundation.org/>`_ .. _Proto 361: @@ -270,7 +269,7 @@ References: `Protocol Specs: <https://reference.opcfoundation.org/>`_. A proprietary protocol from Siemens used for data exchange between PLCs and access PLC data via SCADA systems. Completely different from classic S7Comm, but also uses TPKT/COTP as a transport. -References: `Unofficial description: <https://plc4x.apache.org/protocols/s7/s7comm-plus.html>`_. +References: `Unofficial description: <https://plc4x.apache.org/protocols/s7/s7comm-plus.html>`_ .. _Proto 362: @@ -279,7 +278,7 @@ References: `Unofficial description: <https://plc4x.apache.org/protocols/s7/s7co ============================ Factory Interface Network Service (FINS) is a network protocol used by Omron PLCs. -References: `Protocol Specs: <https://assets.omron.eu/downloads/manual/en/v4/w421_cj1w-etn21_cs1w-etn21_ethernet_units_-_construction_of_applications_operation_manual_en.pdf>`_. +References: `Protocol Specs: <https://assets.omron.eu/downloads/manual/en/v4/w421_cj1w-etn21_cs1w-etn21_ethernet_units_-_construction_of_applications_operation_manual_en.pdf>`_ .. _Proto 363: @@ -288,7 +287,7 @@ References: `Protocol Specs: <https://assets.omron.eu/downloads/manual/en/v4/w42 ============================ Ether-S-I/O is a proprietary protocol used by Saia-Burgess's PLCs. -References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSIO.md>`_. +References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSIO.md>`_ .. _Proto 364: @@ -297,7 +296,7 @@ References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSIO.md>`_. ============================ UMAS is a proprietary Schneider Electric protocol based on Modbus. It's used in Modicon M580 and Modicon M340 CPU-based PLCs. -References: `Unofficial article: <https://ics-cert.kaspersky.com/publications/reports/2022/09/29/the-secrets-of-schneider-electrics-umas-protocol/>`_. +References: `Unofficial article: <https://ics-cert.kaspersky.com/publications/reports/2022/09/29/the-secrets-of-schneider-electrics-umas-protocol/>`_ .. _Proto 365: @@ -306,17 +305,16 @@ References: `Unofficial article: <https://ics-cert.kaspersky.com/publications/re ============================ Automation Device Specification is the protocol used for interfacing with Beckhoff PLCs via TwinCAT. -References: `Protocol Specs: <https://infosys.beckhoff.com/english.php?content=../content/1033/tc3_ads_intro/115847307.html>`_. +References: `Protocol Specs: <https://infosys.beckhoff.com/english.php?content=../content/1033/tc3_ads_intro/115847307.html>`_ .. _Proto 366: `NDPI_PROTOCOL_ISO9506_1_MMS` ============================ -The international standard MMS (Manufacturing Message Specification) is an OSI application layer messaging protocol origionally designed for the remote control and monitoring of devices such as Remote Terminal Units (RTU), -Programmable Logic Controllers (PLC), Numerical Controllers (NC), or Robot Controllers (RC). +The international standard MMS (Manufacturing Message Specification) is an OSI application layer messaging protocol origionally designed for the remote control and monitoring of devices such as Remote Terminal Units (RTU), Programmable Logic Controllers (PLC), Numerical Controllers (NC), or Robot Controllers (RC). -References: `Paid Specs: <https://www.iso.org/ru/standard/37079.html>`_. +References: `Paid Specs: <https://www.iso.org/ru/standard/37079.html>`_ .. _Proto 367: @@ -325,7 +323,7 @@ References: `Paid Specs: <https://www.iso.org/ru/standard/37079.html>`_. ============================ IEEE Standard for Synchrophasor Data Transfer for Power Systems -References: `Paid Specs: <https://standards.ieee.org/ieee/C37.118.1/4902/>`_. +References: `Paid Specs: <https://standards.ieee.org/ieee/C37.118.1/4902/>`_ .. _Proto 368: @@ -334,7 +332,7 @@ References: `Paid Specs: <https://standards.ieee.org/ieee/C37.118.1/4902/>`_. ============================ Ether-S-Bus is a proprietary protocol used for the communication with and between PLCs manufactured by Saia-Burgess Controls Ltd. -References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSBus>`_. +References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSBus>`_ .. _Proto 369: @@ -350,16 +348,16 @@ Monero is a private and decentralized cryptocurrency with focus on confidentiali ====================== DCE/RPC is a specification for a remote procedure call mechanism that defines both APIs and an over-the-network protocol. -References: `Wireshark wiki: <https://wiki.wireshark.org/DCE/RPC>`_. +References: `Wireshark wiki: <https://wiki.wireshark.org/DCE/RPC>`_ .. _Proto 371: `NDPI_PROTOCOL_PROFINET_IO` -====================== +=========================== PROFINET/IO is a field bus protocol based on connectionless DCE/RPC. -References: `Protocol Specs: <https://www.profibus.com/download/profinet-specification>`_. +References: `Protocol Specs: <https://www.profibus.com/download/profinet-specification>`_ .. _Proto 372: @@ -368,13 +366,13 @@ References: `Protocol Specs: <https://www.profibus.com/download/profinet-specifi ====================== High-Speed LAN Instrument Protocol (HiSLIP) is a protocol for remote instrument control of LAN-based test and measurement instruments. -References: `Protocol Specs: <https://www.ivifoundation.org/downloads/Protocol%20Specifications/IVI-6.1_HiSLIP-2.0-2020-04-23.pdf>`_. +References: `Protocol Specs: <https://www.ivifoundation.org/downloads/Protocol%20Specifications/IVI-6.1_HiSLIP-2.0-2020-04-23.pdf>`_ .. _Proto 373: `NDPI_PROTOCOL_UFTP` -====================== +==================== Encrypted UDP based FTP with multicast. References: `Protocol Specs: <https://uftp-multicast.sourceforge.net/protocol.txt>`_. @@ -383,19 +381,19 @@ References: `Protocol Specs: <https://uftp-multicast.sourceforge.net/protocol.tx .. _Proto 374: `NDPI_PROTOCOL_OPENFLOW` -====================== +======================== OpenFlow protocol is a network protocol closely associated with Software-Defined Networking (SDN). -References: `Protocol Specs: <https://opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf>`_. +References: `Protocol Specs: <https://opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf>`_ .. _Proto 375: `NDPI_PROTOCOL_JSON_RPC` -====================== +======================== JSON-RPC is a remote procedure call protocol encoded in JSON. -References: `Protocol Specs: <https://www.jsonrpc.org/specification>`_. +References: `Protocol Specs: <https://www.jsonrpc.org/specification>`_ .. _Proto 376: @@ -404,7 +402,7 @@ References: `Protocol Specs: <https://www.jsonrpc.org/specification>`_. ====================== WebDAV is a set of extensions to the HTTP protocol that allows WebDAV clients to collaboratively edit and manage files on remote Web servers. -References: `RFC4918: <https://datatracker.ietf.org/doc/html/rfc4918>`_. +References: `RFC4918: <https://datatracker.ietf.org/doc/html/rfc4918>`_ Notes: @@ -414,16 +412,29 @@ Notes: .. _Proto 377: `NDPI_PROTOCOL_APACHE_KAFKA` -====================== +============================ Apache Kafka is a distributed event store and stream-processing platform. -References: `Official site <https://kafka.apache.org>`_ and `Github <https://github.com/apache/kafka>`_. +References: `Official site <https://kafka.apache.org>`_ and `Github <https://github.com/apache/kafka>`_ .. _Proto 378: `NDPI_PROTOCOL_NOMACHINE` -====================== +========================= NoMachine is a popular proprietary remote desktop software. -References: `Main site <https://www.nomachine.com/>`_. +References: `Main site <https://www.nomachine.com/>`_ + + +.. _Proto 379: + +`NDPI_PROTOCOL_IEC62056` +============================ +IEC 62056-4-7 DLMS/COSEM is a transport layer for IP networks. + +References: `Paid Specs: <https://webstore.iec.ch/publication/22487>`_ + +Notes: + +- Wireshark is not able to recognize this protocol. Some old plugins/code (with some documentation) are available `here <https://github.com/bearxiong99/wireshark-dlms>` and `here <https://github.com/matousp/dlms-analysis/tree/master>`. diff --git a/fuzz/fuzz_alg_crc32_md5.c b/fuzz/fuzz_alg_crc32_md5.c index 8f5ee36c0..265bc0417 100644 --- a/fuzz/fuzz_alg_crc32_md5.c +++ b/fuzz/fuzz_alg_crc32_md5.c @@ -12,6 +12,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_crc16_ccit(data, size); ndpi_crc16_ccit_false(data, size); ndpi_crc16_xmodem(data, size); + ndpi_crc16_x25(data, size); ndpi_crc32(data, size); ndpi_md5(data, size, hash); diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index c7da8d8a9..7238b04b3 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -1793,6 +1793,7 @@ extern "C" { u_int16_t ndpi_crc16_ccit(const void* data, size_t n_bytes); u_int16_t ndpi_crc16_ccit_false(const void *data, size_t n_bytes); u_int16_t ndpi_crc16_xmodem(const void *data, size_t n_bytes); + u_int16_t ndpi_crc16_x25(const void* data, size_t n_bytes); u_int32_t ndpi_crc32(const void* data, size_t n_bytes); u_int32_t ndpi_nearest_power_of_two(u_int32_t x); diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 8a1559403..954960554 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -407,6 +407,7 @@ typedef enum { NDPI_PROTOCOL_WEBDAV = 376, NDPI_PROTOCOL_APACHE_KAFKA = 377, NDPI_PROTOCOL_NOMACHINE = 378, + NDPI_PROTOCOL_IEC62056 = 379, #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h" diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c index 198aa4f9f..d1b1c38ec 100644 --- a/src/lib/ndpi_analyze.c +++ b/src/lib/ndpi_analyze.c @@ -1833,6 +1833,15 @@ u_int16_t ndpi_crc16_xmodem(const void *data, size_t n_bytes) { return __crc16(0, data, n_bytes); } +u_int16_t ndpi_crc16_x25(const void* data, size_t n_bytes) { + u_int16_t crc = 0xFFFF; + u_int8_t* b = (u_int8_t*)data; + while (n_bytes--) { + crc = (crc >> 8) ^ crc16_ccitt_table[(crc ^ *b++) & 0xFF]; + } + return (crc ^ 0xFFFF); +} + /* ********************************************************** */ /* http://home.thep.lu.se/~bjorn/crc/crc32_fast.c */ /* ********************************************************** */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index aa497b685..9f32c8c8b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2222,6 +2222,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp "NoMachine", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, ndpi_build_default_ports(ports_a, 4000, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 4000, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IEC62056, + "IEC62056", NDPI_PROTOCOL_CATEGORY_IOT_SCADA, + ndpi_build_default_ports(ports_a, 4059, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 4059, 0, 0, 0, 0) /* UDP */); #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main.c" @@ -5731,6 +5735,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { /* NoMachine */ init_nomachine_dissector(ndpi_str, &a); + /* IEC 62056 */ + init_iec62056_dissector(ndpi_str, &a); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif diff --git a/src/lib/ndpi_private.h b/src/lib/ndpi_private.h index a14a87635..8e0705ce7 100644 --- a/src/lib/ndpi_private.h +++ b/src/lib/ndpi_private.h @@ -641,6 +641,7 @@ void init_openflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u void init_json_rpc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_kafka_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_nomachine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_iec62056_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); #endif diff --git a/src/lib/protocols/iec62056.c b/src/lib/protocols/iec62056.c new file mode 100644 index 000000000..10542c7ba --- /dev/null +++ b/src/lib/protocols/iec62056.c @@ -0,0 +1,74 @@ +/* + * iec62056.c + * + * IEC 62056-4-7 DLMS/COSEM transport layer for IP networks + * + * Copyright (C) 2023 - ntop.org + * Copyright (C) 2023 - V.G <jacendi@protonmail.com> + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IEC62056 + +#include "ndpi_api.h" +#include "ndpi_private.h" + +static void ndpi_int_iec62056_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + NDPI_LOG_INFO(ndpi_struct, "found IEC62056\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, + NDPI_PROTOCOL_IEC62056, NDPI_PROTOCOL_UNKNOWN, + NDPI_CONFIDENCE_DPI); +} + +static void ndpi_search_iec62056(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct const * const packet = &ndpi_struct->packet; + + NDPI_LOG_DBG(ndpi_struct, "search IEC62056\n"); + + if (packet->payload_packet_len > 8 && /* Smallest suitable packet (SNRM request) is 9 bytes long */ + packet->payload[0] == 0x7E && packet->payload[1] == 0xA0 && /* HDLC frame start */ + packet->payload[packet->payload_packet_len-1] == 0x7E) /* HDLC frame end */ + { + u_int16_t fcs = le16toh(ndpi_crc16_x25(&packet->payload[1], packet->payload_packet_len-4)); + if (fcs == get_u_int16_t(packet->payload, packet->payload_packet_len-3)) { + ndpi_int_iec62056_add_connection(ndpi_struct, flow); + return; + } + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + +void init_iec62056_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id) +{ + ndpi_set_bitmask_protocol_detection("IEC62056", ndpi_struct, *id, + NDPI_PROTOCOL_IEC62056, + ndpi_search_iec62056, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} diff --git a/tests/cfgs/caches_cfg/result/ookla.pcap.out b/tests/cfgs/caches_cfg/result/ookla.pcap.out index bb8d44e24..3932e48bc 100644 --- a/tests/cfgs/caches_cfg/result/ookla.pcap.out +++ b/tests/cfgs/caches_cfg/result/ookla.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 40 (6.67 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 546 (91.00 diss/flow) +Num dissector calls: 549 (91.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/caches_cfg/result/teams.pcap.out b/tests/cfgs/caches_cfg/result/teams.pcap.out index 8e99536a4..57373b776 100644 --- a/tests/cfgs/caches_cfg/result/teams.pcap.out +++ b/tests/cfgs/caches_cfg/result/teams.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 80 (flows) -Num dissector calls: 528 (6.36 diss/flow) +Num dissector calls: 530 (6.39 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/pcap/dlms.pcap b/tests/cfgs/default/pcap/dlms.pcap Binary files differnew file mode 100644 index 000000000..f7b433e1a --- /dev/null +++ b/tests/cfgs/default/pcap/dlms.pcap diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index afda1d371..5835d9a01 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 120 (1.21 pkts/flow) Confidence Unknown : 14 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4773 (24.23 diss/flow) +Num dissector calls: 4790 (24.31 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/60/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/443-chrome.pcap.out b/tests/cfgs/default/result/443-chrome.pcap.out index 5f83c0401..02b472ed1 100644 --- a/tests/cfgs/default/result/443-chrome.pcap.out +++ b/tests/cfgs/default/result/443-chrome.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 135 (135.00 diss/flow) +Num dissector calls: 136 (136.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/443-opvn.pcap.out b/tests/cfgs/default/result/443-opvn.pcap.out index e6145b1a5..f152c7139 100644 --- a/tests/cfgs/default/result/443-opvn.pcap.out +++ b/tests/cfgs/default/result/443-opvn.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 136 (136.00 diss/flow) +Num dissector calls: 137 (137.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/4in4tunnel.pcap.out b/tests/cfgs/default/result/4in4tunnel.pcap.out index d35393fcd..a85f40206 100644 --- a/tests/cfgs/default/result/4in4tunnel.pcap.out +++ b/tests/cfgs/default/result/4in4tunnel.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 5 (5.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 190 (190.00 diss/flow) +Num dissector calls: 191 (191.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/6in6tunnel.pcap.out b/tests/cfgs/default/result/6in6tunnel.pcap.out index f2893e636..b82265671 100644 --- a/tests/cfgs/default/result/6in6tunnel.pcap.out +++ b/tests/cfgs/default/result/6in6tunnel.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 139 (139.00 diss/flow) +Num dissector calls: 140 (140.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/EAQ.pcap.out b/tests/cfgs/default/result/EAQ.pcap.out index 4a38dfe57..7ff857fc2 100644 --- a/tests/cfgs/default/result/EAQ.pcap.out +++ b/tests/cfgs/default/result/EAQ.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 116 (4.00 pkts/flow) Confidence DPI : 31 (flows) -Num dissector calls: 4718 (152.19 diss/flow) +Num dissector calls: 4747 (153.13 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 364bdf504..ddaff16c9 100644 --- a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 7 (1.40 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 148 (29.60 diss/flow) +Num dissector calls: 149 (29.80 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out index 60c29cb27..e86fb4e77 100644 --- a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 36 (2.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 5 (flows) Confidence DPI : 33 (flows) -Num dissector calls: 571 (15.03 diss/flow) +Num dissector calls: 573 (15.08 diss/flow) LRU cache ookla: 0/1/0 (insert/search/found) LRU cache bittorrent: 0/15/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out index 43b1615f6..d7ae8fc57 100644 --- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence Match by port : 8 (flows) Confidence DPI : 11 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1169 (58.45 diss/flow) +Num dissector calls: 1175 (58.75 diss/flow) LRU cache ookla: 0/2/0 (insert/search/found) LRU cache bittorrent: 0/27/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/Oscar.pcap.out b/tests/cfgs/default/result/Oscar.pcap.out index 5c274d267..75985551c 100644 --- a/tests/cfgs/default/result/Oscar.pcap.out +++ b/tests/cfgs/default/result/Oscar.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 21 (21.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 265 (265.00 diss/flow) +Num dissector calls: 266 (266.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out index 513772060..c53a7d376 100644 --- a/tests/cfgs/default/result/alexa-app.pcapng.out +++ b/tests/cfgs/default/result/alexa-app.pcapng.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 64 (1.94 pkts/flow) DPI Packets (other): 6 (1.00 pkts/flow) Confidence Match by port : 14 (flows) Confidence DPI : 146 (flows) -Num dissector calls: 530 (3.31 diss/flow) +Num dissector calls: 531 (3.32 diss/flow) LRU cache ookla: 0/5/0 (insert/search/found) LRU cache bittorrent: 0/42/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/amqp.pcap.out b/tests/cfgs/default/result/amqp.pcap.out index 922d82ce1..6d1b8f28a 100644 --- a/tests/cfgs/default/result/amqp.pcap.out +++ b/tests/cfgs/default/result/amqp.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 9 (3.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 384 (128.00 diss/flow) +Num dissector calls: 385 (128.