diff --git a/doc/protocols.rst b/doc/protocols.rst index e332361081a..8374653f96e 100644 --- a/doc/protocols.rst +++ b/doc/protocols.rst @@ -8,7 +8,7 @@ Work in progress! .. _Proto 338: `NDPI_PROTOCOL_SRTP`: SRTP (Secure Real-time Transport Protocol) -============================================================== +================================================================ The Secure Real-time Transport Protocol (SRTP) is a profile for Real-time Transport Protocol (RTP) intended to provide encryption, message authentication, integrity, and replay attack protection to the RTP data. References: `RFC3711 `_. @@ -17,3 +17,30 @@ Notes: - You can think of SRTP simply as the "encrypted" version of RTP, something like HTTPS vs HTTP; - It is not usually possible to tell RTP from SRTP. nDPI generally uses the former and it uses the latter only when it is really sure that the media stream has been encrypted. + + +.. _Proto 340: + +`NDPI_PROTOCOL_EPICGAMES` +========================= +Epic Games is a video game company developing the Unreal Engine and some successful games as Fortnite and Gears of War. + +References: `Main site `_ `Fortnite `_. + + +.. _Proto 341: + +`NDPI_PROTOCOL_GEFORCENOW` +========================== +GeForce Now is the brand used by Nvidia for its cloud gaming service. + +References: `Main site `_. + + +.. _Proto 342: + +`NDPI_PROTOCOL_NVIDIA` +====================== +Generic web traffic from Nvidia sites. + +References: `Main site `_. diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 2db04cc0c40..ad59a945ff4 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -368,6 +368,9 @@ typedef enum { NDPI_PROTOCOL_FACEBOOK_REEL_STORY = 337, NDPI_PROTOCOL_SRTP = 338, NDPI_PROTOCOL_GAMBLING = 339, + NDPI_PROTOCOL_EPICGAMES = 340, + NDPI_PROTOCOL_GEFORCENOW = 341, + NDPI_PROTOCOL_NVIDIA = 342, #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h" diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index c9e24783478..a1b98eeeb66 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -241,6 +241,7 @@ void init_tailscale_dissector(struct ndpi_detection_module_struct *ndpi_struct, void init_source_engine_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_bacnet_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); void init_oicq_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); +void init_epicgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id); /* ndpi_main.c */ extern u_int32_t ndpi_ip_port_hash_funct(u_int32_t ip, u_int16_t port); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index efe90da72a2..491de0d7908 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -822,6 +822,10 @@ struct ndpi_flow_udp_struct { /* NDPI_PROTOCOL_QUIC */ u_int32_t quic_0rtt_found:1; + /* NDPI_PROTOCOL_EPICGAMES */ + u_int32_t epicgames_stage:1; + u_int32_t epicgames_word; + /* NDPI_PROTOCOL_SKYPE */ u_int8_t skype_crc[4]; diff --git a/src/lib/inc_generated/ndpi_asn_epicgames.c.inc b/src/lib/inc_generated/ndpi_asn_epicgames.c.inc new file mode 100644 index 00000000000..c4f76d07ace --- /dev/null +++ b/src/lib/inc_generated/ndpi_asn_epicgames.c.inc @@ -0,0 +1,31 @@ +/* + * + * This file is generated automatically and part of nDPI + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +/* ****************************************************** */ + + +static ndpi_network ndpi_protocol_epicgames_protocol_list[] = { + { 0x944E7000 /* 148.78.112.0/23 */, 23, NDPI_PROTOCOL_EPICGAMES }, + { 0x944E7200 /* 148.78.114.0/24 */, 24, NDPI_PROTOCOL_EPICGAMES }, + { 0x944E7900 /* 148.78.121.0/24 */, 24, NDPI_PROTOCOL_EPICGAMES }, + { 0x944E7A00 /* 148.78.122.0/24 */, 24, NDPI_PROTOCOL_EPICGAMES }, + { 0xC7FF2800 /* 199.255.40.0/22 */, 22, NDPI_PROTOCOL_EPICGAMES }, + /* End */ + { 0x0, 0, 0 } +}; diff --git a/src/lib/inc_generated/ndpi_asn_nvidia.c.inc b/src/lib/inc_generated/ndpi_asn_nvidia.c.inc new file mode 100644 index 00000000000..417773eb4f4 --- /dev/null +++ b/src/lib/inc_generated/ndpi_asn_nvidia.c.inc @@ -0,0 +1,59 @@ +/* + * + * This file is generated automatically and part of nDPI + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +/* ****************************************************** */ + + +static ndpi_network ndpi_protocol_nvidia_protocol_list[] = { + { 0x081A9200 /* 8.26.146.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x081CE500 /* 8.28.229.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x08247000 /* 8.36.112.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x08247800 /* 8.36.120.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x082C3300 /* 8.44.51.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x082C3400 /* 8.44.52.0/22 */, 22, NDPI_PROTOCOL_NVIDIA }, + { 0x082F4300 /* 8.47.67.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x18330000 /* 24.51.0.