diff options
30 files changed, 33 insertions, 69 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2a081f8a4..3d897edfd 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -6714,42 +6714,6 @@ static int ndpi_init_packet(struct ndpi_detection_module_struct *ndpi_str, if(l4_packet_len >= packet->tcp->doff * 4) { packet->payload_packet_len = l4_packet_len - packet->tcp->doff * 4; packet->payload = ((u_int8_t *) packet->tcp) + (packet->tcp->doff * 4); - - /* check for new tcp syn packets, here - * idea: reset detection state if a connection is unknown - */ - if(packet->tcp->syn != 0 && packet->tcp->ack == 0 && flow->init_finished != 0 && - flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { - u_int16_t guessed_protocol_id, guessed_protocol_id_by_ip; - u_int16_t packet_direction_counter[2]; - u_int8_t num_processed_pkts; - -#define flow_save(a) a = flow->a -#define flow_restore(a) flow->a = a - - flow_save(packet_direction_counter[0]); - flow_save(packet_direction_counter[1]); - flow_save(num_processed_pkts); - flow_save(guessed_protocol_id); - flow_save(guessed_protocol_id_by_ip); - - ndpi_free_flow_data(flow); - memset(flow, 0, sizeof(*(flow))); - - /* Restore pointers */ - flow->l4_proto = IPPROTO_TCP; - - flow_restore(packet_direction_counter[0]); - flow_restore(packet_direction_counter[1]); - flow_restore(num_processed_pkts); - flow_restore(guessed_protocol_id); - flow_restore(guessed_protocol_id_by_ip); - -#undef flow_save -#undef flow_restore - - NDPI_LOG_DBG(ndpi_str, "tcp syn packet for unknown protocol, reset detection state\n"); - } } else { /* tcp header not complete */ return(1); diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index 926cef58e..392ef7892 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -23,7 +23,7 @@ Patricia risk mask: 176/0 (search/found) Patricia risk mask IPv6: 6/0 (search/found) Patricia risk: 3/0 (search/found) Patricia risk IPv6: 25/0 (search/found) -Patricia protocols: 315/59 (search/found) +Patricia protocols: 287/57 (search/found) Patricia protocols IPv6: 50/0 (search/found) Unknown 24 6428 14 diff --git a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out index eea6fff16..d4e31cfac 100644 --- a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out @@ -23,7 +23,7 @@ Patricia risk mask: 62/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 63/15 (search/found) +Patricia protocols: 62/14 (search/found) Patricia protocols IPv6: 0/0 (search/found) DNS 2 217 1 diff --git a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out index 1cc7b5a34..6ce84339e 100644 --- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out +++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out @@ -23,7 +23,7 @@ Patricia risk mask: 32/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 33/11 (search/found) +Patricia protocols: 31/9 (search/found) Patricia protocols IPv6: 0/0 (search/found) HTTP 5 280 1 diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out index 708299398..4fe8ff6ed 100644 --- a/tests/cfgs/default/result/alexa-app.pcapng.out +++ b/tests/cfgs/default/result/alexa-app.pcapng.out @@ -23,7 +23,7 @@ Patricia risk mask: 88/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 4/0 (search/found) -Patricia protocols: 238/122 (search/found) +Patricia protocols: 196/116 (search/found) Patricia protocols IPv6: 8/0 (search/found) HTTP 9 548 1 diff --git a/tests/cfgs/default/result/android.pcap.out b/tests/cfgs/default/result/android.pcap.out index eee8ed674..899640b11 100644 --- a/tests/cfgs/default/result/android.pcap.out +++ b/tests/cfgs/default/result/android.pcap.out @@ -24,7 +24,7 @@ Patricia risk mask: 58/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 5/0 (search/found) -Patricia protocols: 89/29 (search/found) +Patricia protocols: 88/28 (search/found) Patricia protocols