From dba7e9a8ecf773dbbae5feb28d57a1cc81f13069 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Wed, 12 Feb 2025 09:48:35 +0100
Subject: DNS: try to simplify the code (#2718)

Set the classification in only one place in the code.
---
 src/lib/protocols/dns.c                            |  48 ++++++---------------
 tests/cfgs/default/pcap/dns_retransmissions.pcap   | Bin 0 -> 538 bytes
 .../default/result/dns_retransmissions.pcap.out    |  27 ++++++++++++
 .../default/result/fuzz-2006-06-26-2594.pcap.out   |   2 +-
 tests/cfgs/dns_sub_enable/config.txt               |   1 +
 tests/cfgs/dns_sub_enable/pcap/dns.pcap            |   1 +
 tests/cfgs/dns_sub_enable/pcap/dns2.pcap           |   1 +
 .../pcap/dns_multiple_transactions_same_flow.pcap  |   1 +
 .../dns_sub_enable/pcap/dns_retransmissions.pcap   |   1 +
 tests/cfgs/dns_sub_enable/result/dns.pcap.out      |  29 +++++++++++++
 tests/cfgs/dns_sub_enable/result/dns2.pcap.out     |  27 ++++++++++++
 .../dns_multiple_transactions_same_flow.pcap.out   |  27 ++++++++++++
 .../result/dns_retransmissions.pcap.out            |  27 ++++++++++++
 tests/cfgs/dns_subclassification_enable/config.txt |   1 -
 .../dns_subclassification_enable/pcap/dns.pcap     |   1 -
 .../result/dns.pcap.out                            |  29 -------------
 16 files changed, 156 insertions(+), 67 deletions(-)
 create mode 100644 tests/cfgs/default/pcap/dns_retransmissions.pcap
 create mode 100644 tests/cfgs/default/result/dns_retransmissions.pcap.out
 create mode 100644 tests/cfgs/dns_sub_enable/config.txt
 create mode 120000 tests/cfgs/dns_sub_enable/pcap/dns.pcap
 create mode 120000 tests/cfgs/dns_sub_enable/pcap/dns2.pcap
 create mode 120000 tests/cfgs/dns_sub_enable/pcap/dns_multiple_transactions_same_flow.pcap
 create mode 120000 tests/cfgs/dns_sub_enable/pcap/dns_retransmissions.pcap
 create mode 100644 tests/cfgs/dns_sub_enable/result/dns.pcap.out
 create mode 100644 tests/cfgs/dns_sub_enable/result/dns2.pcap.out
 create mode 100644 tests/cfgs/dns_sub_enable/result/dns_multiple_transactions_same_flow.pcap.out
 create mode 100644 tests/cfgs/dns_sub_enable/result/dns_retransmissions.pcap.out
 delete mode 100644 tests/cfgs/dns_subclassification_enable/config.txt
 delete mode 120000 tests/cfgs/dns_subclassification_enable/pcap/dns.pcap
 delete mode 100644 tests/cfgs/dns_subclassification_enable/result/dns.pcap.out

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index b2223f4a9..17813bab7 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -625,17 +625,6 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
 	      x += data_len;
 	  }
 	}
-
-	if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_DNS)
-	   || (flow->detected_protocol_stack[1] == NDPI_PROTOCOL_DNS)) {
-	  /* Request already set the protocol */
-	  // flow->extra_packets_func = NULL; /* Removed so the caller can keep dissecting DNS flows */
-	} else {
-	  /* We missed the request */
-	  u_int16_t s_port = packet->udp ? ntohs(packet->udp->source) : ntohs(packet->tcp->source);
-
-	  ndpi_set_detected_protocol(ndpi_struct, flow, checkPort(s_port), NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	}
       }
     }
   }
@@ -839,20 +828,24 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
     /* Report if this is a DNS query or reply */
     flow->protos.dns.is_query = is_query;
 
-    if(is_query) {
-      /* In this case we say that the protocol has been detected just to let apps carry on with their activities */
+    if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN ||
+       ret.proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) {
+
       ndpi_set_detected_protocol(ndpi_struct, flow, ret.proto.app_protocol, ret.proto.master_protocol, NDPI_CONFIDENCE_DPI);
 