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x18330200 /* 24.51.2.0/23 */, 23, NDPI_PROTOCOL_NVIDIA }, + { 0x18330400 /* 24.51.4.0/22 */, 22, NDPI_PROTOCOL_NVIDIA }, + { 0x18330800 /* 24.51.8.0/21 */, 21, NDPI_PROTOCOL_NVIDIA }, + { 0x18331000 /* 24.51.16.0/20 */, 20, NDPI_PROTOCOL_NVIDIA }, + { 0x25BA6F00 /* 37.186.111.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x42168000 /* 66.22.128.0/21 */, 21, NDPI_PROTOCOL_NVIDIA }, + { 0x42168800 /* 66.22.136.0/22 */, 22, NDPI_PROTOCOL_NVIDIA }, + { 0x42168C00 /* 66.22.140.0/23 */, 23, NDPI_PROTOCOL_NVIDIA }, + { 0x48194000 /* 72.25.64.0/23 */, 23, NDPI_PROTOCOL_NVIDIA }, + { 0x48194200 /* 72.25.66.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x48194400 /* 72.25.68.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x4D6FF900 /* 77.111.249.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x4D6FFB00 /* 77.111.251.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x5054A000 /* 80.84.160.0/20 */, 20, NDPI_PROTOCOL_NVIDIA }, + { 0x551D0E00 /* 85.29.14.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x551D1200 /* 85.29.18.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x59F8ED00 /* 89.248.237.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x6706D300 /* 103.6.211.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x70D98000 /* 112.217.128.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0x79C82D00 /* 121.200.45.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0xB9884400 /* 185.136.68.0/22 */, 22, NDPI_PROTOCOL_NVIDIA }, + { 0xC1F63300 /* 193.246.51.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0xD8E47000 /* 216.228.112.0/20 */, 20, NDPI_PROTOCOL_NVIDIA }, + { 0xD9C7D100 /* 217.199.209.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + { 0xD9C7DE00 /* 217.199.222.0/24 */, 24, NDPI_PROTOCOL_NVIDIA }, + /* End */ + { 0x0, 0, 0 } +}; diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index c006271536b..097db3d2b6a 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1368,6 +1368,25 @@ static ndpi_protocol_match host_match[] = { "pvp.net", "RiotGames", NDPI_PROTOCOL_RIOTGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, { "riotcdn.net", "RiotGames", NDPI_PROTOCOL_RIOTGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "epicgames.com", "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "unrealengine.com", "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "fortnite.com", "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "fortnite-vod.akamaized.net", "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "epicgames.net", "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "epicgames.dev", "EpicGames", NDPI_PROTOCOL_EPICGAMES, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + + { "nvidiagrid.net", "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "gfe.nvidia.com", "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "geforcenow.com", "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "geforce.com", "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "kaizen.nvidia.com", "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "dtrace.nvidia.com", "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "nvgs.nvidia.com", "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "gx.nvidia.com", "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + { "userstore.nvidia.com", "GeForceNow", NDPI_PROTOCOL_GEFORCENOW, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DEFAULT_LEVEL}, + + { "nvidia.com", "Nvidia", NDPI_PROTOCOL_NVIDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DEFAULT_LEVEL}, + /* ADS/tracking/analytic */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 4792c4edf2f..5b340aba196 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -107,6 +107,8 @@ #include "inc_generated/ndpi_asn_yandex_cloud.c.inc" #include "inc_generated/ndpi_asn_disney_plus.c.inc" #include "inc_generated/ndpi_asn_hulu.c.inc" +#include "inc_generated/ndpi_asn_epicgames.c.inc" +#include "inc_generated/ndpi_asn_nvidia.c.inc" /* Third party libraries */ #include "third_party/include/ndpi_patricia.h" @@ -2835,6 +2837,8 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_yandex_cloud_protocol_list); ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_disneyplus_protocol_list); ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_hulu_protocol_list); + ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_epicgames_protocol_list); + ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->protocols_ptree, ndpi_protocol_nvidia_protocol_list); } if(prefs & ndpi_track_flow_payload) @@ -4942,6 +4946,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) { /* Heroes of the Storm */ init_hots_dissector(ndpi_str, &a); + /* EpicGames */ + init_epicgames_dissector(ndpi_str, &a); + #ifdef CUSTOM_NDPI_PROTOCOLS #include "../../../nDPI-custom/custom_ndpi_main_init.c" #endif diff --git a/src/lib/protocols/epicgames.c b/src/lib/protocols/epicgames.c new file mode 100644 index 00000000000..ea30783fd24 --- /dev/null +++ b/src/lib/protocols/epicgames.c @@ -0,0 +1,87 @@ +/* + * epicgames.c + * + * Copyright (C) 2023 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_protocol_ids.