IPv6: 10/0 (search/found) DNS 2 216 1 diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index d22886326..99fe01237 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -24,7 +24,7 @@ Patricia risk mask: 82/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 3/0 (search/found) -Patricia protocols: 133/7 (search/found) +Patricia protocols: 125/7 (search/found) Patricia protocols IPv6: 6/0 (search/found) Unknown 19 1054 2 diff --git a/tests/cfgs/default/result/dnp3.pcap.out b/tests/cfgs/default/result/dnp3.pcap.out index a98633f55..1f294ff32 100644 --- a/tests/cfgs/default/result/dnp3.pcap.out +++ b/tests/cfgs/default/result/dnp3.pcap.out @@ -18,7 +18,7 @@ Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 48/0 (search/found) +Patricia protocols: 16/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) DNP3 543 38754 8 diff --git a/tests/cfgs/default/result/ethereum.pcap.out b/tests/cfgs/default/result/ethereum.pcap.out index 89e3cb78e..ce81c1b66 100644 --- a/tests/cfgs/default/result/ethereum.pcap.out +++ b/tests/cfgs/default/result/ethereum.pcap.out @@ -22,7 +22,7 @@ Patricia risk mask: 42/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 124/29 (search/found) +Patricia protocols: 121/28 (search/found) Patricia protocols IPv6: 0/0 (search/found) ETHEREUM 2000 216111 74 diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index 4551da6d2..9081b3d09 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -24,7 +24,7 @@ Patricia risk mask: 382/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 13/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 502/1 (search/found) +Patricia protocols: 496/1 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 34 4212 34 diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index 2f6665bac..fab0fdd0c 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -24,7 +24,7 @@ Patricia risk mask: 578/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 12/0 (search/found) -Patricia protocols: 1804/0 (search/found) +Patricia protocols: 1496/0 (search/found) Patricia protocols IPv6: 24/0 (search/found) Unknown 883 76902 389 diff --git a/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out b/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out index b5beefeba..ddc86c20f 100644 --- a/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out +++ b/tests/cfgs/default/result/heuristic_tcp_ack_payload.pcap.out @@ -12,13 +12,13 @@ LRU cache stun_zoom: 0/0/0 (insert/search/found) Automa host: 12/2 (search/found) Automa domain: 12/0 (search/found) Automa tls cert: 3/0 (search/found) -Automa risk mask: 1/0 (search/found) +Automa risk mask: 0/0 (search/found) Automa common alpns: 9/9 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) -Patricia risk: 9/0 (search/found) +Patricia risk: 6/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 16/2 (search/found) +Patricia protocols: 10/2 (search/found) Patricia protocols IPv6: 0/0 (search/found) TLS 196 76217 4 diff --git a/tests/cfgs/default/result/hpvirtgrp.pcap.out b/tests/cfgs/default/result/hpvirtgrp.pcap.out index 743226951..2947275bc 100644 --- a/tests/cfgs/default/result/hpvirtgrp.pcap.out +++ b/tests/cfgs/default/result/hpvirtgrp.pcap.out @@ -18,7 +18,7 @@ Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 20/0 (search/found) +Patricia protocols: 18/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) HP_VIRTGRP 135 12739 9 diff --git a/tests/cfgs/default/result/imaps.pcap.out b/tests/cfgs/default/result/imaps.pcap.out index 30ac39574..e8fde33f2 100644 --- a/tests/cfgs/default/result/imaps.pcap.out +++ b/tests/cfgs/default/result/imaps.pcap.out @@ -18,7 +18,7 @@ Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 6/0 (search/found) +Patricia protocols: 4/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) ntop 20 5196 1 diff --git