Reset `Unidirectional Traffc` risk if packets from both directions processed.1.6rc2

* Fixed risk hash value calculation, which was only done lower 32 bits. * Reduced default reader threads count to two if cross compiling. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2023-11-08 01:27:42 +0100
committer: Toni Uhlig <matzeton@googlemail.com> 2023-11-08 01:27:42 +0100
commit: d80ea84d2ebebe29761f3727fbc5295ba3cb81b8 (patch)
tree: 036fa1f3a19cdd9e03b9119cecd0e0386cb9bf86 /test/results/default/dtls_mid_sessions.pcapng.out
parent: b1e679b0bbc4e2c33db12dde598c35c8bf680490 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/test/results/default/dtls_mid_sessions.pcapng.out b/test/results/default/dtls_mid_sessions.pcapng.out
index 0070a238a..664c887ab 100644
--- a/test/results/default/dtls_mid_sessions.pcapng.out
+++ b/test/results/default/dtls_mid_sessions.pcapng.out
@@ -24,10 +24,10 @@
 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1644251733036484,"flow_dst_last_pkt_time":1644251732899743,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1644251733036484,"pkt":"AAAAAAAAAAwAL85GCABFAACskrIAAD8R19+ql2nXSGaz2gG79VsAmK\/7F\/79AAEAAAAB\/fQAg13h0hdGzu1WNO2vU\/IbgHdYF0RFMS34pXUQgZKyQWeJANVsXGZq+9MFiIsKjl3D7HT8luq5HJMe4S4Zb3zMPZ6zO4gT5DOoVt7Is6ObHtcjGB0kUDwHIjrh3nhApNylKNWwtoR5rdprjwF7EWz\/b9mEcMLFaMAE3VniOUA3LqrIzirj"}
 01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1644251733036484,"flow_dst_last_pkt_time":1644251733058590,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_usec":1644251733058590,"pkt":"AAAAAAAAAA0A4CzfCABFAAGAWbIAAHsR1AtIZrPaqpdp1\/VbAbsBbFqmF\/79AAEAAAABzVEBV8DAOt7ZNYaeWnHuKbwObmRZ911l4tn+QvzW\/oTAWn37XdUdWm63zok+tVRR2FHN3x13EJy\/Y5jYPvwqv1DPuZvklY3NsJV9nQ9r+lSQ3oRnoUsH4MzEnMM4JviD6hW4jZczhAw3TC9ZPVIwsubyqA1E6D\/RXZzpLcDm6drGFcnKFijBqruCklDgbxzWJOM\/\/zkn7VaR4Zzd4LFz0eH2QnhoH+w\/33BqKsQVgJC1zYYeu75I00OYw1zkybGkEelHv9Egx2R3eQq1O+9caF3yVfkR6iUZyW4aglB5Z8wm2Wrd3L85ok8jfgrTSV4FBVG69N4vgd4iF2No5A+newpdeYKpEH2mLvkOiHtl0yTz69vX2fY2QDnD4IDOoonsRuiXl52nZAJXURJIzmjVMmiU4YaOFQ+tXIhrsjaTXNmGPgtJGB995viERtOzIOCVL0O1zvdiaspJ31w="}
 01594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1644251733036484,"flow_dst_last_pkt_time":1644251733060599,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":833,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":833,"pkt_l4_len":799,"thread_ts_usec":1644251733060599,"pkt":"AAAAAAAAAA0A4CzfCABFAAMzWbMAAHsR0ldIZrPaqpdp1\/VbAbsDH7kfF\/79AAEAAAABzVIDCsDAOt7ZNYaf74tXS+EnKCQOyALDwpiJpzI2+73GTNe+up0E4fqjwA00DQbVZvVXxJKterZ5HieslAl5HJMPEYWKSu0T+7MbPh2WTT0Xgvz4rcYCcc9elDQ151iTbSPSOHa62+qJpHurADmKvXIm0M\/KB\/HfSCVbNHFLH1IBU5csUYrxvMJypB\/DiyvWyYpC0wjUscL9UdrxKdxstgjtBIRwysMSozA7ChdQZljqSWfipWndwUjJnIM0BlQm4K7HDxYW5TLa5yMpie1T1gVBJzoa9s2AF5f1yTHBvC1BRgQNaql+az8aV4rDU6E\/iYHdpchHIzrVphlCDFBl1QmOWUYRucVx5gpNMlDJyQTNO1T+Z2TJvBzIKsljqm1erDMjYQs8Ti0dNvck+FTDFym3whMIMFqEwPmOc5JmNBawaIA4bUyWxPpQkalEWrOmwVpCwFE5XibmyB83XYDkKK7zINNWS8jGm3TOtPv5t+S+T0eVKfiMgclQNxzPEAXwTHodQesVHkaf9wF7V1FZUBBePgbA+ABybBnVA4xQo7AdDzUmVD74XuNlx4eHsVWuvUDyDFUSdhjdJ9K3cPAKBORE8VFlMAFOptFdEnKexjoY2k8uLInMqjaTa2jlV1TiACZLOt\/VbHpOm4WO4js5ibzB8wP7ttElutj9NqtzeyIjGZDRXUCEokkLk2nMEj\/FzTsOPkXFjhNYIi2DfPLyPAuBEU65ruMHyj8VWL4C4\/GVmFrja\/+fpQ+cn7tKiN0pKm00IrR8GqJHAgxTP2rASR6rDdRXO+tfd13gJhG\/1goafrWVdU7lR7QViDbQqprSg\/BDFeYxpwiO9CkyjtKuj7860w8s0RGouPmGaaYweEAGRnNZNMnwRAQ\/6DbMPZTse0XzekvjbymkU5a4ng5m5noSkoHCTWksQkxkXxhyTr7gKN7UHp59ChAxQ4SygzUOfT88ZQQML9F2GkyLctB6x9FYJv\/CktvQlTXZ7FR7dtTrwShZ\/e+1QjVzZN3tVtgxJPErKSVx8fMxPgr7NBM="}
-01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1644251732795618,"flow_src_last_pkt_time":1644251733063123,"flow_dst_last_pkt_time":1644251732795618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":78,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1339,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7981,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1644251732819831,"flow_src_last_pkt_time":1644251733371724,"flow_dst_last_pkt_time":1644251733286733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":15606,"flow_dst_tot_l4_payload_len":1540,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1644251732859305,"flow_src_last_pkt_time":1644251736135259,"flow_dst_last_pkt_time":1644251736133006,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":791,"flow_src_tot_l4_payload_len":5737,"flow_dst_tot_l4_payload_len":3089,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1644251732795618,"flow_src_last_pkt_time":1644251733063123,"flow_dst_last_pkt_time":1644251732795618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":78,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1339,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7981,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"135.215.56.198","dst_ip":"124.73.140.89","src_port":443,"dst_port":61189,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1644251732819831,"flow_src_last_pkt_time":1644251733371724,"flow_dst_last_pkt_time":1644251733286733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":15606,"flow_dst_tot_l4_payload_len":1540,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1644251732859305,"flow_src_last_pkt_time":1644251736135259,"flow_dst_last_pkt_time":1644251736133006,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":791,"flow_src_tot_l4_payload_len":5737,"flow_dst_tot_l4_payload_len":3089,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
 00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":91,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1644251736135259}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 91/91
author	Toni Uhlig <matzeton@googlemail.com>	2023-11-08 01:27:42 +0100
committer	Toni Uhlig <matzeton@googlemail.com>	2023-11-08 01:27:42 +0100
commit	d80ea84d2ebebe29761f3727fbc5295ba3cb81b8 (patch)
tree	036fa1f3a19cdd9e03b9119cecd0e0386cb9bf86 /test/results/default/dtls_mid_sessions.pcapng.out
parent	b1e679b0bbc4e2c33db12dde598c35c8bf680490 (diff)