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EPICGAMES + +#include "ndpi_api.h" + +static void ndpi_int_epicgames_add_connection(struct ndpi_detection_module_struct * const ndpi_struct, + struct ndpi_flow_struct * const flow) +{ + NDPI_LOG_INFO(ndpi_struct, "found EpicGames\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, + NDPI_PROTOCOL_UNKNOWN, + NDPI_PROTOCOL_EPICGAMES, + NDPI_CONFIDENCE_DPI); +} + +static void ndpi_search_epicgames(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &ndpi_struct->packet; + + NDPI_LOG_DBG(ndpi_struct, "searching EpicGames (stage %d dir %d)\n", + flow->l4.udp.epicgames_stage, packet->packet_direction); + + if(flow->packet_counter == 1) { + if(packet->payload_packet_len >= 34 && + ((ntohl(get_u_int32_t(packet->payload, 0)) & 0x08) == 0) && + get_u_int64_t(packet->payload, 10) == 0 && + get_u_int64_t(packet->payload, 18) == 0 && + get_u_int64_t(packet->payload, 26) == 0) { + flow->l4.udp.epicgames_stage = 1 + packet->packet_direction; + flow->l4.udp.epicgames_word = ntohl(get_u_int32_t(packet->payload, 0)); + return; + } else { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + } else if(flow->l4.udp.epicgames_stage == 2 - packet->packet_direction) { + if(packet->payload_packet_len > 4 && + (flow->l4.udp.epicgames_word | 0x08) == ntohl(get_u_int32_t(packet->payload, 0))) { + ndpi_int_epicgames_add_connection(ndpi_struct, flow); + return; + } else { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + } + + if(flow->packet_counter >= 4) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } +} + +void init_epicgames_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id) +{ + ndpi_set_bitmask_protocol_detection("EpicGames", ndpi_struct, *id, + NDPI_PROTOCOL_EPICGAMES, + ndpi_search_epicgames, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} diff --git a/tests/cfgs/default/pcap/epicgames.pcapng b/tests/cfgs/default/pcap/epicgames.pcapng new file mode 100644 index 00000000000..f3f9210c279 Binary files /dev/null and b/tests/cfgs/default/pcap/epicgames.pcapng differ diff --git a/tests/cfgs/default/pcap/geforcenow.pcapng b/tests/cfgs/default/pcap/geforcenow.pcapng new file mode 100644 index 00000000000..04fc317a06a Binary files /dev/null and b/tests/cfgs/default/pcap/geforcenow.pcapng differ diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index 8c4bb0d7d90..5ebea11198b 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 120 (1.21 pkts/flow) Confidence Unknown : 14 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 177 (flows) -Num dissector calls: 4414 (22.41 diss/flow) +Num dissector calls: 4428 (22.48 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/60/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/4in4tunnel.pcap.out b/tests/cfgs/default/result/4in4tunnel.pcap.out index b50291c10eb..1d25b8ce7df 100644 --- a/tests/cfgs/default/result/4in4tunnel.pcap.out +++ b/tests/cfgs/default/result/4in4tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 5 (5.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 174 (174.00 diss/flow) +Num dissector calls: 175 (175.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/6in6tunnel.pcap.out b/tests/cfgs/default/result/6in6tunnel.pcap.out index 9fa0607efe4..c733233be5f 100644 --- a/tests/cfgs/default/result/6in6tunnel.pcap.out +++ b/tests/cfgs/default/result/6in6tunnel.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 124 (124.00 diss/flow) +Num dissector calls: 125 (125.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/EAQ.pcap.out b/tests/cfgs/default/result/EAQ.pcap.out index 5f11dc2ff3f..14a9e461685 100644 --- a/tests/cfgs/default/result/EAQ.pcap.out +++ b/tests/cfgs/default/result/EAQ.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 116 (4.00 pkts/flow) Confidence DPI : 31 (flows) -Num dissector calls: 4329 (139.65 diss/flow) +Num dissector calls: 4358 (140.58 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/adult_content.pcap.out b/tests/cfgs/default/result/adult_content.pcap.out index 7cd464b80c0..d56adf2d867 100644 --- a/tests/cfgs/default/result/adult_content.pcap.out +++ b/tests/cfgs/default/result/adult_content.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 144 (144.00 diss/flow) +Num dissector calls: 145 (145.