From 35abafec4fabcb7ad91973e4e9d3c505589e47ca Mon Sep 17 00:00:00 2001
From: Vladimir Gavrilov <105977161+0xA50C1A1@users.noreply.github.com>
Date: Tue, 21 Nov 2023 18:56:01 +0300
Subject: Get rid of Apache Cassandra false positives (#2159)

* Rewrite Apache Cassandra dissector

* Replace memcmp with strncmp

* Add payload length check

* Update Cassandra dissector

* Update test results

---------

Co-authored-by: 0xA50C1A1 <mage.wizard88@gmail.com>
---
 tests/cfgs/default/result/cassandra.pcap.out | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'tests/cfgs/default/result/cassandra.pcap.out')

diff --git a/tests/cfgs/default/result/cassandra.pcap.out b/tests/cfgs/default/result/cassandra.pcap.out
index 86e4701cd..6ae99e33b 100644
--- a/tests/cfgs/default/result/cassandra.pcap.out
+++ b/tests/cfgs/default/result/cassandra.pcap.out
@@ -1,8 +1,8 @@
 Guessed flow protos:	0
 
-DPI Packets (TCP):	18	(9.00 pkts/flow)
+DPI Packets (TCP):	16	(8.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 342 (171.00 diss/flow)
+Num dissector calls: 302 (151.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
@@ -25,5 +25,5 @@ Patricia protocols IPv6: 0/0 (search/found)
 
 Cassandra	286	126016	2
 
-	1	TCP 127.0.0.1:46536 <-> 127.0.0.1:9042 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Database/11][75 pkts/9730 bytes <-> 69 pkts/78014 bytes][Goodput ratio: 49/94][200.04 sec][bytes ratio: -0.778 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3063/2427 32715/30000 8555/7658][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/1131 462/25214 82/4102][PLAIN TEXT (COMPRESSION)][Plen Bins: 8,16,44,9,5,0,6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2]
-	2	TCP 127.0.0.1:46537 <-> 127.0.0.1:9042 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 9][cat: Database/11][74 pkts/9855 bytes <-> 68 pkts/28417 bytes][Goodput ratio: 50/84][200.00 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2835/2737 33012/33012 6521/6804][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/418 399/11512 80/1399][PLAIN TEXT (COMPRESSION)][Plen Bins: 13,13,32,12,5,2,1,6,0,1,1,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,3,0,0,0,1,0,0,0,0,0,1]
+	1	TCP 127.0.0.1:46536 <-> 127.0.0.1:9042 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Database/11][75 pkts/9730 bytes <-> 69 pkts/78014 bytes][Goodput ratio: 49/94][200.04 sec][bytes ratio: -0.778 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 3063/2427 32715/30000 8555/7658][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 130/1131 462/25214 82/4102][PLAIN TEXT (COMPRESSION)][Plen Bins: 8,16,44,9,5,0,6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,2]
+	2	TCP 127.0.0.1:46537 <-> 127.0.0.1:9042 [proto: 264/Cassandra][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 8][cat: Database/11][74 pkts/9855 bytes <-> 68 pkts/28417 bytes][Goodput ratio: 50/84][200.00 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 2835/2737 33012/33012 6521/6804][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 133/418 399/11512 80/1399][PLAIN TEXT (COMPRESSION)][Plen Bins: 13,13,32,12,5,2,1,6,0,1,1,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,3,0,0,0,1,0,0,0,0,0,1]
-- 
cgit v1.2.3