Add support for Epic Games and GeForceNow/Nvidia

ntop · May 26, 2023 · 1fdc42b · 1fdc42b
1 parent 334b435
commit 1fdc42b
Show file tree

Hide file tree

Showing 76 changed files with 374 additions and 63 deletions.
diff --git a/doc/protocols.rst b/doc/protocols.rst
@@ -8,7 +8,7 @@ Work in progress!
 .. _Proto 338:
 
 `NDPI_PROTOCOL_SRTP`: SRTP (Secure Real-time Transport Protocol)
-==============================================================
+================================================================
 The Secure Real-time Transport Protocol (SRTP) is a profile for Real-time Transport Protocol (RTP) intended to provide encryption, message authentication, integrity, and replay attack protection to the RTP data.
 
 References: `RFC3711 <https://datatracker.ietf.org/doc/html/rfc3711>`_.
@@ -17,3 +17,30 @@ Notes:
 
 - You can think of SRTP simply as the "encrypted" version of RTP, something like HTTPS vs HTTP;
 - It is not usually possible to tell RTP from SRTP. nDPI generally uses the former and it uses the latter only when it is really sure that the media stream has been encrypted.
+
+
+.. _Proto 340:
+
+`NDPI_PROTOCOL_EPICGAMES`
+=========================
+Epic Games is a video game company developing the Unreal Engine and some successful games as Fortnite and Gears of War.
+
+References: `Main site <https://store.epicgames.com/en-US/>`_ `Fortnite <https://www.fortnite.com/>`_.
+
+
+.. _Proto 341:
+
+`NDPI_PROTOCOL_GEFORCENOW`
+==========================
+GeForce Now is the brand used by Nvidia for its cloud gaming service.
+
+References: `Main site <https://www.nvidia.com/en-us/geforce-now/>`_.
+
+
+.. _Proto 342:
+
+`NDPI_PROTOCOL_NVIDIA`
+======================
+Generic web traffic from Nvidia sites.
+
+References: `Main site <https://www.nvidia.com>`_.
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
@@ -368,6 +368,9 @@ typedef enum {
   NDPI_PROTOCOL_FACEBOOK_REEL_STORY   = 337,
   NDPI_PROTOCOL_SRTP                  = 338,
   NDPI_PROTOCOL_GAMBLING              = 339,
+  NDPI_PROTOCOL_EPICGAMES             = 340,
+  NDPI_PROTOCOL_GEFORCENOW            = 341,
+  NDPI_PROTOCOL_NVIDIA                = 342,
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"

diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h
@@ -241,6 +241,7 @@ void init_tailscale_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 void init_source_engine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_bacnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
+void init_epicgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 
 /* ndpi_main.c */
 extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port);

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
@@ -822,6 +822,10 @@ struct ndpi_flow_udp_struct {
   /* NDPI_PROTOCOL_QUIC */
   u_int32_t quic_0rtt_found:1;
 
+  /* NDPI_PROTOCOL_EPICGAMES */
+  u_int32_t epicgames_stage:1;
+  u_int32_t epicgames_word;
+
   /* NDPI_PROTOCOL_SKYPE */
   u_int8_t skype_crc[4];
 