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/anyconnect-vpn.pcap.out b/tests/cfgs/default/result/anyconnect-vpn.pcap.out index e017ff46e16..0467ad2107e 100644 --- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out +++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 10 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence Match by port : 6 (flows) Confidence DPI : 61 (flows) -Num dissector calls: 851 (12.33 diss/flow) +Num dissector calls: 852 (12.35 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/collectd.pcap.out b/tests/cfgs/default/result/collectd.pcap.out index 322c3e1f510..a9a29579300 100644 --- a/tests/cfgs/default/result/collectd.pcap.out +++ b/tests/cfgs/default/result/collectd.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 13 (1.62 pkts/flow) Confidence Match by port : 3 (flows) Confidence DPI : 5 (flows) -Num dissector calls: 399 (49.88 diss/flow) +Num dissector calls: 402 (50.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out index 2ce59831307..2a834a37ac2 100644 --- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out @@ -23,5 +23,5 @@ Patricia protocols: 2/2 (search/found) CustomProtocolA 3 222 1 CustomProtocolB 2 148 1 - 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.346/TLS.CustomProtocolA][IP: 346/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 347/CustomProtocolB][IP: 347/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.349/TLS.CustomProtocolA][IP: 349/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 350/CustomProtocolB][IP: 350/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out index fe289bbcb57..23af6fa9851 100644 --- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out +++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 110 (110.00 diss/flow) +Num dissector calls: 111 (111.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord.pcap.out b/tests/cfgs/default/result/discord.pcap.out index 5d0c45e9cb5..8bcd2b66866 100644 --- a/tests/cfgs/default/result/discord.pcap.out +++ b/tests/cfgs/default/result/discord.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 5 (5.00 pkts/flow) DPI Packets (UDP): 60 (1.82 pkts/flow) Confidence DPI : 34 (flows) -Num dissector calls: 4012 (118.00 diss/flow) +Num dissector calls: 4039 (118.79 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/discord_mid_flow.pcap.out b/tests/cfgs/default/result/discord_mid_flow.pcap.out index ef504c43cce..a7953a3b710 100644 --- a/tests/cfgs/default/result/discord_mid_flow.pcap.out +++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 3 (3.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 145 (145.00 diss/flow) +Num dissector calls: 146 (146.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out index 603155ac2c7..17089cbe83b 100644 --- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 256 (1.04 pkts/flow) Confidence DPI : 245 (flows) -Num dissector calls: 20803 (84.91 diss/flow) +Num dissector calls: 20814 (84.96 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/513/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt-v2.pcap.out b/tests/cfgs/default/result/dnscrypt-v2.pcap.out index 040fb8ccab1..df9656e7c72 100644 --- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out +++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (2.00 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 375 (125.00 diss/flow) +Num dissector calls: 378 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out index 1e69087465e..e9347fc51eb 100644 --- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out +++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 126 (126.00 diss/flow) +Num dissector calls: 127 (127.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/epicgames.pcapng.out b/tests/cfgs/default/result/epicgames.pcapng.out new file mode 100644 index 00000000000..1a2081119a3 --- /dev/null +++ b/tests/cfgs/default/result/epicgames.pcapng.out @@ -0,0 +1,28 @@ +Guessed flow protos: 0 + +DPI Packets (UDP): 12 (3.00 pkts/flow) +Confidence DPI : 4 (flows) +Num dissector calls: 592 (148.00 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/0/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 0/0 (search/found) +Automa domain: 0/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 0/0 (search/found) +Automa common alpns: 0/0 (search/found) +Patricia risk mask: 8/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia protocols: 4/4 (search/found) + +EpicGames 81 11186 4 + + 1 UDP 192.168.12.156:39322 <-> 18.157.15.184:9011 [proto: 340/EpicGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: Game/8][10 pkts/4805 bytes <-> 9 pkts/772 bytes][Goodput ratio: 91/51][0.62 sec][bytes ratio: 0.723 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 43/76 163/199 53/74][Pkt Len c2s/s2c min/avg/max/stddev: 81/55 480/86 994/119 424/18][Plen Bins: 