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index 10dc53f1f..1300115aa 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 61 (flows) -Num dissector calls: 864 (12.52 diss/flow) +Num dissector calls: 866 (12.55 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out b/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out index 7fffea6c5..1dee94955 100644 --- a/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out +++ b/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 10 (10.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 240 (240.00 diss/flow) +Num dissector calls: 241 (241.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 5/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/cassandra.pcap.out b/tests/cfgs/default/result/cassandra.pcap.out index 191889306..904589518 100644 --- a/tests/cfgs/default/result/cassandra.pcap.out +++ b/tests/cfgs/default/result/cassandra.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 16 (8.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 324 (162.00 diss/flow) +Num dissector calls: 326 (163.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/cloudflare-warp.pcap.out b/tests/cfgs/default/result/cloudflare-warp.pcap.out index 83ccd218e..75bd0042e 100644 --- a/tests/cfgs/default/result/cloudflare-warp.pcap.out +++ b/tests/cfgs/default/result/cloudflare-warp.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 41 (5.12 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 5 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 194 (24.25 diss/flow) +Num dissector calls: 195 (24.38 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/collectd.pcap.out b/tests/cfgs/default/result/collectd.pcap.out index 017eaf7f8..f00f56b4e 100644 --- a/tests/cfgs/default/result/collectd.pcap.out +++ b/tests/cfgs/default/result/collectd.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 13 (1.62 pkts/flow) Confidence Match by port : 3 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 447 (55.88 diss/flow) +Num dissector calls: 450 (56.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out index 3756194c1..154106dcf 100644 --- a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out @@ -27,8 +27,8 @@ CustomProtocolF 1 1287 1 CustomProtocolG 1 318 1 CustomProtocolH 1 318 1 - 1 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 389/CustomProtocolE][IP: 389/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 2 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 390/CustomProtocolF][IP: 390/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] - 3 UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 388/CustomProtocolD][IP: 388/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 4 UDP [fe80::76ac:b9ff:fe6c:c124]:12717 -> [ff02::1]:64315 [proto: 391/CustomProtocolG][IP: 391/CustomProtocolG][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 5 UDP [fe80::76ac:b9ff:fe6c:c124]:12718 -> [ff02::1]:26993 [proto: 392/CustomProtocolH][IP: 392/CustomProtocolH][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 390/CustomProtocolE][IP: 390/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 2 UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 391/CustomProtocolF][IP: 391/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0] + 3 UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 389/CustomProtocolD][IP: 389/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP [fe80::76ac:b9ff:fe6c:c124]:12717 -> [ff02::1]:64315 [proto: 392/CustomProtocolG][IP: 392/CustomProtocolG][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 5 UDP [fe80::76ac:b9ff:fe6c:c124]:12718 -> [ff02::1]:26993 [proto: 393/CustomProtocolH][IP: 393/CustomProtocolH][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out index 2e5c65cc0..5386a7349 100644 --- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out @@ -25,6 +25,6 @@ CustomProtocolA 3 222 1 CustomProtocolB 2 148 1 Unknown 3 222 1 - 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.385/TLS.CustomProtocolA][IP: 385/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 387/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 386/CustomProtocolB][IP: 386/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.386/TLS.CustomProtocolA][IP: 386/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 388/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 387/CustomProtocolB][IP: 387/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out index 8ade808c9..d2b417a7e 100644 --- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out +++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 125 (125.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out index 6b42286b6..cf3dd4665 100644 --- a/tests/cfgs/default/result/discord.pcap.out +++ b/tests/cfgs/default/result/discord.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 5 (5.00 pkts/flow) DPI Packets (UDP): 60 (1.82 pkts/flow) Confidence DPI : 34 (flows) -Num dissector calls: 4405 (129.56 diss/flow) +Num dissector calls: 4432 (130.35 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord_mid_flow.pcap.out b/tests/cfgs/default/result/discord_mid_flow.pcap.out index b3ee88f8d..598d41941 100644 --- a/tests/cfgs/default/result/discord_mid_flow.pcap.out +++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 160 (160.00 diss/flow) +Num dissector calls: 161 (161.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dlms.pcap.out b/tests/cfgs/default/result/dlms.pcap.out new file mode 100644 index 000000000..5c1c08755 --- /dev/null +++ b/tests/cfgs/default/result/dlms.pcap.out @@ -0,0 +1,28 @@ +DPI Packets (TCP): 4 (4.00 pkts/flow) +DPI Packets (UDP): 1 (1.00 pkts/flow) +Confidence DPI : 2 (flows) +Num dissector calls: 262 (131.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/3/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 2/0 (search/found) +Patricia risk mask IPv6: 0/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia risk IPv6: 0/0 (search/found) +Patricia protocols: 4/0 (search/found) +Patricia protocols IPv6: 0/0 (search/found) + +IEC62056 27 4247 2 + + 1 TCP 192.168.137.20:60797 <-> 192.168.137.189:4060 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][10 pkts/2942 bytes <-> 8 pkts/520 bytes][Goodput ratio: 77/6][0.03 sec][bytes ratio: 0.700 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/2 13/5 4/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/54 294/65 1514/98 458/14][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Plen Bins: 42,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 2 UDP 10.1.1.1:0 -> 10.2.2.2:4059 [proto: 379/IEC62056][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][9 pkts/785 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][< 1 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 87/0 181/0 37/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (01234567)][Plen Bins: 55,22,11,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out index 92ff7d16a..1c63e6eb9 100644 --- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 256 (1.04 pkts/flow) Confidence DPI : 245 (flows) -Num dissector calls: 20496 (83.66 diss/flow) +Num dissector calls: 20507 (83.70 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/513/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v2.pcap.out b/tests/cfgs/default/result/dnscrypt-v2.pcap.out index cc07bc020..99f6193f3 100644 --- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 6 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 420 (140.00 diss/flow) +Num dissector calls: 423 (141.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out index 523f04061..09d61dd09 100644 --- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 141 (141.00 diss/flow) +Num dissector calls: 142 (142.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/edonkey.pcap.out b/tests/cfgs/default/result/edonkey.pcap.out index 57ab87213..69ac2b256 100644 --- a/tests/cfgs/default/result/edonkey.pcap.out +++ b/tests/cfgs/default/result/edonkey.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 5 (5.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 138 (138.00 diss/flow) +Num dissector calls: 139 (139.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/emotet.pcap.out b/tests/cfgs/default/result/emotet.pcap.out index d12cdefaa..2af651209 100644 --- a/tests/cfgs/default/result/emotet.pcap.out +++ b/tests/cfgs/default/result/emotet.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 48 (8.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 208 (34.67 diss/flow) +Num dissector calls: 209 (34.83 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/epicgames.pcapng.out b/tests/cfgs/default/result/epicgames.pcapng.out index bdf478625..65eb486fa 100644 --- a/tests/cfgs/default/result/epicgames.pcapng.out +++ b/tests/cfgs/default/result/epicgames.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 12 (3.00 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 650 (162.50 diss/flow) +Num dissector calls: 654 (163.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fastcgi.pcap.out b/tests/cfgs/default/result/fastcgi.pcap.out index 6b236f223..b5d7373d2 100644 --- a/tests/cfgs/default/result/fastcgi.pcap.out +++ b/tests/cfgs/default/result/fastcgi.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 162 (162.00 diss/flow) +Num dissector calls: 163 (163.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ftp-start-tls.pcap.out b/tests/cfgs/default/result/ftp-start-tls.pcap.out index 5cd781b46..b9536668e 100644 --- a/tests/cfgs/default/result/ftp-start-tls.pcap.out +++ b/tests/cfgs/default/result/ftp-start-tls.