a/tests/cfgs/default/result/kerberos-login.pcap.out b/tests/cfgs/default/result/kerberos-login.pcap.out index acb87b291..be1da8046 100644 --- a/tests/cfgs/default/result/kerberos-login.pcap.out +++ b/tests/cfgs/default/result/kerberos-login.pcap.out @@ -19,7 +19,7 @@ Patricia risk mask: 24/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 28/0 (search/found) +Patricia protocols: 26/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) Kerberos 39 37272 13 diff --git a/tests/cfgs/default/result/ocs.pcap.out b/tests/cfgs/default/result/ocs.pcap.out index 5c3336134..16e9dc0be 100644 --- a/tests/cfgs/default/result/ocs.pcap.out +++ b/tests/cfgs/default/result/ocs.pcap.out @@ -22,7 +22,7 @@ Patricia risk mask: 40/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 27/27 (search/found) +Patricia protocols: 20/20 (search/found) Patricia protocols IPv6: 0/0 (search/found) DNS 2 144 2 diff --git a/tests/cfgs/default/result/opera-vpn.pcapng.out b/tests/cfgs/default/result/opera-vpn.pcapng.out index 26c00e9d0..4d3b704ac 100644 --- a/tests/cfgs/default/result/opera-vpn.pcapng.out +++ b/tests/cfgs/default/result/opera-vpn.pcapng.out @@ -21,7 +21,7 @@ Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 126/0 (search/found) +Patricia protocols: 124/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) TLS 3 206 1 diff --git a/tests/cfgs/default/result/pop3.pcap.out b/tests/cfgs/default/result/pop3.pcap.out index 32a3cf713..a0f612cba 100644 --- a/tests/cfgs/default/result/pop3.pcap.out +++ b/tests/cfgs/default/result/pop3.pcap.out @@ -18,7 +18,7 @@ Patricia risk mask: 8/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 14/0 (search/found) +Patricia protocols: 12/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) POP3 144 31172 6 diff --git a/tests/cfgs/default/result/psiphon3.pcap.out b/tests/cfgs/default/result/psiphon3.pcap.out index 290fef3bf..14f64707f 100644 --- a/tests/cfgs/default/result/psiphon3.pcap.out +++ b/tests/cfgs/default/result/psiphon3.pcap.out @@ -18,7 +18,7 @@ Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 2/2 (search/found) +Patricia protocols: 1/1 (search/found) Patricia protocols IPv6: 0/0 (search/found) Psiphon 62 11818 1 diff --git a/tests/cfgs/default/result/rtsp.pcap.out b/tests/cfgs/default/result/rtsp.pcap.out index d464816b1..5b99c6ca3 100644 --- a/tests/cfgs/default/result/rtsp.pcap.out +++ b/tests/cfgs/default/result/rtsp.pcap.out @@ -18,7 +18,7 @@ Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 58/0 (search/found) +Patricia protocols: 14/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) RTSP 568 100872 7 diff --git a/tests/cfgs/default/result/s7comm-plus.pcap.out b/tests/cfgs/default/result/s7comm-plus.pcap.out index 2283e2d6c..ed2edaf59 100644 --- a/tests/cfgs/default/result/s7comm-plus.pcap.out +++ b/tests/cfgs/default/result/s7comm-plus.pcap.out @@ -18,7 +18,7 @@ Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 4/0 (search/found) +Patricia protocols: 2/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) S7CommPlus 79 10271 1 diff --git a/tests/cfgs/default/result/sites.pcapng.out b/tests/cfgs/default/result/sites.pcapng.out index 798466bfe..22b109f9a 100644 --- a/tests/cfgs/default/result/sites.pcapng.out +++ b/tests/cfgs/default/result/sites.pcapng.out @@ -22,7 +22,7 @@ Patricia risk mask: 6/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 4/0 (search/found) -Patricia protocols: 86/34 (search/found) +Patricia protocols: 80/28 (search/found) Patricia protocols IPv6: 4/4 (search/found) HTTP 14 1040 4 diff --git a/tests/cfgs/default/result/syslog.pcap.out b/tests/cfgs/default/result/syslog.pcap.out index a2d59bb5e..a73fb87b4 100644 --- a/tests/cfgs/default/result/syslog.pcap.out +++ b/tests/cfgs/default/result/syslog.pcap.out @@ -20,7 +20,7 @@ Patricia risk mask: 40/0 (search/found) Patricia risk mask IPv6: 2/0 (search/found) Patricia risk: 3/0 (search/found) Patricia risk IPv6: 1/0 (search/found) -Patricia protocols: 56/0 (search/found) +Patricia protocols: 42/0 (search/found) Patricia protocols IPv6: 2/0 (search/found) Unknown 1 78 1 diff --git a/tests/cfgs/default/result/tls_port_80.pcapng.out b/tests/cfgs/default/result/tls_port_80.pcapng.out index 5d7d5cdec..204f3962b 100644 --- a/tests/cfgs/default/result/tls_port_80.pcapng.out +++ b/tests/cfgs/default/result/tls_port_80.pcapng.out @@ -16,9 +16,9 @@ Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) Patricia risk mask: 2/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) -Patricia risk: 4/0 (search/found) +Patricia risk: 1/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 8/0 (search/found) +Patricia protocols: 2/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) TLS 13 2439 1 diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index 77e464c83..778a61448 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -23,7 +23,7 @@ Patricia risk mask: 94/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 78/54 (search/found) +Patricia protocols: 69/45 (search/found) Patricia protocols IPv6: 0/0 (search/found) HTTP 22 3182 2 diff --git a/tests/cfgs/default/result/whois.pcapng.out b/tests/cfgs/default/result/whois.pcapng.out index d41b4246f..d362c1327 100644 --- a/tests/cfgs/default/result/whois.pcapng.out +++ b/tests/cfgs/default/result/whois.pcapng.out @@ -21,7 +21,7 @@ Patricia risk mask: 4/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 8/0 (search/found) +Patricia protocols: 6/0 (search/found) Patricia protocols IPv6: 0/0 (search/found) TLS 7 2046 1 diff --git a/tests/cfgs/default/result/wow.pcap.out b/tests/cfgs/default/result/wow.pcap.out index 8e4f4b007..b9644b66d 100644 --- a/tests/cfgs/default/result/wow.pcap.out +++ b/tests/cfgs/default/result/wow.pcap.out @@ -18,7 +18,7 @@ Patricia risk mask: 0/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 18/2 (search/found) +Patricia protocols: 9/1 (search/found) Patricia protocols IPv6: 0/0 (search/found) WorldOfWarcraft 95 10688 5 diff --git a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out index d7ca0c306..2d14a3f3b 100644 --- a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out +++ b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out @@ -23,7 +23,7 @@ Patricia risk mask: 176/0 (search/found) Patricia risk mask IPv6: 6/0 (search/found) Patricia risk: 3/0 (search/found) Patricia risk IPv6: 25/0 (search/found) -Patricia protocols: 315/59 (search/found) +Patricia protocols: 287/57 (search/found) Patricia protocols IPv6: 50/0 (search/found) Unknown 24 6428 14 diff --git a/tests/cfgs/guessing_disable/result/webex.pcap.out b/tests/cfgs/guessing_disable/result/webex.pcap.out index 6f978fc58..c53c7bdc6 100644 --- a/tests/cfgs/guessing_disable/result/webex.pcap.out +++ b/tests/cfgs/guessing_disable/result/webex.pcap.out @@ -20,7 +20,7 @@ Patricia risk mask: 92/0 (search/found) Patricia risk mask IPv6: 0/0 (search/found) Patricia risk: 0/0 (search/found) Patricia risk IPv6: 0/0 (search/found) -Patricia protocols: 78/54 (search/found) +Patricia protocols: 69/45 (search/found) Patricia protocols IPv6: 0/0 (search/found) Unknown 25 1701 4 diff --git a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out index 2b4712fa3..30a3b59d1 100644 --- a/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out +++ b/tests/cfgs/ip_lists_disable/result/1kxun.pcap.out @@ -23,7 +23,7 @@ Patricia risk mask: 176/0 (search/found) Patricia risk mask IPv6: 6/0 (search/found) Patricia risk: 3/0 (search/found) Patricia risk IPv6: 25/0 (search/found) -Patricia protocols: 374/0 (search/found) +Patricia protocols: 344/0 (search/found) Patricia protocols IPv6: 50/0 (search/found) Unknown 24 6428 14 |