10,53,10,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 2 UDP 192.168.12.156:37989 <-> 18.157.15.184:15011 [proto: 340/EpicGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 2][cat: Game/8][11 pkts/1143 bytes <-> 13 pkts/1296 bytes][Goodput ratio: 60/58][1.01 sec][bytes ratio: -0.063 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 19/0 116/76 455/433 133/121][Pkt Len c2s/s2c min/avg/max/stddev: 81/55 104/100 146/192 25/40][Plen Bins: 8,63,12,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 192.168.12.156:47446 <-> 18.157.15.184:15011 [proto: 340/EpicGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Game/8][11 pkts/911 bytes <-> 8 pkts/680 bytes][Goodput ratio: 49/51][4.23 sec][bytes ratio: 0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 384/285 1029/741 372/304][Pkt Len c2s/s2c min/avg/max/stddev: 54/55 83/85 135/98 25/17][Plen Bins: 31,63,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 4 UDP 192.168.12.156:49693 <-> 18.157.15.184:15011 [proto: 340/EpicGames][IP: 265/AmazonAWS][Encrypted][Confidence: DPI][DPI packets: 4][cat: Game/8][11 pkts/906 bytes <-> 8 pkts/673 bytes][Goodput ratio: 49/50][4.55 sec][bytes ratio: 0.148 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 420/285 1035/741 405/303][Pkt Len c2s/s2c min/avg/max/stddev: 54/55 82/84 134/98 24/17][Plen Bins: 31,63,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out index 6d4fe1e9df9..bbefbb5b8e9 100644 --- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out +++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 5 (1.00 pkts/flow) Confidence Unknown : 30 (flows) Confidence Match by port : 28 (flows) Confidence DPI : 193 (flows) -Num dissector calls: 5477 (21.82 diss/flow) +Num dissector calls: 5510 (21.95 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/180/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out index a5302a4aad8..bf35ecf36e6 100644 --- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out +++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out @@ -5,7 +5,7 @@ DPI Packets (other): 7 (1.00 pkts/flow) Confidence Unknown : 19 (flows) Confidence Match by port : 3 (flows) Confidence DPI : 55 (flows) -Num dissector calls: 1821 (23.65 diss/flow) +Num dissector calls: 1837 (23.86 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/66/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/geforcenow.pcapng.out b/tests/cfgs/default/result/geforcenow.pcapng.out new file mode 100644 index 00000000000..05c3add1e79 --- /dev/null +++ b/tests/cfgs/default/result/geforcenow.pcapng.out @@ -0,0 +1,33 @@ +Guessed flow protos: 0 + +DPI Packets (TCP): 7 (7.00 pkts/flow) +DPI Packets (UDP): 3 (3.00 pkts/flow) +Confidence DPI : 2 (flows) +Num dissector calls: 133 (66.50 diss/flow) +LRU cache ookla: 0/0/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) +LRU cache zoom: 0/0/0 (insert/search/found) +LRU cache stun: 0/6/0 (insert/search/found) +LRU cache tls_cert: 0/0/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) +LRU cache msteams: 0/0/0 (insert/search/found) +LRU cache stun_zoom: 0/0/0 (insert/search/found) +Automa host: 1/1 (search/found) +Automa domain: 1/0 (search/found) +Automa tls cert: 0/0 (search/found) +Automa risk mask: 1/0 (search/found) +Automa common alpns: 1/1 (search/found) +Patricia risk mask: 4/0 (search/found) +Patricia risk: 0/0 (search/found) +Patricia protocols: 2/2 (search/found) + +STUN 54 20349 1 +GeForceNow 54 48651 1 + +JA3 Host Stats: + IP Address # JA3C + 1 192.168.1.245 1 + + + 1 TCP 192.168.1.245:57490 <-> 80.84.167.206:49100 [proto: 91.341/TLS.GeForceNow][IP: 342/Nvidia][Encrypted][Confidence: DPI][DPI packets: 7][cat: Game/8][27 pkts/8759 bytes <-> 27 pkts/39892 bytes][Goodput ratio: 80/96][1.34 sec][Hostname/SNI: 80-84-167-206.cloudmatchbeta.nvidiagrid.net][(Advertised) ALPNs: http/1.1][TLS Supported Versions: GREASE;TLSv1.3;TLSv1.2][bytes ratio: -0.640 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 56/12 946/84 200/21][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 324/1477 2962/2962 631/1355][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][TLSv1.2][JA3C: 021c7413ddeb0d58973451b0e3b19eca][ServerNames: prod.cloudmatchbeta.nvidiagrid.net,*.cloudmatchbeta.nvidiagrid.net][JA3S: 098e26e2609212ac1bfac552fbe04127][Issuer: C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1][Subject: C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, CN=prod.cloudmatchbeta.nvidiagrid.net][Certificate SHA-1: 8C:24:BC:2B:01:63:B9:AC:83:90:F3:A9:F9:EA:72:5E:F4:47:A2:77][Chrome][Validity: 2022-08-09 00:00:00 - 2023-08-09 23:59:59][Cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,23,2,0,0,5,0,0,14,0,2,0,0,0,0,0,5,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,42] + 2 UDP 192.168.1.245:52441 <-> 80.84.167.206:18452 [proto: 78/STUN][IP: 342/Nvidia][ClearText][Confidence: DPI][DPI packets: 3][cat: Network/14][21 pkts/3455 bytes <-> 33 pkts/16894 bytes][Goodput ratio: 74/92][1.03 sec][bytes ratio: -0.660 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 51/30 360/689 91/130][Pkt Len c2s/s2c min/avg/max/stddev: 87/67 165/512 582/1222 101/514][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: No server to client traffic][PLAIN TEXT (BffATDg/Gz0)][Plen Bins: 1,17,33,9,12,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/gnutella.pcap.out b/tests/cfgs/default/result/gnutella.pcap.out index 7fb668aefdb..ce5d765f347 100644 --- a/tests/cfgs/default/result/gnutella.pcap.out +++ b/tests/cfgs/default/result/gnutella.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 590 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 167 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 67212 (88.44 diss/flow) +Num dissector calls: 67724 (89.11 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/1779/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/gtp_false_positive.pcapng.out b/tests/cfgs/default/result/gtp_false_positive.pcapng.out index 8a77a118ec3..afeebce2672 100644 --- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out +++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 3 DPI Packets (UDP): 7 (2.33 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 2 (flows) -Num dissector calls: 398 (132.67 diss/flow) +Num dissector calls: 401 (133.67 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/h323.pcap.out b/tests/cfgs/default/result/h323.pcap.out index 85749d4ea00..3104dcef567 100644 --- a/tests/cfgs/default/result/h323.pcap.out +++ b/tests/cfgs/default/result/h323.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 2 (2.00 pkts/flow) DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 228 (114.00 diss/flow) +Num dissector calls: 229 (114.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index ca3f8dadea3..7539a2e13ba 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 77 (5.92 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 7 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 147 (9.80 diss/flow) +Num dissector calls: 148 (9.87 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/21/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/imo.pcap.out b/tests/cfgs/default/result/imo.pcap.out index efe4a2b8c4b..cd83c6d46df 100644 --- a/tests/cfgs/default/result/imo.pcap.out +++ b/tests/cfgs/default/result/imo.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 7 (3.50 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 289 (144.50 diss/flow) +Num dissector calls: 291 (145.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/instagram.pcap.out b/tests/cfgs/default/result/instagram.pcap.out index 6fb2d8c498d..7c55cb6f5bf 100644 --- a/tests/cfgs/default/result/instagram.pcap.out +++ b/tests/cfgs/default/result/instagram.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Unknown : 1 (flows) Confidence Match by port : 7 (flows) Confidence DPI : 30 (flows) -Num dissector calls: 1311 (34.50 diss/flow) +Num dissector calls: 1312 (34.53 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/iphone.pcap.out b/tests/cfgs/default/result/iphone.pcap.out index 9d6294290a1..31f2e068f08 100644 --- a/tests/cfgs/default/result/iphone.pcap.out +++ b/tests/cfgs/default/result/iphone.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 55 (1.77 pkts/flow) DPI Packets (other): 5 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 50 (flows) -Num dissector calls: 349 (6.84 diss/flow) +Num dissector calls: 350 (6.86 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/kontiki.pcap.out b/tests/cfgs/default/result/kontiki.pcap.out index 946b301eea0..7603abb5826 100644 --- a/tests/cfgs/default/result/kontiki.pcap.out +++ b/tests/cfgs/default/result/kontiki.pcap.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 6 (1.50 pkts/flow) DPI Packets (other): 4 (1.00 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 322 (40.25 diss/flow) +Num dissector calls: 324 (40.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/line.pcap.out b/tests/cfgs/default/result/line.pcap.out index 4cc5fe734d9..788ee863628 100644 --- a/tests/cfgs/default/result/line.pcap.out +++ b/tests/cfgs/default/result/line.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 13 (6.50 pkts/flow) DPI Packets (UDP): 40 (13.33 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 602 (120.40 diss/flow) +Num dissector calls: 605 (121.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/linecall_falsepositve.pcap.out b/tests/cfgs/default/result/linecall_falsepositve.pcap.out index 7bdacc2635c..460498c7b3f 100644 --- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out +++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 13 (13.