-      if(ndpi_struct->cfg.dns_parse_response_enabled) {
-        /* We have never triggered extra-dissection for LLMNR. Keep the old behaviour */
-        if(ret.proto.master_protocol != NDPI_PROTOCOL_LLMNR) {
-          /* Don't use just 1 as in TCP DNS more packets could be returned (e.g. ACK). */
-          flow->max_extra_packets_to_check = 5;
-          flow->extra_packets_func = search_dns_again;
+      if(is_query) {
+        if(ndpi_struct->cfg.dns_parse_response_enabled) {
+          /* We have never triggered extra-dissection for LLMNR. Keep the old behavior */
+          if(ret.proto.master_protocol != NDPI_PROTOCOL_LLMNR) {
+            /* Don't use just 1 as in TCP DNS more packets could be returned (e.g. ACK). */
+            flow->max_extra_packets_to_check = 5;
+            flow->extra_packets_func = search_dns_again;
+          }
 	}
       }
-      return; /* The response will set the verdict */
     }
+    if(is_query)
+      return;
 
     if(strlen(flow->host_server_name) > 0)
 
@@ -865,21 +858,6 @@ static void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, st
 		  flow->protos.dns.reply_code, flow->protos.dns.rsp_type, flow->host_server_name
 		  );
 #endif
-
-    if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) {
-      /**
-	 Do not set the protocol with DNS if ndpi_match_host_subprotocol() has
-	 matched a subprotocol
-      **/
-      NDPI_LOG_INFO(ndpi_struct, "found DNS\n");
-      ndpi_set_detected_protocol(ndpi_struct, flow, ret.proto.app_protocol, ret.proto.master_protocol, NDPI_CONFIDENCE_DPI);
-    } else {
-      if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_DNS)
-	 || (flow->detected_protocol_stack[1] == NDPI_PROTOCOL_DNS))
-	;
-      else
-	NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
-    }
   }
 