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 17 (17.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 164 (164.00 diss/flow) +Num dissector calls: 165 (165.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ftp.pcap.out b/tests/cfgs/default/result/ftp.pcap.out index ad82517e9..5655f30e4 100644 --- a/tests/cfgs/default/result/ftp.pcap.out +++ b/tests/cfgs/default/result/ftp.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 39 (13.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 540 (180.00 diss/flow) +Num dissector calls: 542 (180.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ftp_failed.pcap.out b/tests/cfgs/default/result/ftp_failed.pcap.out index aa6416a33..b4f7480e6 100644 --- a/tests/cfgs/default/result/ftp_failed.pcap.out +++ b/tests/cfgs/default/result/ftp_failed.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 163 (163.00 diss/flow) +Num dissector calls: 164 (164.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index ada9c2a07..1637cb4f9 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 34 (flows) Confidence Match by port : 27 (flows) Confidence DPI : 190 (flows) -Num dissector calls: 6836 (27.24 diss/flow) +Num dissector calls: 6886 (27.43 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/189/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out index bfc476a2c..b80d0d2d0 100644 --- a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 3 (flows) Confidence Match by port : 26 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 1058 (26.45 diss/flow) +Num dissector calls: 1064 (26.60 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/87/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out index 361e88c8d..e5b96fc09 100644 --- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Unknown : 19 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 55 (flows) -Num dissector calls: 2061 (26.77 diss/flow) +Num dissector calls: 2077 (26.97 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/66/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out b/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out index 660a553f4..bf26508d6 100644 --- a/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out +++ b/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 134 (134.00 diss/flow) +Num dissector calls: 135 (135.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index 46d1a66a8..2ea36c4d6 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 389 (flows) Confidence Match by port : 1 (flows) Confidence DPI : 370 (flows) -Num dissector calls: 46721 (61.47 diss/flow) +Num dissector calls: 47030 (61.88 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/1170/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/google_ssl.pcap.out b/tests/cfgs/default/result/google_ssl.pcap.out index b1688a75f..fba68e338 100644 --- a/tests/cfgs/default/result/google_ssl.pcap.out +++ b/tests/cfgs/default/result/google_ssl.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 24 (24.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 204 (204.00 diss/flow) +Num dissector calls: 205 (205.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gtp_false_positive.pcapng.out b/tests/cfgs/default/result/gtp_false_positive.pcapng.out index 5f5239762..92c9a6654 100644 --- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out +++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (UDP): 7 (2.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) -Num dissector calls: 442 (147.33 diss/flow) +Num dissector calls: 445 (148.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/h323.pcap.out b/tests/cfgs/default/result/h323.pcap.out index 66aab9bba..d970a4411 100644 --- a/tests/cfgs/default/result/h323.pcap.out +++ b/tests/cfgs/default/result/h323.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 1 (1.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 127 (63.50 diss/flow) +Num dissector calls: 128 (64.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out index bf7accff8..deb0dca93 100644 --- a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out +++ b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 135 (135.00 diss/flow) +Num dissector calls: 136 (136.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index c68d4f568..04ca8c23a 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (5.92 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 7 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 162 (10.80 diss/flow) +Num dissector calls: 163 (10.87 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/21/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/imap-starttls.pcap.out b/tests/cfgs/default/result/imap-starttls.pcap.out index 1abda3548..800cbc8c3 100644 --- a/tests/cfgs/default/result/imap-starttls.pcap.out +++ b/tests/cfgs/default/result/imap-starttls.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 19 (19.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 214 (214.00 diss/flow) +Num dissector calls: 215 (215.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/imap.pcap.out b/tests/cfgs/default/result/imap.pcap.out index e76368b1b..2ee86d5e9 100644 --- a/tests/cfgs/default/result/imap.pcap.out +++ b/tests/cfgs/default/result/imap.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 214 (214.00 diss/flow) +Num dissector calls: 215 (215.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/imo.pcap.out b/tests/cfgs/default/result/imo.pcap.out index 0262af782..807f438dc 100644 --- a/tests/cfgs/default/result/imo.pcap.out +++ b/tests/cfgs/default/result/imo.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 7 (3.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 317 (158.50 diss/flow) +Num dissector calls: 319 (159.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out index c36fde34a..aed3d4878 100644 --- a/tests/cfgs/default/result/instagram.pcap.out +++ b/tests/cfgs/default/result/instagram.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 7 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1412 (37.16 diss/flow) +Num dissector calls: 1417 (37.29 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out index 613ae451d..0358308e7 100644 --- a/tests/cfgs/default/result/iphone.pcap.out +++ b/tests/cfgs/default/result/iphone.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 55 (1.77 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 50 (flows) -Num dissector calls: 354 (6.94 diss/flow) +Num dissector calls: 355 (6.96 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out index ae7ffcdf5..b5c760c4d 100644 --- a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out +++ b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out @@ -2,7 +2,7 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 122 (61.00 diss/flow) +Num dissector calls: 123 (61.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/irc.pcap.out b/tests/cfgs/default/result/irc.pcap.out index b27949f20..daf93dc49 100644 --- a/tests/cfgs/default/result/irc.pcap.out +++ b/tests/cfgs/default/result/irc.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 168 (168.00 diss/flow) +Num dissector calls: 169 (169.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/iso9506-1-mms.pcap.out b/tests/cfgs/default/result/iso9506-1-mms.pcap.out index 137f30e7e..97e05fbda 100644 --- a/tests/cfgs/default/result/iso9506-1-mms.pcap.out +++ b/tests/cfgs/default/result/iso9506-1-mms.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 7 (7.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 186 (186.00 diss/flow) +Num dissector calls: 187 (187.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/jabber.pcap.out b/tests/cfgs/default/result/jabber.pcap.out index 9fc2ad00a..964881f65 100644 --- a/tests/cfgs/default/result/jabber.pcap.out +++ b/tests/cfgs/default/result/jabber.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 74 (6.17 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1526 (127.17 diss/flow) +Num dissector calls: 1535 (127.92 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/kerberos.pcap.out b/tests/cfgs/default/result/kerberos.pcap.out index a31240857..991cb4abd 100644 --- a/tests/cfgs/default/result/kerberos.pcap.out +++ b/tests/cfgs/default/result/kerberos.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (2.14 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 23 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 4209 (116.92 diss/flow) +Num dissector calls: 4234 (117.61 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/75/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/kontiki.pcap.out b/tests/cfgs/default/result/kontiki.pcap.out index 15e1a27c4..11ad22ee7 100644 --- a/tests/cfgs/default/result/kontiki.pcap.out +++ b/tests/cfgs/default/result/kontiki.pcap.out @@ -2,7 +2,7 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 349 (43.62 diss/flow) +Num dissector calls: 351 (43.88 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/linecall_falsepositve.pcap.out b/tests/cfgs/default/result/linecall_falsepositve.pcap.out index 27252a32c..f4765aac6 100644 --- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out +++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 13 (13.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 216 (216.00 diss/flow) +Num dissector calls: 217 (217.