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 199 (199.00 diss/flow) +Num dissector calls: 200 (200.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out index 8e2e99d4d44..419a56dd988 100644 --- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out +++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 9 (3.00 pkts/flow) DPI Packets (UDP): 38 (4.22 pkts/flow) Confidence DPI (cache) : 6 (flows) Confidence DPI : 6 (flows) -Num dissector calls: 1076 (89.67 diss/flow) +Num dissector calls: 1082 (90.17 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 25/12/4 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/nintendo.pcap.out b/tests/cfgs/default/result/nintendo.pcap.out index b9d30beed58..3fa9f89323b 100644 --- a/tests/cfgs/default/result/nintendo.pcap.out +++ b/tests/cfgs/default/result/nintendo.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 15 (flows) Confidence Match by IP : 5 (flows) -Num dissector calls: 1253 (59.67 diss/flow) +Num dissector calls: 1258 (59.90 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/18/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/openvpn.pcap.out b/tests/cfgs/default/result/openvpn.pcap.out index fa6c5edcfb9..5bd52eb0c09 100644 --- a/tests/cfgs/default/result/openvpn.pcap.out +++ b/tests/cfgs/default/result/openvpn.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 6 (6.00 pkts/flow) DPI Packets (UDP): 5 (2.50 pkts/flow) Confidence DPI : 3 (flows) -Num dissector calls: 391 (130.33 diss/flow) +Num dissector calls: 393 (131.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out index 8fd8abb5f92..30dc5760852 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 8 (1.33 pkts/flow) DPI Packets (UDP): 13 (3.25 pkts/flow) Confidence DPI : 10 (flows) -Num dissector calls: 691 (69.10 diss/flow) +Num dissector calls: 694 (69.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out index 581441c1833..70c2e8bd94a 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 3 (flows) -Num dissector calls: 486 (121.50 diss/flow) +Num dissector calls: 488 (122.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out index d8d6a917114..bddc0ff70d2 100644 --- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Unknown : 1 (flows) -Num dissector calls: 127 (127.00 diss/flow) +Num dissector calls: 128 (128.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/pps.pcap.out b/tests/cfgs/default/result/pps.pcap.out index 0b0b6325b24..50d640ee50c 100644 --- a/tests/cfgs/default/result/pps.pcap.out +++ b/tests/cfgs/default/result/pps.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 136 (3.09 pkts/flow) Confidence Unknown : 29 (flows) Confidence Match by port : 2 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 5341 (49.92 diss/flow) +Num dissector calls: 5370 (50.19 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/93/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index b2dc5f4f7ba..2c7cd9d0e22 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 12 (1.20 pkts/flow) Confidence Match by port : 1 (flows) Confidence DPI : 9 (flows) -Num dissector calls: 212 (21.20 diss/flow) +Num dissector calls: 213 (21.30 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out index ff8ffde70cb..0361810194e 100644 --- a/tests/cfgs/default/result/quic_0RTT.pcap.out +++ b/tests/cfgs/default/result/quic_0RTT.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 188 (94.00 diss/flow) +Num dissector calls: 189 (94.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/radius_false_positive.pcapng.out b/tests/cfgs/default/result/radius_false_positive.pcapng.out index d98bebd3acc..97932531136 100644 --- a/tests/cfgs/default/result/radius_false_positive.pcapng.out +++ b/tests/cfgs/default/result/radius_false_positive.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 10 (10.00 pkts/flow) Confidence Match by port : 1 (flows) -Num dissector calls: 192 (192.00 diss/flow) +Num dissector calls: 193 (193.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/raknet.pcap.out b/tests/cfgs/default/result/raknet.pcap.out index cd0bfaf3a46..492e85f2dac 100644 --- a/tests/cfgs/default/result/raknet.pcap.out +++ b/tests/cfgs/default/result/raknet.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 24 (2.00 pkts/flow) Confidence DPI : 12 (flows) -Num dissector calls: 1416 (118.00 diss/flow) +Num dissector calls: 1422 (118.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/rx.pcap.out b/tests/cfgs/default/result/rx.pcap.out index 12fca81e4dc..1356a2f550e 100644 --- a/tests/cfgs/default/result/rx.pcap.out +++ b/tests/cfgs/default/result/rx.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 10 (2.