   if(flow->packet_counter > 3)
diff --git a/tests/cfgs/default/pcap/dns_retransmissions.pcap b/tests/cfgs/default/pcap/dns_retransmissions.pcap
new file mode 100644
index 000000000..193846044
Binary files /dev/null and b/tests/cfgs/default/pcap/dns_retransmissions.pcap differ
diff --git a/tests/cfgs/default/result/dns_retransmissions.pcap.out b/tests/cfgs/default/result/dns_retransmissions.pcap.out
new file mode 100644
index 000000000..efd91d0b8
--- /dev/null
+++ b/tests/cfgs/default/result/dns_retransmissions.pcap.out
@@ -0,0 +1,27 @@
+DPI Packets (UDP):	3	(3.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    1/0/0 (insert/search/found)
+Automa host:          3/3 (search/found)
+Automa domain:        3/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        1/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   1/1 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+DNS	4	450	1
+
+Acceptable                       4 450           1            
+
+	1	UDP 37.41.101.140:11892 <-> 208.67.222.222:53 [VLAN: 103][proto: 5/DNS][IP: 225/OpenDNS][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/150 bytes <-> 2 pkts/300 bytes][Goodput ratio: 38/69][0.20 sec][Hostname/SNI: api.msn.com][204.79.197.203][DNS Id: 0xb8e2][PLAIN TEXT (msedge)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
index e2d0b6ab1..cd0758067 100644
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@@ -17,7 +17,7 @@ LRU cache fpc_dns:    0/63/0 (insert/search/found)
 Automa host:          244/0 (search/found)
 Automa domain:        237/0 (search/found)
 Automa tls cert:      0/0 (search/found)
-Automa risk mask:     127/0 (search/found)
+Automa risk mask:     128/0 (search/found)
 Automa common alpns:  0/0 (search/found)
 Patricia risk mask:   374/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
diff --git a/tests/cfgs/dns_sub_enable/config.txt b/tests/cfgs/dns_sub_enable/config.txt
new file mode 100644
index 000000000..76280fbb3
--- /dev/null
+++ b/tests/cfgs/dns_sub_enable/config.txt
@@ -0,0 +1 @@
+--cfg=dns,subclassification,1
diff --git a/tests/cfgs/dns_sub_enable/pcap/dns.pcap b/tests/cfgs/dns_sub_enable/pcap/dns.pcap
new file mode 120000
index 000000000..aea7db12b
--- /dev/null
+++ b/tests/cfgs/dns_sub_enable/pcap/dns.pcap
@@ -0,0 +1 @@
+../../default/pcap/dns.pcap
\ No newline at end of file
diff --git a/tests/cfgs/dns_sub_enable/pcap/dns2.pcap b/tests/cfgs/dns_sub_enable/pcap/dns2.pcap
new file mode 120000
index 000000000..ad76a4ee9
--- /dev/null
+++ b/tests/cfgs/dns_sub_enable/pcap/dns2.pcap
@@ -0,0 +1 @@
+../../default/pcap/dns2.pcap
\ No newline at end of file
diff --git a/tests/cfgs/dns_sub_enable/pcap/dns_multiple_transactions_same_flow.pcap b/tests/cfgs/dns_sub_enable/pcap/dns_multiple_transactions_same_flow.pcap
new file mode 120000
index 000000000..1b27fbb3b
--- /dev/null
+++ b/tests/cfgs/dns_sub_enable/pcap/dns_multiple_transactions_same_flow.pcap
@@ -0,0 +1 @@
+../../default/pcap/dns_multiple_transactions_same_flow.pcap
\ No newline at end of file
diff --git a/tests/cfgs/dns_sub_enable/pcap/dns_retransmissions.pcap b/tests/cfgs/dns_sub_enable/pcap/dns_retransmissions.pcap
new file mode 120000
index 000000000..0f1975f5b
--- /dev/null
+++ b/tests/cfgs/dns_sub_enable/pcap/dns_retransmissions.pcap
@@ -0,0 +1 @@
+../../default/pcap/dns_retransmissions.pcap
\ No newline at end of file
diff --git a/tests/cfgs/dns_sub_enable/result/dns.pcap.out b/tests/cfgs/dns_sub_enable/result/dns.pcap.out
new file mode 100644
index 000000000..eb066950c
--- /dev/null
+++ b/tests/cfgs/dns_sub_enable/result/dns.pcap.out
@@ -0,0 +1,29 @@
+DPI Packets (UDP):	3	(1.50 pkts/flow)
+Confidence DPI              : 2 (flows)
+Num dissector calls: 2 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    1/0/0 (insert/search/found)
+Automa host:          3/3 (search/found)
+Automa domain:        3/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     2/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   4/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        1/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Google	3	226	1
+WhatsApp	2	310	1
+
+Acceptable                       5 536           2            
+
+	1	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.142/DNS.WhatsApp, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.l.google.com][0.0.0.0][DNS Id: 0xdca2][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_sub_enable/result/dns2.pcap.out b/tests/cfgs/dns_sub_enable/result/dns2.pcap.out
new file mode 100644
index 000000000..fca56be89
--- /dev/null
+++ b/tests/cfgs/dns_sub_enable/result/dns2.pcap.out
@@ -0,0 +1,27 @@
+DPI Packets (UDP):	3	(3.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/0/0 (insert/search/found)
+Automa host:          3/3 (search/found)
+Automa domain:        3/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   1/1 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Github	4	405	1
+
+Acceptable                       4 405           1            
+