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out index 2a7f73836..c32f1aa12 100644 --- a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out +++ b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 56 (8.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 362 (51.71 diss/flow) +Num dissector calls: 363 (51.86 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out index c91c11db3..9dfd81537 100644 --- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out @@ -2,7 +2,7 @@ DPI Packets (TCP): 9 (3.00 pkts/flow) DPI Packets (UDP): 36 (4.00 pkts/flow) Confidence DPI (cache) : 6 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 785 (65.42 diss/flow) +Num dissector calls: 788 (65.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 25/12/4 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/memcached.cap.out b/tests/cfgs/default/result/memcached.cap.out index 86a97a3da..758b6e82a 100644 --- a/tests/cfgs/default/result/memcached.cap.out +++ b/tests/cfgs/default/result/memcached.cap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 136 (136.00 diss/flow) +Num dissector calls: 137 (137.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/mongo_false_positive.pcapng.out b/tests/cfgs/default/result/mongo_false_positive.pcapng.out index f1d30a8bb..3e4eedce0 100644 --- a/tests/cfgs/default/result/mongo_false_positive.pcapng.out +++ b/tests/cfgs/default/result/mongo_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 14 (14.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 278 (278.00 diss/flow) +Num dissector calls: 279 (279.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/mssql_tds.pcap.out b/tests/cfgs/default/result/mssql_tds.pcap.out index 1d3904e08..9596e4f64 100644 --- a/tests/cfgs/default/result/mssql_tds.pcap.out +++ b/tests/cfgs/default/result/mssql_tds.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 18 (1.50 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 11 (flows) -Num dissector calls: 279 (23.25 diss/flow) +Num dissector calls: 280 (23.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/mullvad_wireguard.pcap.out b/tests/cfgs/default/result/mullvad_wireguard.pcap.out index ebc184abc..a0c740bb7 100644 --- a/tests/cfgs/default/result/mullvad_wireguard.pcap.out +++ b/tests/cfgs/default/result/mullvad_wireguard.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 145 (145.00 diss/flow) +Num dissector calls: 146 (146.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/nest_log_sink.pcap.out b/tests/cfgs/default/result/nest_log_sink.pcap.out index 0ca1d3b2b..9b0793c3b 100644 --- a/tests/cfgs/default/result/nest_log_sink.pcap.out +++ b/tests/cfgs/default/result/nest_log_sink.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 130 (10.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 13 (flows) -Num dissector calls: 1993 (142.36 diss/flow) +Num dissector calls: 2005 (143.21 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/netbios.pcap.out b/tests/cfgs/default/result/netbios.pcap.out index e32bce4bd..d92e23420 100644 --- a/tests/cfgs/default/result/netbios.pcap.out +++ b/tests/cfgs/default/result/netbios.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 2 (2.00 pkts/flow) DPI Packets (UDP): 14 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 14 (flows) -Num dissector calls: 149 (9.93 diss/flow) +Num dissector calls: 150 (10.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/nintendo.pcap.out b/tests/cfgs/default/result/nintendo.pcap.out index 4638478a1..94124e42a 100644 --- a/tests/cfgs/default/result/nintendo.pcap.out +++ b/tests/cfgs/default/result/nintendo.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 15 (flows) Confidence Match by IP : 5 (flows) -Num dissector calls: 1307 (62.24 diss/flow) +Num dissector calls: 1312 (62.48 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/18/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/nntp.pcap.out b/tests/cfgs/default/result/nntp.pcap.out index 5c68b37c9..796b4c2ff 100644 --- a/tests/cfgs/default/result/nntp.pcap.out +++ b/tests/cfgs/default/result/nntp.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 142 (142.00 diss/flow) +Num dissector calls: 143 (143.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ookla.pcap.out b/tests/cfgs/default/result/ookla.pcap.out index 3aa37d8dd..93f91717a 100644 --- a/tests/cfgs/default/result/ookla.pcap.out +++ b/tests/cfgs/default/result/ookla.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 40 (6.67 pkts/flow) Confidence DPI (partial cache): 1 (flows) Confidence DPI : 4 (flows) Confidence DPI (aggressive) : 1 (flows) -Num dissector calls: 546 (91.00 diss/flow) +Num dissector calls: 549 (91.50 diss/flow) LRU cache ookla: 4/2/2 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out b/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out index af2f92f49..a5ed315f9 100644 --- a/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out +++ b/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 159 (159.00 diss/flow) +Num dissector calls: 160 (160.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out index 2222b087f..4837fc964 100644 --- a/tests/cfgs/default/result/openvpn.pcap.out +++ b/tests/cfgs/default/result/openvpn.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 24 (8.00 pkts/flow) DPI Packets (UDP): 15 (3.00 pkts/flow) Confidence DPI : 8 (flows) -Num dissector calls: 1262 (157.75 diss/flow) +Num dissector calls: 1270 (158.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/openvpn_nohmac.pcapng.out b/tests/cfgs/default/result/openvpn_nohmac.pcapng.out index 4ffc6f558..b9fbc34b7 100644 --- a/tests/cfgs/default/result/openvpn_nohmac.pcapng.out +++ b/tests/cfgs/default/result/openvpn_nohmac.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 126 (126.00 diss/flow) +Num dissector calls: 127 (127.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out b/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out index 20f0cbde7..5841e3073 100644 --- a/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out +++ b/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 6 (6.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 136 (136.00 diss/flow) +Num dissector calls: 137 (137.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/oracle12.pcapng.out b/tests/cfgs/default/result/oracle12.pcapng.out index a3d0225a6..4630138ce 100644 --- a/tests/cfgs/default/result/oracle12.pcapng.out +++ b/tests/cfgs/default/result/oracle12.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 20 (20.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 270 (270.00 diss/flow) +Num dissector calls: 271 (271.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out index 7cdffce1c..a559a4347 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 8 (1.33 pkts/flow) DPI Packets (UDP): 9 (2.25 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 745 (74.50 diss/flow) +Num dissector calls: 750 (75.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out index ad251174b..7b33d32f4 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 30 (7.50 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 912 (152.00 diss/flow) +Num dissector calls: 918 (153.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out index 88c2ae024..c23467edd 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 141 (141.00 diss/flow) +Num dissector calls: 142 (142.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/pgsql.pcap.out b/tests/cfgs/default/result/pgsql.pcap.out index fe27d66bd..a997ee767 100644 --- a/tests/cfgs/default/result/pgsql.pcap.out +++ b/tests/cfgs/default/result/pgsql.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 36 (6.00 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 816 (136.00 diss/flow) +Num dissector calls: 822 (137.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/pop3.pcap.out b/tests/cfgs/default/result/pop3.pcap.out index fcb687d36..ee83caa20 100644 --- a/tests/cfgs/default/result/pop3.pcap.out +++ b/tests/cfgs/default/result/pop3.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 83 (13.83 pkts/flow) Confidence DPI : 6 (flows) -Num dissector calls: 1217 (202.83 diss/flow) +Num dissector calls: 1223 (203.83 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/pop3_stls.pcap.out b/tests/cfgs/default/result/pop3_stls.pcap.out index 69d785503..5fb7ca680 100644 --- a/tests/cfgs/default/result/pop3_stls.pcap.out +++ b/tests/cfgs/default/result/pop3_stls.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 18 (18.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 202 (202.00 diss/flow) +Num dissector calls: 203 (203.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out index f688d8f70..1f615b719 100644 --- a/tests/cfgs/default/result/pps.pcap.out +++ b/tests/cfgs/default/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 136 (3.09 pkts/flow) Confidence Unknown : 29 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 5848 (54.65 diss/flow) +Num dissector calls: 5877 (54.93 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/93/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/protobuf.pcap.out b/tests/cfgs/default/result/protobuf.pcap.out index 48d3be95b..184fcb326 100644 --- a/tests/cfgs/default/result/protobuf.pcap.out +++ b/tests/cfgs/default/result/protobuf.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 26 (5.20 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 704 (140.80 diss/flow) +Num dissector calls: 705 (141.