From d80ea84d2ebebe29761f3727fbc5295ba3cb81b8 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Wed, 8 Nov 2023 01:27:42 +0100 Subject: Reset `Unidirectional Traffc` risk if packets from both directions processed. * Fixed risk hash value calculation, which was only done lower 32 bits. * Reduced default reader threads count to two if cross compiling. Signed-off-by: Toni Uhlig --- .../results/flow-info/disable_protocols/pluralsight.pcap.out | 12 ++++++------ .../flow-info/disable_protocols/quic-mvfst-27.pcapng.out | 1 - test/results/flow-info/disable_protocols/soap.pcap.out | 3 ++- 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'test/results/flow-info/disable_protocols') diff --git a/test/results/flow-info/disable_protocols/pluralsight.pcap.out b/test/results/flow-info/disable_protocols/pluralsight.pcap.out index 822ff7aec..345e38927 100644 --- a/test/results/flow-info/disable_protocols/pluralsight.pcap.out +++ b/test/results/flow-info/disable_protocols/pluralsight.pcap.out @@ -23,10 +23,10 @@ new: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] detected: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun][zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com] detection-update: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun][zn6qzq6caaucudesr-pluralsight.siteintercept.qualtrics.com] - idle: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] - idle: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] - idle: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] - idle: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] - idle: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] - idle: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] + idle: [.....6] [ip4][..tcp] [..192.168.1.128][44770] -> [.104.17.209.240][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun] + idle: [.....4] [ip4][..tcp] [..192.168.1.128][42618] -> [..18.203.201.56][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun] + idle: [.....5] [ip4][..tcp] [..192.168.1.128][48948] -> [.104.19.162.127][..443] [TLS.Pluralsight][Cloudflare][Streaming][Fun] + idle: [.....2] [ip4][..tcp] [..192.168.1.128][42782] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun] + idle: [.....3] [ip4][..tcp] [..192.168.1.128][42790] -> [..146.75.62.208][..443] [TLS.Pluralsight][Unknown][Streaming][Fun] + idle: [.....1] [ip4][..tcp] [..192.168.1.128][42642] -> [...54.69.188.18][..443] [TLS.Pluralsight][AmazonAWS][Streaming][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/flow-info/disable_protocols/quic-mvfst-27.pcapng.out index b00dff7d0..6572853cc 100644 --- a/test/results/flow-info/disable_protocols/quic-mvfst-27.pcapng.out +++ b/test/results/flow-info/disable_protocols/quic-mvfst-27.pcapng.out @@ -3,5 +3,4 @@ detected: [.....1] [ip4][..udp] [......10.0.2.15][35957] -> [..69.171.250.15][..443] [QUIC.Facebook][Facebook][SocialNetwork][Fun][graph.facebook.com] RISK: Unidirectional Traffic idle: [.....1] [ip4][..udp] [......10.0.2.15][35957] -> [..69.171.250.15][..443] [QUIC.Facebook][Facebook][SocialNetwork][Fun] - RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/disable_protocols/soap.pcap.out b/test/results/flow-info/disable_protocols/soap.pcap.out index e3f42b449..66dd0ad54 100644 --- a/test/results/flow-info/disable_protocols/soap.pcap.out +++ b/test/results/flow-info/disable_protocols/soap.pcap.out @@ -10,7 +10,8 @@ new: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] detected: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] idle: [.....3] [ip4][..tcp] [..185.32.192.30][...80] -> [.85.154.114.113][56028] [SOAP][Unknown][RPC][Acceptable] - idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] + idle: [.....2] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][.4176] [HTTP.SOAP][Unknown][Cloud][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic guessed: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] [HTTP][Unknown][Web][Acceptable][] end: [.....1] [ip4][..tcp] [..192.168.2.100][50100] -> [...23.2.213.165][...80] DAEMON-EVENT: shutdown -- cgit v1.2.3