bump libnDPI to 92507c014626bc542f2ab11c729742802c0bc345

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2024-09-09 09:29:08 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2024-09-09 09:29:08 +0200
commit: aef9d629f01b66a5e1985f265e9c74fd40542fe1 (patch)
tree: 7ef5f363f149395ee4fe40a893894361da42a846 /test/results/flow-info/stun_extra_dissection
parent: f97b3880b6d6e577bdd197faab25baf139dd9254 (diff)
3 files changed, 116 insertions, 3 deletions
diff --git a/test/results/flow-info/stun_extra_dissection/lru_ipv6_caches.pcapng.out b/test/results/flow-info/stun_extra_dissection/lru_ipv6_caches.pcapng.out
new file mode 100644
index 000000000..f78bd9ee9
--- /dev/null
+++ b/test/results/flow-info/stun_extra_dissection/lru_ipv6_caches.pcapng.out
@@ -0,0 +1,77 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658]
+         detected: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [RTCP][Unknown][VoIP][Acceptable]
+              new: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506]
+         detected: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+              new: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881]
+              new: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881]
+         detected: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port
+              new: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1]
+         detected: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port
+         detected: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+              new: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1]
+         detected: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+              new: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
+         detected: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
+              new: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144]
+         detected: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS][Unknown][Web][Safe]
+                   RISK: Unidirectional Traffic
+ detection-update: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable]
+                   RISK: Unidirectional Traffic
+              new: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150]
+         detected: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable]
+                   RISK: Unidirectional Traffic
+ detection-update: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable]
+                   RISK: Unidirectional Traffic
+ detection-update: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+              new: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192]
+         detected: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable]
+                   RISK: Unidirectional Traffic
+ detection-update: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable]
+                   RISK: Unidirectional Traffic
+              new: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
+         detected: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
+              new: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478]
+         detected: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+ detection-update: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable][]
+                   RISK: Unidirectional Traffic
+             idle: [.....8] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44144] [TLS.Cloudflare][Unknown][Web][Acceptable]
+                   RISK: Unidirectional Traffic
+             idle: [.....9] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44150] [TLS.Cloudflare][Unknown][Web][Acceptable]
+                   RISK: Unidirectional Traffic
+             idle: [....10] [ip6][..tcp] [........................2001:db8:200::1][..443] -> [..........................2001:db8:1::1][44192] [TLS.Cloudflare][Unknown][Web][Acceptable]
+                   RISK: Unidirectional Traffic
+             idle: [.....5] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83][....1] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port
+             idle: [.....2] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27][60506] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+             idle: [.....4] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c][.6881] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+             idle: [.....6] [ip6][..udp] [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] -> [.38b2:46b7:27a4:94c3:c134:948:e069:d71f][....1] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+             idle: [.....7] [ip6][..udp] [2118:ec33:112b:7908:2c80:27ff:fef7:d71f][48415] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Unidirectional Traffic
+             idle: [....11] [ip6][..udp] [.3297:a1af:5121:cfc:360b:2e07:872f:1ea0][43865] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Unidirectional Traffic
+             idle: [.....1] [ip6][..udp] [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] -> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080][45658] [RTCP][Unknown][VoIP][Acceptable]
+             idle: [....12] [ip6][..udp] [.3069:c624:1d42:9469:98b1:67ff:fe43:325][56131] -> [....32fb:f967:681e:e96b:face:b00c::74fd][.3478] [STUN.WhatsAppCall][Unknown][VoIP][Acceptable]
+                   RISK: Unidirectional Traffic
+             idle: [.....3] [ip6][..udp] [.2a2f:8509:1cb2:466d:ecbf:69d6:109c:608][62229] -> [.3991:72d:336e:65ec:c5bf:a5fa:83ad:23de][.6881] [BitTorrent][Unknown][Download][Acceptable]
+                   RISK: Known Proto on Non Std Port, Unidirectional Traffic
+     DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/stun_extra_dissection/stun_dtls_rtp.pcapng.out b/test/results/flow-info/stun_extra_dissection/stun_dtls_rtp.pcapng.out
new file mode 100644
index 000000000..69d1acfc7
--- /dev/null