diff --git a/src/lib/inc_generated/ndpi_asn_epicgames.c.inc b/src/lib/inc_generated/ndpi_asn_epicgames.c.inc
@@ -0,0 +1,31 @@
+/*
+ *
+ * This file is generated automatically and part of nDPI
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/* ****************************************************** */
+
+
+static ndpi_network ndpi_protocol_epicgames_protocol_list[] = {
+ { 0x944E7000 /* 148.78.112.0/23 */, 23, NDPI_PROTOCOL_EPICGAMES },
+ { 0x944E7200 /* 148.78.114.0/24 */, 24, NDPI_PROTOCOL_EPICGAMES },
+ { 0x944E7900 /* 148.78.121.0/24 */, 24, NDPI_PROTOCOL_EPICGAMES },
+ { 0x944E7A00 /* 148.78.122.0/24 */, 24, NDPI_PROTOCOL_EPICGAMES },
+ { 0xC7FF2800 /* 199.255.40.0/22 */, 22, NDPI_PROTOCOL_EPICGAMES },
+ /* End */
+ { 0x0, 0, 0 }
+};
diff --git a/src/lib/inc_generated/ndpi_asn_nvidia.c.inc b/src/lib/inc_generated/ndpi_asn_nvidia.c.inc
@@ -0,0 +1,59 @@
+/*
+ *
+ * This file is generated automatically and part of nDPI
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/* ****************************************************** */
+
+
+static ndpi_network ndpi_protocol_nvidia_protocol_list[] = {
+ { 0x081A9200 /* 8.26.146.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x081CE500 /* 8.28.229.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x08247000 /* 8.36.112.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x08247800 /* 8.36.120.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x082C3300 /* 8.44.51.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x082C3400 /* 8.44.52.0/22 */, 22, NDPI_PROTOCOL_NVIDIA },
+ { 0x082F4300 /* 8.47.67.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x18330000 /* 24.51.0.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x18330200 /* 24.51.2.0/23 */, 23, NDPI_PROTOCOL_NVIDIA },
+ { 0x18330400 /* 24.51.4.0/22 */, 22, NDPI_PROTOCOL_NVIDIA },
+ { 0x18330800 /* 24.51.8.0/21 */, 21, NDPI_PROTOCOL_NVIDIA },
+ { 0x18331000 /* 24.51.16.0/20 */, 20, NDPI_PROTOCOL_NVIDIA },
+ { 0x25BA6F00 /* 37.186.111.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x42168000 /* 66.22.128.0/21 */, 21, NDPI_PROTOCOL_NVIDIA },
+ { 0x42168800 /* 66.22.136.0/22 */, 22, NDPI_PROTOCOL_NVIDIA },
+ { 0x42168C00 /* 66.22.140.0/23 */, 23, NDPI_PROTOCOL_NVIDIA },
+ { 0x48194000 /* 72.25.64.0/23 */, 23, NDPI_PROTOCOL_NVIDIA },
+ { 0x48194200 /* 72.25.66.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x48194400 /* 72.25.68.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x4D6FF900 /* 77.111.249.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x4D6FFB00 /* 77.111.251.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x5054A000 /* 80.84.160.0/20 */, 20, NDPI_PROTOCOL_NVIDIA },
+ { 0x551D0E00 /* 85.29.14.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x551D1200 /* 85.29.18.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x59F8ED00 /* 89.248.237.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x6706D300 /* 103.6.211.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x70D98000 /* 112.217.128.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0x79C82D00 /* 121.200.45.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0xB9884400 /* 185.136.68.0/22 */, 22, NDPI_PROTOCOL_NVIDIA },
+ { 0xC1F63300 /* 193.246.51.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0xD8E47000 /* 216.228.112.0/20 */, 20, NDPI_PROTOCOL_NVIDIA },
+ { 0xD9C7D100 /* 217.199.209.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ { 0xD9C7DE00 /* 217.199.222.0/24 */, 24, NDPI_PROTOCOL_NVIDIA },
+ /* End */
+ { 0x0, 0, 0 }
+};
diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc
@@ -1368,6 +1368,25 @@ static ndpi_protocol_match host_match[] =
    { "pvp.net",                          "RiotGames", NDPI_PROTOCOL_RIOTGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
    { "riotcdn.net",                      "RiotGames", NDPI_PROTOCOL_RIOTGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
 
+   { "epicgames.com",                    "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "unrealengine.com",                 "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "fortnite.com",                     "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "fortnite-vod.akamaized.net",       "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "epicgames.net",                    "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "epicgames.dev",                    "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+
+   { "nvidiagrid.net",                   "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "gfe.nvidia.com",                   "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "geforcenow.com",                   "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "geforce.com",                      "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "kaizen.nvidia.com",                "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "dtrace.nvidia.com",                "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "nvgs.nvidia.com",                  "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "gx.nvidia.com",                    "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+   { "userstore.nvidia.com",             "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL},
+
+   { "nvidia.com",                       "Nvidia", NDPI_PROTOCOL_NVIDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL},
+
    /*
       ADS/tracking/analytic
     */

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
@@ -107,6 +107,8 @@
 #include "inc_generated/ndpi_asn_yandex_cloud.c.inc"
 #include "inc_generated/ndpi_asn_disney_plus.c.inc"
 #include "inc_generated/ndpi_asn_hulu.c.inc"
+#include "inc_generated/ndpi_asn_epicgames.c.inc"
+#include "inc_generated/ndpi_asn_nvidia.c.inc"
 
 /* Third party libraries */
 #include "third_party/include/ndpi_patricia.h"
@@ -2835,6 +2837,8 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
       ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_yandex_cloud_protocol_list);
       ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_disneyplus_protocol_list);
       ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_hulu_protocol_list);
+      ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_epicgames_protocol_list);
+      ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_nvidia_protocol_list);
     }
 
     if(prefs & ndpi_track_flow_payload)
@@ -4942,6 +4946,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
   /* Heroes of the Storm */
   init_hots_dissector(ndpi_str, &a);
 
+  /* EpicGames */
+  init_epicgames_dissector(ndpi_str, &a);
+
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main_init.c"
 #endif

