Reset `Unidirectional Traffc` risk if packets from both directions processed.1.6rc2

* Fixed risk hash value calculation, which was only done lower 32 bits. * Reduced default reader threads count to two if cross compiling. Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2023-11-08 01:27:42 +0100
committer: Toni Uhlig <matzeton@googlemail.com> 2023-11-08 01:27:42 +0100
commit: d80ea84d2ebebe29761f3727fbc5295ba3cb81b8 (patch)
tree: 036fa1f3a19cdd9e03b9119cecd0e0386cb9bf86 /test/results/default/tls_unidirectional.pcap.out
parent: b1e679b0bbc4e2c33db12dde598c35c8bf680490 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/test/results/default/tls_unidirectional.pcap.out b/test/results/default/tls_unidirectional.pcap.out
index 12c59c2f5..823bae7b4 100644
--- a/test/results/default/tls_unidirectional.pcap.out
+++ b/test/results/default/tls_unidirectional.pcap.out
@@ -16,8 +16,8 @@
 01601{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549180495,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549180495,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"29b5a018fa5992fe23560c16af0dc9fc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"anydesk\/6.2.0\/linux"}}}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1663090549200799,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549200799,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6lAAEAGlozAqAGAw7WusLyEAbsbAqjK\/y9RDoAQAe1AKgAAAQEICjj2GeyczD4e"}
 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549200840,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549200840,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6pAAEAGlovAqAGAw7WusLyEAbsbAqjK\/y9VRoAQAeU7+gAAAQEICjj2GeyczD4e"}
-00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727919,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090558366747,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090607951443,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727919,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090558366747,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
+01450{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090607951443,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
 00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":12447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1663090607951443}
 ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
 ~~ packets captured/processed: 33/33
author	Toni Uhlig <matzeton@googlemail.com>	2023-11-08 01:27:42 +0100
committer	Toni Uhlig <matzeton@googlemail.com>	2023-11-08 01:27:42 +0100
commit	d80ea84d2ebebe29761f3727fbc5295ba3cb81b8 (patch)
tree	036fa1f3a19cdd9e03b9119cecd0e0386cb9bf86 /test/results/default/tls_unidirectional.pcap.out
parent	b1e679b0bbc4e2c33db12dde598c35c8bf680490 (diff)