+++ b/test/results/flow-info/stun_extra_dissection/stun_dtls_rtp.pcapng.out
@@ -0,0 +1,36 @@
+     DAEMON-EVENT: init
+     DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
+              new: [.....1] [ip4][..udp] [.192.168.12.156][37967] -> [..142.250.82.76][19305]
+         detected: [.....1] [ip4][..udp] [.192.168.12.156][37967] -> [..142.250.82.76][19305] [STUN.GoogleCall][Google][VoIP][Acceptable][]
+                   RISK: Known Proto on Non Std Port
+ detection-update: [.....1] [ip4][..udp] [.192.168.12.156][37967] -> [..142.250.82.76][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
+ detection-update: [.....1] [ip4][..udp] [.192.168.12.156][37967] -> [..142.250.82.76][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
+          analyse: [.....1] [ip4][..udp] [.192.168.12.156][37967] -> [..142.250.82.76][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........: <    0.001|     0.258|     0.044|     0.058|         3387.402|    4.000]
+                   [PKTLEN......:     68.000|  1231.000|   221.200|   244.400|        59721.800|    4.400]
+                   [BINS(c->s)..: 0,0,10,5,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 0,1,5,4,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,0,0,0,1,0]
+                   [IATS(ms)....: 23.5,57.2,58.6,110.3,0.4,107.9,0.1,0.0,31.9,33.2,42.6,42.8,84.1,83.2,24.8,0.6,0.4,2.5,24.8,0.1,0.1,34.2,28.1,7.9,22.9,203.2,6.7,19.6,19.9,258.1,19.4]
+                   [PKTLENS.....: 144,128,185,1231,148,573,128,109,598,573,598,109,149,117,141,93,125,121,97,93,97,113,93,68,93,93,127,112,112,128,469,112]
+                   [ENTROPIES...: 6.0,5.8,5.0,7.4,5.9,6.8,5.9,5.7,7.4,6.7,7.4,5.7,6.3,5.9,6.3,5.5,6.0,5.9,5.7,5.4,5.4,5.8,5.5,5.5,5.5,5.5,6.1,6.2,6.3,6.0,7.5,6.2]
+     DAEMON-EVENT: [Processed: 39 pkts][ZLib][compressions: 0|diff: 0 / 0]
+     DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0]
+              new: [.....2] [ip4][..tcp] [.192.168.12.182][50221] -> [.142.250.82.249][.3478]
+         detected: [.....2] [ip4][..tcp] [.192.168.12.182][50221] -> [.142.250.82.249][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable][]
+ detection-update: [.....2] [ip4][..tcp] [.192.168.12.182][50221] -> [.142.250.82.249][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable][turn.l.google.com]
+          analyse: [.....2] [ip4][..tcp] [.192.168.12.182][50221] -> [.142.250.82.249][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable]
+                                         min|       max|       avg|    stddev|         variance|  entropy
+                   [IAT.........:      0.000|     0.509|     0.047|     0.118|        13863.927|    2.800]
+                   [PKTLEN......:     40.000|   696.000|   142.100|   150.700|        22704.000|    4.400]
+                   [BINS(c->s)..: 8,0,0,2,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [BINS(s->c)..: 6,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,0,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1]
+                   [IATS(ms)....: 3.0,4.7,0.3,0.2,5.0,0.0,4.1,4.1,3.9,466.7,509.5,1.2,0.2,46.6,1.1,55.4,53.6,7.4,0.0,8.6,49.7,55.5,0.2,49.0,10.1,51.4,4.5,8.0,5.7,16.6,19.1]
+                   [PKTLENS.....: 52,52,40,40,68,40,120,192,116,40,180,196,148,172,84,40,40,140,204,236,40,172,40,696,40,172,140,648,40,160,40,160]
+                   [ENTROPIES...: 4.8,5.0,4.8,4.8,5.3,4.8,5.8,6.2,5.8,4.8,6.0,6.2,6.0,6.1,5.9,5.0,4.9,6.1,6.2,5.4,5.0,6.1,5.0,6.6,4.9,6.1,6.0,7.4,4.8,6.0,5.0,5.9]
+             idle: [.....1] [ip4][..udp] [.192.168.12.156][37967] -> [..142.250.82.76][19305] [DTLS.GoogleCall][Google][VoIP][Acceptable]
+             idle: [.....2] [ip4][..tcp] [.192.168.12.182][50221] -> [.142.250.82.249][.3478] [STUN.GoogleCall][Google][VoIP][Acceptable]
+     DAEMON-EVENT: shutdown
diff --git a/test/results/flow-info/stun_extra_dissection/stun_zoom.pcapng.out b/test/results/flow-info/stun_extra_dissection/stun_zoom.pcapng.out
index 1c370f3c4..05276f928 100644
--- a/test/results/flow-info/stun_extra_dissection/stun_zoom.pcapng.out
+++ b/test/results/flow-info/stun_extra_dissection/stun_zoom.pcapng.out
@@ -18,7 +18,8 @@
  detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS.Zoom][Zoom][Video][Acceptable]
  detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][]
                    RISK: Known Proto on Non Std Port
-          analyse: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable]
+ detection-update: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
+          analyse: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
                                          min|       max|       avg|    stddev|         variance|  entropy
                    [IAT.........: <    0.001|     0.194|     0.048|     0.051|         2615.352|    4.100]
                    [PKTLEN......:     42.000|  1080.000|   270.100|   313.100|        98043.500|    4.300]
@@ -29,6 +30,5 @@
                    [PKTLENS.....: 184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]
                    [ENTROPIES...: 5.8,5.8,5.8,5.8,5.6,5.8,5.2,5.2,5.9,5.8,5.2,5.7,5.6,5.7,5.9,5.3,4.1,5.7,7.0,7.3,7.3,7.4,7.2,6.1,5.7,5.7,6.1,5.7,6.1,5.4,6.0,4.3]
              idle: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS.Zoom][Zoom][Video][Acceptable]
-             idle: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable]
-                   RISK: Known Proto on Non Std Port
+             idle: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [DTLS][Zoom][Network][Safe]
      DAEMON-EVENT: shutdown
author	Toni Uhlig <matzeton@googlemail.com>	2024-09-09 09:29:08 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2024-09-09 09:29:08 +0200
commit	aef9d629f01b66a5e1985f265e9c74fd40542fe1 (patch)
tree	7ef5f363f149395ee4fe40a893894361da42a846 /test/results/flow-info/stun_extra_dissection
parent	f97b3880b6d6e577bdd197faab25baf139dd9254 (diff)