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/protonvpn.pcap.out b/tests/cfgs/default/result/protonvpn.pcap.out index c74d03d7a..347716478 100644 --- a/tests/cfgs/default/result/protonvpn.pcap.out +++ b/tests/cfgs/default/result/protonvpn.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 141 (47.00 diss/flow) +Num dissector calls: 142 (47.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index aa4c0a366..85db45f7b 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 12 (1.20 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 9 (flows) -Num dissector calls: 226 (22.60 diss/flow) +Num dissector calls: 227 (22.70 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out index b114e420a..d4a90d261 100644 --- a/tests/cfgs/default/result/quic_0RTT.pcap.out +++ b/tests/cfgs/default/result/quic_0RTT.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 202 (101.00 diss/flow) +Num dissector calls: 203 (101.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/raknet.pcap.out b/tests/cfgs/default/result/raknet.pcap.out index c10b56706..5a1df664d 100644 --- a/tests/cfgs/default/result/raknet.pcap.out +++ b/tests/cfgs/default/result/raknet.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 24 (2.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1493 (124.42 diss/flow) +Num dissector calls: 1499 (124.92 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rdp2.pcap.out b/tests/cfgs/default/result/rdp2.pcap.out index 3f5da21ea..77bd0190b 100644 --- a/tests/cfgs/default/result/rdp2.pcap.out +++ b/tests/cfgs/default/result/rdp2.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 8 (2.67 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 416 (138.67 diss/flow) +Num dissector calls: 419 (139.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/reasm_crash_anon.pcapng.out b/tests/cfgs/default/result/reasm_crash_anon.pcapng.out index bac5cea2d..64927483a 100644 --- a/tests/cfgs/default/result/reasm_crash_anon.pcapng.out +++ b/tests/cfgs/default/result/reasm_crash_anon.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 23 (23.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 258 (258.00 diss/flow) +Num dissector calls: 259 (259.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/reasm_segv_anon.pcapng.out b/tests/cfgs/default/result/reasm_segv_anon.pcapng.out index 64c3603ce..2157d81d4 100644 --- a/tests/cfgs/default/result/reasm_segv_anon.pcapng.out +++ b/tests/cfgs/default/result/reasm_segv_anon.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 21 (21.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 205 (205.00 diss/flow) +Num dissector calls: 206 (206.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/riot.pcapng.out b/tests/cfgs/default/result/riot.pcapng.out index 8c87f9805..ea1981703 100644 --- a/tests/cfgs/default/result/riot.pcapng.out +++ b/tests/cfgs/default/result/riot.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 7 (3.50 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 195 (97.50 diss/flow) +Num dissector calls: 196 (98.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rsh.pcap.out b/tests/cfgs/default/result/rsh.pcap.out index b989c7515..da78765da 100644 --- a/tests/cfgs/default/result/rsh.pcap.out +++ b/tests/cfgs/default/result/rsh.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 318 (159.00 diss/flow) +Num dissector calls: 320 (160.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rtmp.pcap.out b/tests/cfgs/default/result/rtmp.pcap.out index c0083f353..4c70b8425 100644 --- a/tests/cfgs/default/result/rtmp.pcap.out +++ b/tests/cfgs/default/result/rtmp.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 8 (8.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 166 (166.00 diss/flow) +Num dissector calls: 167 (167.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rtp.pcapng.out b/tests/cfgs/default/result/rtp.pcapng.out index 6e060cba5..73f37ba02 100644 --- a/tests/cfgs/default/result/rtp.pcapng.out +++ b/tests/cfgs/default/result/rtp.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 9 (3.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 448 (149.33 diss/flow) +Num dissector calls: 451 (150.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rx.pcap.out b/tests/cfgs/default/result/rx.pcap.out index 6d87cf6f6..9a2ce20fc 100644 --- a/tests/cfgs/default/result/rx.pcap.out +++ b/tests/cfgs/default/result/rx.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 695 (139.00 diss/flow) +Num dissector calls: 700 (140.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/s7comm-plus.pcap.out b/tests/cfgs/default/result/s7comm-plus.pcap.out index 8eef9c35b..1b956e0dc 100644 --- a/tests/cfgs/default/result/s7comm-plus.pcap.out +++ b/tests/cfgs/default/result/s7comm-plus.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 180 (180.00 diss/flow) +Num dissector calls: 181 (181.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/s7comm.pcap.out b/tests/cfgs/default/result/s7comm.pcap.out index d5edd09b1..e0ae7a75b 100644 --- a/tests/cfgs/default/result/s7comm.pcap.out +++ b/tests/cfgs/default/result/s7comm.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 182 (182.00 diss/flow) +Num dissector calls: 183 (183.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sflow.pcap.out b/tests/cfgs/default/result/sflow.pcap.out index f4061c29c..bf5cce2cd 100644 --- a/tests/cfgs/default/result/sflow.pcap.out +++ b/tests/cfgs/default/result/sflow.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 126 (126.00 diss/flow) +Num dissector calls: 127 (127.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/shadowsocks.pcap.out b/tests/cfgs/default/result/shadowsocks.pcap.out index 3cf6281e0..f395dfefa 100644 --- a/tests/cfgs/default/result/shadowsocks.pcap.out +++ b/tests/cfgs/default/result/shadowsocks.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 21 (10.50 pkts/flow) Confidence Unknown : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 354 (177.00 diss/flow) +Num dissector calls: 356 (178.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sip.pcap.out b/tests/cfgs/default/result/sip.pcap.out index aa8551f7c..57c833bd5 100644 --- a/tests/cfgs/default/result/sip.pcap.out +++ b/tests/cfgs/default/result/sip.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 201 (50.25 diss/flow) +Num dissector calls: 202 (50.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sip_hello.pcapng.out b/tests/cfgs/default/result/sip_hello.pcapng.out index 8d514bc4a..6d15cec05 100644 --- a/tests/cfgs/default/result/sip_hello.pcapng.out +++ b/tests/cfgs/default/result/sip_hello.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 201 (201.00 diss/flow) +Num dissector calls: 202 (202.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skinny.pcap.out b/tests/cfgs/default/result/skinny.pcap.out index d803d8d10..1b68b2a05 100644 --- a/tests/cfgs/default/result/skinny.pcap.out +++ b/tests/cfgs/default/result/skinny.pcap.out @@ -2,7 +2,7 @@ DPI Packets (TCP): 3 (1.00 pkts/flow) DPI Packets (UDP): 15 (3.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 724 (80.44 diss/flow) +Num dissector calls: 729 (81.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skype.pcap.out b/tests/cfgs/default/result/skype.pcap.out index 3029d65db..8003adf76 100644 --- a/tests/cfgs/default/result/skype.pcap.out +++ b/tests/cfgs/default/result/skype.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 59 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 206 (flows) -Num dissector calls: 27892 (95.19 diss/flow) +Num dissector calls: 27978 (95.49 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/261/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skype_no_unknown.pcap.out b/tests/cfgs/default/result/skype_no_unknown.pcap.out index 51ae5642d..4262a6361 100644 --- a/tests/cfgs/default/result/skype_no_unknown.pcap.out +++ b/tests/cfgs/default/result/skype_no_unknown.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 44 (flows) Confidence Match by port : 22 (flows) Confidence DPI : 201 (flows) -Num dissector calls: 23137 (86.66 diss/flow) +Num dissector calls: 23201 (86.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/198/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skype_udp.pcap.out b/tests/cfgs/default/result/skype_udp.pcap.out index 06a7a3e93..3f2211ea7 100644 --- a/tests/cfgs/default/result/skype_udp.pcap.out +++ b/tests/cfgs/default/result/skype_udp.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 176 (176.00 diss/flow) +Num dissector calls: 177 (177.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/smb_frags.pcap.out b/tests/cfgs/default/result/smb_frags.pcap.out index 436bd9fd7..505165e2e 100644 --- a/tests/cfgs/default/result/smb_frags.pcap.out +++ b/tests/cfgs/default/result/smb_frags.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 5 (5.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 165 (165.00 diss/flow) +Num dissector calls: 166 (166.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/smbv1.pcap.out b/tests/cfgs/default/result/smbv1.pcap.out index 074a0143c..3918a36b3 100644 --- a/tests/cfgs/default/result/smbv1.pcap.out +++ b/tests/cfgs/default/result/smbv1.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 167 (167.00 diss/flow) +Num dissector calls: 168 (168.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/smtp-starttls.pcap.out b/tests/cfgs/default/result/smtp-starttls.pcap.out index fa7d97ccd..64d38ca15 100644 --- a/tests/cfgs/default/result/smtp-starttls.pcap.out +++ b/tests/cfgs/default/result/smtp-starttls.