+	1	UDP 192.168.255.251:56550 <-> 8.8.8.8:53 [proto: 5.203/DNS.Github][IP: 126/Google][ClearText][Confidence: DPI][FPC: 5.203/DNS.Github, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/148 bytes <-> 2 pkts/257 bytes][Goodput ratio: 43/67][0.03 sec][Hostname/SNI: www.github.com][0.0.0.0][DNS Id: 0xeaef][PLAIN TEXT (github)][Plen Bins: 0,75,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_sub_enable/result/dns_multiple_transactions_same_flow.pcap.out b/tests/cfgs/dns_sub_enable/result/dns_multiple_transactions_same_flow.pcap.out
new file mode 100644
index 000000000..e9b7cfc77
--- /dev/null
+++ b/tests/cfgs/dns_sub_enable/result/dns_multiple_transactions_same_flow.pcap.out
@@ -0,0 +1,27 @@
+DPI Packets (UDP):	2	(2.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    1/0/0 (insert/search/found)
+Automa host:          2/2 (search/found)
+Automa domain:        2/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Google	80	10969	1
+
+Acceptable                      80 10969         1            
+
+	1	UDP 192.168.1.204:50234 <-> 192.168.1.253:53 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 2][cat: Network/14][40 pkts/3152 bytes <-> 40 pkts/7817 bytes][Goodput ratio: 47/78][403.67 sec][Hostname/SNI: www.google.com][142.251.209.36][DNS Id: 0x1655][bytes ratio: -0.425 (Download)][IAT c2s/s2c min/avg/max/stddev: 23/9 11635/11637 110617/110608 23370/23370][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 79/195 94/356 9/104][PLAIN TEXT (google)][Plen Bins: 27,36,6,8,0,1,5,2,6,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_sub_enable/result/dns_retransmissions.pcap.out b/tests/cfgs/dns_sub_enable/result/dns_retransmissions.pcap.out
new file mode 100644
index 000000000..fffa41ff8
--- /dev/null
+++ b/tests/cfgs/dns_sub_enable/result/dns_retransmissions.pcap.out
@@ -0,0 +1,27 @@
+DPI Packets (UDP):	3	(3.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    1/0/0 (insert/search/found)
+Automa host:          3/3 (search/found)
+Automa domain:        3/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        1/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   1/1 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Microsoft	4	450	1
+
+Safe                             4 450           1            
+
+	1	UDP 37.41.101.140:11892 <-> 208.67.222.222:53 [VLAN: 103][proto: 5.212/DNS.Microsoft][IP: 225/OpenDNS][ClearText][Confidence: DPI][FPC: 5.212/DNS.Microsoft, Confidence: DPI][DPI packets: 3][cat: Network/14][2 pkts/150 bytes <-> 2 pkts/300 bytes][Goodput ratio: 38/69][0.20 sec][Hostname/SNI: api.msn.com][204.79.197.203][DNS Id: 0xb8e2][PLAIN TEXT (msedge)][Plen Bins: 50,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/dns_subclassification_enable/config.txt b/tests/cfgs/dns_subclassification_enable/config.txt
deleted file mode 100644
index 76280fbb3..000000000
--- a/tests/cfgs/dns_subclassification_enable/config.txt
+++ /dev/null
@@ -1 +0,0 @@
---cfg=dns,subclassification,1
diff --git a/tests/cfgs/dns_subclassification_enable/pcap/dns.pcap b/tests/cfgs/dns_subclassification_enable/pcap/dns.pcap
deleted file mode 120000
index aea7db12b..000000000
--- a/tests/cfgs/dns_subclassification_enable/pcap/dns.pcap
+++ /dev/null
@@ -1 +0,0 @@
-../../default/pcap/dns.pcap
\ No newline at end of file
diff --git a/tests/cfgs/dns_subclassification_enable/result/dns.pcap.out b/tests/cfgs/dns_subclassification_enable/result/dns.pcap.out
deleted file mode 100644
index 58245839a..000000000
--- a/tests/cfgs/dns_subclassification_enable/result/dns.pcap.out
+++ /dev/null
@@ -1,29 +0,0 @@
-DPI Packets (UDP):	3	(1.50 pkts/flow)
-Confidence DPI              : 2 (flows)
-Num dissector calls: 2 (1.00 diss/flow)
-LRU cache ookla:      0/0/0 (insert/search/found)
-LRU cache bittorrent: 0/0/0 (insert/search/found)
-LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/0/0 (insert/search/found)
-LRU cache msteams:    0/0/0 (insert/search/found)
-LRU cache fpc_dns:    1/0/0 (insert/search/found)
-Automa host:          3/3 (search/found)
-Automa domain:        3/0 (search/found)
-Automa tls cert:      0/0 (search/found)
-Automa risk mask:     1/0 (search/found)
-Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   2/0 (search/found)
-Patricia risk mask IPv6: 0/0 (search/found)
-Patricia risk:        1/0 (search/found)
-Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   4/0 (search/found)
-Patricia protocols IPv6: 0/0 (search/found)
-
-Google	3	226	1
-WhatsApp	2	310	1
-
-Acceptable                       5 536           2            
-
-	1	UDP 82.178.113.245:47255 <-> 82.178.158.181:53 [VLAN: 785][proto: 5.142/DNS.WhatsApp][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.142/DNS.WhatsApp, Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/91 bytes <-> 1 pkts/219 bytes][Goodput ratio: 36/73][0.00 sec][Hostname/SNI: e7.whatsapp.net][169.45.219.235][DNS Id: 0x7843][PLAIN TEXT (whatsapp)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 192.168.170.20:53 <-> 192.168.170.8:32795 [proto: 5.126/DNS.Google][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5.126/DNS.Google, Confidence: DPI][DPI packets: 1][cat: Network/14][2 pkts/151 bytes <-> 1 pkts/75 bytes][Goodput ratio: 44/43][41.07 sec][Hostname/SNI: www.l.google.com][0.0.0.0][DNS Id: 0xdca2][PLAIN TEXT (google)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-- 
cgit v1.2.3