diff --git a/src/lib/protocols/epicgames.c b/src/lib/protocols/epicgames.c
@@ -0,0 +1,87 @@
+/*
+ * epicgames.c
+ *
+ * Copyright (C) 2023 - ntop.org
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+#include "ndpi_protocol_ids.h"
+
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EPICGAMES
+
+#include "ndpi_api.h"
+
+static void ndpi_int_epicgames_add_connection(struct ndpi_detection_module_struct * const ndpi_struct,
+                                              struct ndpi_flow_struct * const flow)
+{
+  NDPI_LOG_INFO(ndpi_struct, "found EpicGames\n");
+  ndpi_set_detected_protocol(ndpi_struct, flow,
+                             NDPI_PROTOCOL_UNKNOWN,
+                             NDPI_PROTOCOL_EPICGAMES,
+                             NDPI_CONFIDENCE_DPI);
+}
+
+static void ndpi_search_epicgames(struct ndpi_detection_module_struct *ndpi_struct,
+                                  struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
+
+  NDPI_LOG_DBG(ndpi_struct, "searching EpicGames (stage %d dir %d)\n",
+               flow->l4.udp.epicgames_stage, packet->packet_direction);
+
+  if(flow->packet_counter == 1) {
+    if(packet->payload_packet_len >= 34 &&
+       ((ntohl(get_u_int32_t(packet->payload, 0)) & 0x08) == 0) &&
+       get_u_int64_t(packet->payload, 10) == 0 &&
+       get_u_int64_t(packet->payload, 18) == 0 &&
+       get_u_int64_t(packet->payload, 26) == 0) {
+      flow->l4.udp.epicgames_stage = 1 + packet->packet_direction;
+      flow->l4.udp.epicgames_word = ntohl(get_u_int32_t(packet->payload, 0));
+      return;
+    } else {
+      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+      return;
+    }
+  } else if(flow->l4.udp.epicgames_stage == 2 - packet->packet_direction) {
+    if(packet->payload_packet_len > 4 &&
+       (flow->l4.udp.epicgames_word | 0x08) == ntohl(get_u_int32_t(packet->payload, 0))) {
+      ndpi_int_epicgames_add_connection(ndpi_struct, flow);
+      return;
+    } else {
+      NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+      return;
+    }
+  }
+
+  if(flow->packet_counter >= 4) {
+    NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+    return;
+  }
+}
+
+void init_epicgames_dissector(struct ndpi_detection_module_struct *ndpi_struct,
+                              u_int32_t *id)
+{
+  ndpi_set_bitmask_protocol_detection("EpicGames", ndpi_struct, *id,
+                                      NDPI_PROTOCOL_EPICGAMES,
+                                      ndpi_search_epicgames,
+                                      NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD,
+                                      SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+                                      ADD_TO_DETECTION_BITMASK);
+
+  *id += 1;
+}
diff --git a/tests/cfgs/default/pcap/epicgames.pcapng b/tests/cfgs/default/pcap/epicgames.pcapng
diff --git a/tests/cfgs/default/pcap/geforcenow.pcapng b/tests/cfgs/default/pcap/geforcenow.pcapng
diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out
@@ -5,7 +5,7 @@ DPI Packets (UDP):	120	(1.21 pkts/flow)
 Confidence Unknown          : 14 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 177 (flows)
-Num dissector calls: 4414 (22.41 diss/flow)
+Num dissector calls: 4428 (22.48 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/60/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

diff --git a/tests/cfgs/default/result/4in4tunnel.pcap.out b/tests/cfgs/default/result/4in4tunnel.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (UDP):	5	(5.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 174 (174.00 diss/flow)
+Num dissector calls: 175 (175.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

diff --git a/tests/cfgs/default/result/6in6tunnel.pcap.out b/tests/cfgs/default/result/6in6tunnel.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 124 (124.00 diss/flow)
+Num dissector calls: 125 (125.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

diff --git a/tests/cfgs/default/result/EAQ.pcap.out b/tests/cfgs/default/result/EAQ.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	12	(6.00 pkts/flow)
 DPI Packets (UDP):	116	(4.00 pkts/flow)
 Confidence DPI              : 31 (flows)
-Num dissector calls: 4329 (139.65 diss/flow)
+Num dissector calls: 4358 (140.58 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

diff --git a/tests/cfgs/default/result/adult_content.pcap.out b/tests/cfgs/default/result/adult_content.pcap.out
@@ -2,7 +2,7 @@ Guessed flow protos:	0
 
 DPI Packets (UDP):	4	(4.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 144 (144.00 diss/flow)
+Num dissector calls: 145 (145.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 61 (flows)
-Num dissector calls: 851 (12.33 diss/flow)
+Num dissector calls: 852 (12.35 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

diff --git a/tests/cfgs/default/result/collectd.pcap.out b/tests/cfgs/default/result/collectd.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	3
 DPI Packets (UDP):	13	(1.62 pkts/flow)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 399 (49.88 diss/flow)
+Num dissector calls: 402 (50.25 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
@@ -23,5 +23,5 @@ Patricia protocols:   2/2 (search/found)
 CustomProtocolA	3	222	1
 CustomProtocolB	2	148	1
 
-	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.346/TLS.CustomProtocolA][IP: 346/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 347/CustomProtocolB][IP: 347/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.349/TLS.CustomProtocolA][IP: 349/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 350/CustomProtocolB][IP: 350/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out
@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 110 (110.00 diss/flow)
+Num dissector calls: 111 (111.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out
@@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	5	(5.00 pkts/flow)
 DPI Packets (UDP):	60	(1.82 pkts/flow)
 Confidence DPI              : 34 (flows)
-Num dissector calls: 4012 (118.00 diss/flow)
+Num dissector calls: 4039 (118.79 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)