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 163 (81.50 diss/flow) +Num dissector calls: 164 (82.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/smtp.pcap.out b/tests/cfgs/default/result/smtp.pcap.out index 38b820a79..2890ce512 100644 --- a/tests/cfgs/default/result/smtp.pcap.out +++ b/tests/cfgs/default/result/smtp.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 11 (11.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 208 (208.00 diss/flow) +Num dissector calls: 209 (209.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/soap.pcap.out b/tests/cfgs/default/result/soap.pcap.out index 8ecd4aa60..015ae9bca 100644 --- a/tests/cfgs/default/result/soap.pcap.out +++ b/tests/cfgs/default/result/soap.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 20 (6.67 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 399 (133.00 diss/flow) +Num dissector calls: 401 (133.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/socks.pcap.out b/tests/cfgs/default/result/socks.pcap.out index 21be5ccb9..b1069e834 100644 --- a/tests/cfgs/default/result/socks.pcap.out +++ b/tests/cfgs/default/result/socks.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 23 (5.75 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 546 (136.50 diss/flow) +Num dissector calls: 550 (137.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/softether.pcap.out b/tests/cfgs/default/result/softether.pcap.out index a7320839b..5c43106c1 100644 --- a/tests/cfgs/default/result/softether.pcap.out +++ b/tests/cfgs/default/result/softether.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 31 (10.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 397 (99.25 diss/flow) +Num dissector calls: 399 (99.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index 4a7f583de..e98aa681e 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 12 (flows) Confidence DPI : 39 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1588 (30.54 diss/flow) +Num dissector calls: 1596 (30.69 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/39/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out index 72b343e3c..e9a522603 100644 --- a/tests/cfgs/default/result/synscan.pcap.out +++ b/tests/cfgs/default/result/synscan.pcap.out @@ -130,7 +130,7 @@ iSCSI 2 116 2 45 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 48 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 379/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 48 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 380/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 51 TCP 172.16.0.8:36050 -> 64.13.134.52:4000 [proto: 378/NoMachine][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -196,7 +196,7 @@ iSCSI 2 116 2 111 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 113 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 114 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 379/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 114 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 380/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 115 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 116 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 117 TCP 172.16.0.8:36051 -> 64.13.134.52:4000 [proto: 378/NoMachine][IP: 0/Unknown][Encrypted][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index 53f6b90b9..db5d77df9 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) Confidence DPI (partial) : 4 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 528 (6.36 diss/flow) +Num dissector calls: 530 (6.39 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamspeak3.pcap.out b/tests/cfgs/default/result/teamspeak3.pcap.out index e8dceb495..44c83d80d 100644 --- a/tests/cfgs/default/result/teamspeak3.pcap.out +++ b/tests/cfgs/default/result/teamspeak3.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 210 (105.00 diss/flow) +Num dissector calls: 211 (105.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamviewer.pcap.out b/tests/cfgs/default/result/teamviewer.pcap.out index 1f72fef8e..bc4fdfda0 100644 --- a/tests/cfgs/default/result/teamviewer.pcap.out +++ b/tests/cfgs/default/result/teamviewer.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 169 (84.50 diss/flow) +Num dissector calls: 170 (85.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out index b61d6eeb6..1d5ff7d7d 100644 --- a/tests/cfgs/default/result/telegram.pcap.out +++ b/tests/cfgs/default/result/telegram.pcap.out @@ -1,7 +1,7 @@ DPI Packets (UDP): 82 (1.71 pkts/flow) Confidence Unknown : 3 (flows) Confidence DPI : 45 (flows) -Num dissector calls: 1569 (32.69 diss/flow) +Num dissector calls: 1572 (32.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/telegram_videocall.pcapng.out b/tests/cfgs/default/result/telegram_videocall.pcapng.out index ce2fc86d4..ac3db485c 100644 --- a/tests/cfgs/default/result/telegram_videocall.pcapng.out +++ b/tests/cfgs/default/result/telegram_videocall.pcapng.out @@ -7,7 +7,7 @@ Confidence Match by port : 8 (flows) Confidence DPI (cache) : 10 (flows) Confidence DPI : 15 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1981 (58.26 diss/flow) +Num dissector calls: 1989 (58.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/27/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/telnet.pcap.out b/tests/cfgs/default/result/telnet.pcap.out index c1201236d..878b310e8 100644 --- a/tests/cfgs/default/result/telnet.pcap.out +++ b/tests/cfgs/default/result/telnet.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 33 (33.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 163 (163.00 diss/flow) +Num dissector calls: 164 (164.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tftp.pcap.out b/tests/cfgs/default/result/tftp.pcap.out index 8d9b18bd7..7857e4b2a 100644 --- a/tests/cfgs/default/result/tftp.pcap.out +++ b/tests/cfgs/default/result/tftp.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (UDP): 15 (1.67 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 7 (flows) -Num dissector calls: 631 (70.11 diss/flow) +Num dissector calls: 635 (70.56 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/threema.pcap.out b/tests/cfgs/default/result/threema.pcap.out index 628f4b901..a448db355 100644 --- a/tests/cfgs/default/result/threema.pcap.out +++ b/tests/cfgs/default/result/threema.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 66 (11.00 pkts/flow) Confidence DPI : 4 (flows) Confidence Match by IP : 2 (flows) -Num dissector calls: 1314 (219.00 diss/flow) +Num dissector calls: 1320 (220.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tinc.pcap.out b/tests/cfgs/default/result/tinc.pcap.out index 02da53686..cc7496db5 100644 --- a/tests/cfgs/default/result/tinc.pcap.out +++ b/tests/cfgs/default/result/tinc.pcap.out @@ -2,7 +2,7 @@ DPI Packets (TCP): 19 (9.50 pkts/flow) DPI Packets (UDP): 2 (1.00 pkts/flow) Confidence DPI (cache) : 2 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 525 (131.25 diss/flow) +Num dissector calls: 527 (131.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tls-appdata.pcap.out b/tests/cfgs/default/result/tls-appdata.pcap.out index 9d29094e1..df668f10f 100644 --- a/tests/cfgs/default/result/tls-appdata.pcap.out +++ b/tests/cfgs/default/result/tls-appdata.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 17 (8.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 137 (68.50 diss/flow) +Num dissector calls: 138 (69.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out index 0fce5ee79..6604355eb 100644 --- a/tests/cfgs/default/result/tls_certificate_too_long.pcap.out +++ b/tests/cfgs/default/result/tls_certificate_too_long.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 1 (flows) Confidence DPI : 33 (flows) -Num dissector calls: 618 (17.66 diss/flow) +Num dissector calls: 621 (17.74 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tls_false_positives.pcapng.out b/tests/cfgs/default/result/tls_false_positives.pcapng.out index 4930721ec..4c4e21ba5 100644 --- a/tests/cfgs/default/result/tls_false_positives.pcapng.out +++ b/tests/cfgs/default/result/tls_false_positives.pcapng.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 13 (13.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 265 (265.00 diss/flow) +Num dissector calls: 266 (266.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tls_invalid_reads.pcap.out b/tests/cfgs/default/result/tls_invalid_reads.pcap.out index 8822470a7..fea9808c2 100644 --- a/tests/cfgs/default/result/tls_invalid_reads.pcap.out +++ b/tests/cfgs/default/result/tls_invalid_reads.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 10 (3.33 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 137 (45.67 diss/flow) +Num dissector calls: 138 (46.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out b/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out index 41f22d1f9..b5a859e64 100644 --- a/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out +++ b/tests/cfgs/default/result/tls_missing_ch_frag.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 136 (136.00 diss/flow) +Num dissector calls: 137 (137.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/toca-boca.pcap.out b/tests/cfgs/default/result/toca-boca.pcap.out index db194764f..fce78ab89 100644 --- a/tests/cfgs/default/result/toca-boca.pcap.out +++ b/tests/cfgs/default/result/toca-boca.