From 0cb951f143285a599a6d831c6fc2b3cb89d6aa67 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Fri, 10 Jan 2025 17:52:51 +0100
Subject: Improved WebSocket-over-HTTP detection

 * detect `chisel` SSH-over-HTTP-WebSocket
 * use `strncasecmp()` for `LINE_*` matching macros

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 tests/cfgs/default/result/malware.pcap.out | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tests/cfgs/default/result/malware.pcap.out')

diff --git a/tests/cfgs/default/result/malware.pcap.out b/tests/cfgs/default/result/malware.pcap.out
index e681e38c0..2f91ce8d3 100644
--- a/tests/cfgs/default/result/malware.pcap.out
+++ b/tests/cfgs/default/result/malware.pcap.out
@@ -5,7 +5,7 @@ DPI Packets (UDP):	2	(2.00 pkts/flow)
 DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 19 (3.17 diss/flow)
+Num dissector calls: 20 (3.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-- 
cgit v1.2.3