From 950f209a1736e76ca621a8ffebef9dcd2fa9745d Mon Sep 17 00:00:00 2001
From: Nardi Ivan <nardi.ivan@gmail.com>
Date: Wed, 10 Jan 2024 09:36:18 +0100
Subject: config: HTTP: enable/disable processing of HTTP responses

---
 .../cfgs/http_process_response_disable/config.txt  |  1 +
 .../http_process_response_disable/pcap/http.pcapng |  1 +
 .../pcap/http_asymmetric.pcapng                    |  1 +
 .../result/http.pcapng.out                         | 28 +++++++++++++++++++++
 .../result/http_asymmetric.pcapng.out              | 29 ++++++++++++++++++++++
 5 files changed, 60 insertions(+)
 create mode 100644 tests/cfgs/http_process_response_disable/config.txt
 create mode 120000 tests/cfgs/http_process_response_disable/pcap/http.pcapng
 create mode 120000 tests/cfgs/http_process_response_disable/pcap/http_asymmetric.pcapng
 create mode 100644 tests/cfgs/http_process_response_disable/result/http.pcapng.out
 create mode 100644 tests/cfgs/http_process_response_disable/result/http_asymmetric.pcapng.out

(limited to 'tests/cfgs/http_process_response_disable')

diff --git a/tests/cfgs/http_process_response_disable/config.txt b/tests/cfgs/http_process_response_disable/config.txt
new file mode 100644
index 000000000..8ca478992
--- /dev/null
+++ b/tests/cfgs/http_process_response_disable/config.txt
@@ -0,0 +1 @@
+--cfg=http,process_response.enable,0
diff --git a/tests/cfgs/http_process_response_disable/pcap/http.pcapng b/tests/cfgs/http_process_response_disable/pcap/http.pcapng
new file mode 120000
index 000000000..9e909a49d
--- /dev/null
+++ b/tests/cfgs/http_process_response_disable/pcap/http.pcapng
@@ -0,0 +1 @@
+../../default/pcap/http.pcapng
\ No newline at end of file
diff --git a/tests/cfgs/http_process_response_disable/pcap/http_asymmetric.pcapng b/tests/cfgs/http_process_response_disable/pcap/http_asymmetric.pcapng
new file mode 120000
index 000000000..1f6c090a0
--- /dev/null
+++ b/tests/cfgs/http_process_response_disable/pcap/http_asymmetric.pcapng
@@ -0,0 +1 @@
+../../default/pcap/http_asymmetric.pcapng
\ No newline at end of file
diff --git a/tests/cfgs/http_process_response_disable/result/http.pcapng.out b/tests/cfgs/http_process_response_disable/result/http.pcapng.out
new file mode 100644
index 000000000..691ee0835
--- /dev/null
+++ b/tests/cfgs/http_process_response_disable/result/http.pcapng.out
@@ -0,0 +1,28 @@
+DPI Packets (TCP):	4	(4.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 15 (15.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          1/1 (search/found)
+Automa domain:        1/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   1/1 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Google	10	1278	1
+
+Acceptable                      10 1278          1            
+
+	1	TCP 192.168.1.128:42170 <-> 216.58.208.142:80 [proto: 7.126/HTTP.Google][IP: 126/Google][ClearText][Confidence: DPI][DPI packets: 4][cat: Web/5][6 pkts/478 bytes <-> 4 pkts/800 bytes][Goodput ratio: 15/66][0.04 sec][Hostname/SNI: google.com][bytes ratio: -0.252 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/7 8/14 28/20 10/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 80/200 140/594 27/227][URL: google.com/][User-Agent: curl/7.68.0][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/http_process_response_disable/result/http_asymmetric.pcapng.out b/tests/cfgs/http_process_response_disable/result/http_asymmetric.pcapng.out
new file mode 100644
index 000000000..df351c7ec
--- /dev/null
+++ b/tests/cfgs/http_process_response_disable/result/http_asymmetric.pcapng.out
@@ -0,0 +1,29 @@
+DPI Packets (TCP):	6	(3.00 pkts/flow)
+Confidence DPI              : 2 (flows)
+Num dissector calls: 30 (15.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          1/0 (search/found)
+Automa domain:        1/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   4/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   4/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+HTTP	23	9961	2
+
+Acceptable                      23 9961          2            
+
+	1	TCP 192.168.1.146:80 -> 192.168.1.103:1044 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][13 pkts/8357 bytes -> 0 pkts/0 bytes][Goodput ratio: 91/0][5.11 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 464/0 5000/0 1435/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/0 643/0 1514/0 626/0][StatusCode: 200][Content-Type: text/html][Server: Apache/2.4.41 (Ubuntu)][Risk: ** HTTP Susp User-Agent **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No client to server traffic / Empty or missing User-Agent][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,14,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,57,0,0]
+	2	TCP 192.168.0.1:1044 -> 10.10.10.1:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 3][cat: Web/5][10 pkts/1604 bytes -> 0 pkts/0 bytes][Goodput ratio: 66/0][5.11 sec][Hostname/SNI: proxy.wiresharkfest.acropolis.local][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 567/0 4951/0 1550/0][Pkt Len c2s/s2c min/avg/max/stddev: 54/0 160/0 418/0 160/0][URL: proxy.wiresharkfest.acropolis.local/][User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,66,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-- 
cgit v1.2.3