Reworked layer 4 flow length naming/calculation.

* nDPIsrvd services usually do not care about layer4 data length, payload length is quite more essential for further processing Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2021-05-20 14:55:05 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2021-05-20 14:55:05 +0200
commit: 9a1c2d0ea731724edfaca97195c87569e4321681 (patch)
tree: d1371082f38a429a2c491ef918ed2a963936bc9a /test/results/6in4tunnel.pcap.out
parent: db39772aa7b10ee6fb9e21db8f44c0f5fca7a1d2 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/test/results/6in4tunnel.pcap.out b/test/results/6in4tunnel.pcap.out
index 8921a6b08..0a1f99af4 100644
--- a/test/results/6in4tunnel.pcap.out
+++ b/test/results/6in4tunnel.pcap.out
@@ -1,5 +1,5 @@
 00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1444236893450,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
+00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1444236893450,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
 00528{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236893,"pkt_ts_usec":450580,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
 00527{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236893,"pkt_ts_usec":555356,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
 00611{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236894,"pkt_ts_usec":230722,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"ACKQ3jvZAAAkzoE0CABFAAC6tdFAAP8pFqmuA0kYuGn\/GmAAAAAAfjpAIAEEcB8WAT8AAAAAAAAAAiYEqIAAAQAgAAAAAAIksAEBA9KAAAAAAGAAAAAATgY2JgSogAABACAAAAAAAiSwASABBHAfFwE\/JaMykhb5LOAD4exLUvt9fRlwFpiAGABJEPkAAAEBCAq0MT0ACHX6xhcDAwApoxPniAjxmmXGKxqxVV6nOvla9FPS7Dtl2rRDlmVhpOKK9OFyB\/XihP8="}
@@ -15,6 +15,6 @@
 00529{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236898,"pkt_ts_usec":563922,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xltAAPgpDV24af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAGyeXY8BX2JOFVYAAAAAFvgGAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
 00530{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236899,"pkt_ts_usec":458727,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8uBRAAP8pFKSuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAO2XXY8BYGNOFVYAAAAAlf0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
 00529{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236899,"pkt_ts_usec":563862,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlxAAPgpDVy4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAOyXXY8BYGNOFVYAAAAAlf0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
-00477{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_tot_l4_data_len":35975,"flow_min_l4_data_len":72,"flow_max_l4_data_len":1877,"flow_avg_l4_data_len":283,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_tot_l4_data_len":35975,"flow_min_l4_data_len":72,"flow_max_l4_data_len":1877,"flow_avg_l4_data_len":283,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00465{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
 00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test"}
author	Toni Uhlig <matzeton@googlemail.com>	2021-05-20 14:55:05 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2021-05-20 14:55:05 +0200
commit	9a1c2d0ea731724edfaca97195c87569e4321681 (patch)
tree	d1371082f38a429a2c491ef918ed2a963936bc9a /test/results/6in4tunnel.pcap.out
parent	db39772aa7b10ee6fb9e21db8f44c0f5fca7a1d2 (diff)