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (UDP): 21 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 17 (flows) -Num dissector calls: 517 (24.62 diss/flow) +Num dissector calls: 521 (24.81 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index 1a44f2486..eb9560457 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 462 (15.93 diss/flow) +Num dissector calls: 464 (16.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/vnc.pcap.out b/tests/cfgs/default/result/vnc.pcap.out index 86e70a89e..0180ea6fe 100644 --- a/tests/cfgs/default/result/vnc.pcap.out +++ b/tests/cfgs/default/result/vnc.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 10 (5.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 282 (141.00 diss/flow) +Num dissector calls: 284 (142.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/wa_video.pcap.out b/tests/cfgs/default/result/wa_video.pcap.out index 2a84cb083..105d4d726 100644 --- a/tests/cfgs/default/result/wa_video.pcap.out +++ b/tests/cfgs/default/result/wa_video.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 13 (1.00 pkts/flow) Confidence DPI (cache) : 2 (flows) Confidence DPI : 11 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 404 (28.86 diss/flow) +Num dissector calls: 405 (28.93 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/waze.pcap.out b/tests/cfgs/default/result/waze.pcap.out index d9bfa0a59..78d5590bf 100644 --- a/tests/cfgs/default/result/waze.pcap.out +++ b/tests/cfgs/default/result/waze.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 9 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 371 (11.24 diss/flow) +Num dissector calls: 372 (11.27 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/30/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index 296bc8259..ec9fe935a 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 14 (7.00 pkts/flow) Confidence Match by port : 3 (flows) Confidence DPI : 53 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 285 (5.00 diss/flow) +Num dissector calls: 286 (5.02 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/wechat.pcap.out b/tests/cfgs/default/result/wechat.pcap.out index 6cb486164..7b7330877 100644 --- a/tests/cfgs/default/result/wechat.pcap.out +++ b/tests/cfgs/default/result/wechat.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Match by port : 24 (flows) Confidence DPI : 78 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 318 (3.09 diss/flow) +Num dissector calls: 319 (3.10 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/75/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index 8ca69c4be..dd592c5ca 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 100 (3.33 pkts/flow) DPI Packets (UDP): 43 (3.07 pkts/flow) Confidence Match by port : 21 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 561 (12.75 diss/flow) +Num dissector calls: 563 (12.80 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/63/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/whatsapp.pcap.out b/tests/cfgs/default/result/whatsapp.pcap.out index 57329feae..77e78d8ee 100644 --- a/tests/cfgs/default/result/whatsapp.pcap.out +++ b/tests/cfgs/default/result/whatsapp.pcap.out @@ -1,6 +1,6 @@ DPI Packets (TCP): 344 (4.00 pkts/flow) Confidence DPI : 86 (flows) -Num dissector calls: 13244 (154.00 diss/flow) +Num dissector calls: 13330 (155.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/whatsapp_login_chat.pcap.out b/tests/cfgs/default/result/whatsapp_login_chat.pcap.out index 5d11d311f..321ace58e 100644 --- a/tests/cfgs/default/result/whatsapp_login_chat.pcap.out +++ b/tests/cfgs/default/result/whatsapp_login_chat.pcap.out @@ -1,7 +1,7 @@ DPI Packets (TCP): 17 (5.67 pkts/flow) DPI Packets (UDP): 7 (1.17 pkts/flow) Confidence DPI : 9 (flows) -Num dissector calls: 291 (32.33 diss/flow) +Num dissector calls: 292 (32.44 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/whois.pcapng.out b/tests/cfgs/default/result/whois.pcapng.out index 8ec834d6f..08ad3fcc7 100644 --- a/tests/cfgs/default/result/whois.pcapng.out +++ b/tests/cfgs/default/result/whois.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 16 (5.33 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 2 (flows) -Num dissector calls: 196 (65.33 diss/flow) +Num dissector calls: 197 (65.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/wireguard.pcap.out b/tests/cfgs/default/result/wireguard.pcap.out index 357163cd2..4f8af14b5 100644 --- a/tests/cfgs/default/result/wireguard.pcap.out +++ b/tests/cfgs/default/result/wireguard.pcap.out @@ -1,6 +1,6 @@ DPI Packets (UDP): 6 (3.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 289 (144.50 diss/flow) +Num dissector calls: 291 (145.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/z3950.pcapng.out b/tests/cfgs/default/result/z3950.pcapng.out index 603b2b80b..0776c9e09 100644 --- a/tests/cfgs/default/result/z3950.pcapng.out +++ b/tests/cfgs/default/result/z3950.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 475 (237.50 diss/flow) +Num dissector calls: 477 (238.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom.pcap.out b/tests/cfgs/default/result/zoom.pcap.out index 5cd5e5e16..050576903 100644 --- a/tests/cfgs/default/result/zoom.pcap.out +++ b/tests/cfgs/default/result/zoom.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 23 (1.35 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 31 (flows) -Num dissector calls: 680 (20.61 diss/flow) +Num dissector calls: 682 (20.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 7/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom2.pcap.out b/tests/cfgs/default/result/zoom2.pcap.out index e35d2e2d7..f000bb544 100644 --- a/tests/cfgs/default/result/zoom2.pcap.out +++ b/tests/cfgs/default/result/zoom2.pcap.out @@ -2,7 +2,7 @@ DPI Packets (TCP): 8 (8.00 pkts/flow) DPI Packets (UDP): 15 (5.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 533 (106.60 diss/flow) +Num dissector calls: 536 (107.20 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 1/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom_p2p.pcapng.out b/tests/cfgs/default/result/zoom_p2p.pcapng.out index 648d0ca44..98930cc82 100644 --- a/tests/cfgs/default/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 52 (5.20 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial cache): 4 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 856 (71.33 diss/flow) +Num dissector calls: 860 (71.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out b/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out index 7c1679641..29c99ff1b 100644 --- a/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out +++ b/tests/cfgs/disable_aggressiveness/result/ookla.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 40 (6.67 pkts/flow) Confidence DPI (partial cache): 1 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 546 (91.00 diss/flow) +Num dissector calls: 549 (91.50 diss/flow) LRU cache ookla: 4/1/1 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out index 6c6ab589b..97289a8a4 100644 --- a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out +++ b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 140 (140.00 diss/flow) +Num dissector calls: 141 (141.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out index 8cacbf738..090d96775 100644 --- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 13 (13.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 202 (202.00 diss/flow) +Num dissector calls: 203 (203.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/soap.pcap.out b/tests/cfgs/disable_protocols/result/soap.pcap.out index d4043158a..60acfc77b 100644 --- a/tests/cfgs/disable_protocols/result/soap.pcap.out +++ b/tests/cfgs/disable_protocols/result/soap.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 2 DPI Packets (TCP): 20 (6.67 pkts/flow) Confidence Match by port : 2 (flows) Confidence DPI : 1 (flows) -Num dissector calls: 390 (130.00 diss/flow) +Num dissector calls: 392 (130.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out index c90ed7f4e..1737e632d 100644 --- a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out +++ b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 120 (1.21 pkts/flow) Confidence Unknown : 14 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4773 (24.23 diss/flow) +Num dissector calls: 4790 (24.31 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/60/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj index ebd95a955..7bf40d59b 100644 --- a/windows/nDPI.vcxproj +++ b/windows/nDPI.vcxproj @@ -349,6 +349,7 @@ <ClCompile Include="..\src\lib\protocols\json-rpc.c" /> <ClCompile Include="..\src\lib\protocols\kafka.c" /> <ClCompile Include="..\src\lib\protocols\nomachine.c" /> + <ClCompile Include="..\src\lib\protocols\iec62056.c" /> <ClCompile Include="..\src\lib\third_party\src\gcrypt_light.c" /> <ClCompile Include="..\src\lib\third_party\src\libcache.c" /> <ClCompile Include="..\src\lib\third_party\src\libinjection_html5.c" /> diff --git a/windows/nDPI.vcxproj.filters b/windows/nDPI.vcxproj.filters index 43520e7b0..3b19d7723 100644 --- a/windows/nDPI.vcxproj.filters +++ b/windows/nDPI.vcxproj.filters @@ -130,6 +130,7 @@ <ClCompile Include="..\src\lib\protocols\json-rpc.c" /> <ClCompile Include="..\src\lib\protocols\kafka.c" /> <ClCompile Include="..\src\lib\protocols\nomachine.c" /> + <ClCompile Include="..\src\lib\protocols\iec62056.c" /> <ClCompile Include="src\getopt.c" /> <ClCompile Include="src\win-gettimeofday.c" /> <ClCompile Include="..\src\lib\ndpi_analyze.c" /> |