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 622 (124.40 diss/flow) +Num dissector calls: 627 (125.40 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sflow.pcap.out b/tests/cfgs/default/result/sflow.pcap.out index e625c8a7049..9ccd3156c15 100644 --- a/tests/cfgs/default/result/sflow.pcap.out +++ b/tests/cfgs/default/result/sflow.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 111 (111.00 diss/flow) +Num dissector calls: 112 (112.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/sip_hello.pcapng.out b/tests/cfgs/default/result/sip_hello.pcapng.out index f3b11e3b06f..e74988c41d2 100644 --- a/tests/cfgs/default/result/sip_hello.pcapng.out +++ b/tests/cfgs/default/result/sip_hello.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 9 (9.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 189 (189.00 diss/flow) +Num dissector calls: 190 (190.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/skype_udp.pcap.out b/tests/cfgs/default/result/skype_udp.pcap.out index ad0bb5c3da7..f26093a3cb1 100644 --- a/tests/cfgs/default/result/skype_udp.pcap.out +++ b/tests/cfgs/default/result/skype_udp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 125 (125.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/softether.pcap.out b/tests/cfgs/default/result/softether.pcap.out index da1aac43f5a..efe93e701d9 100644 --- a/tests/cfgs/default/result/softether.pcap.out +++ b/tests/cfgs/default/result/softether.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 1 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 31 (10.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 369 (92.25 diss/flow) +Num dissector calls: 371 (92.75 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index e9efa25d0ae..0dc897efc30 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -6,7 +6,7 @@ DPI Packets (other): 1 (1.00 pkts/flow) Confidence Match by port : 12 (flows) Confidence DPI : 39 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 1423 (27.37 diss/flow) +Num dissector calls: 1428 (27.46 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/39/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/stun.pcap.out b/tests/cfgs/default/result/stun.pcap.out index efbb0b82c24..a5ef1d2c5e2 100644 --- a/tests/cfgs/default/result/stun.pcap.out +++ b/tests/cfgs/default/result/stun.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 13 (4.33 pkts/flow) Confidence DPI : 4 (flows) -Num dissector calls: 578 (144.50 diss/flow) +Num dissector calls: 581 (145.25 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/stun_signal.pcapng.out b/tests/cfgs/default/result/stun_signal.pcapng.out index 2417ed78e3f..aaafdd26d99 100644 --- a/tests/cfgs/default/result/stun_signal.pcapng.out +++ b/tests/cfgs/default/result/stun_signal.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 72 (3.43 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial) : 1 (flows) Confidence DPI : 22 (flows) -Num dissector calls: 2298 (99.91 diss/flow) +Num dissector calls: 2313 (100.57 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/24/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out index cdc2054ce60..f860ca8d6d5 100644 --- a/tests/cfgs/default/result/synscan.pcap.out +++ b/tests/cfgs/default/result/synscan.pcap.out @@ -124,7 +124,7 @@ iSCSI 2 116 2 44 TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 45 TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 46 TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 340/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 47 TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 343/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 48 TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 49 TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 50 TCP 172.16.0.8:36050 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] @@ -188,7 +188,7 @@ iSCSI 2 116 2 108 TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 109 TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 110 TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] - 111 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 340/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 111 TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 343/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 112 TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 113 TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] 114 TCP 172.16.0.8:36051 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/teams.pcap.out b/tests/cfgs/default/result/teams.pcap.out index 8dba8dd7554..db1acf5db45 100644 --- a/tests/cfgs/default/result/teams.pcap.out +++ b/tests/cfgs/default/result/teams.pcap.out @@ -7,7 +7,7 @@ Confidence Unknown : 1 (flows) Confidence Match by port : 1 (flows) Confidence DPI (partial) : 5 (flows) Confidence DPI : 76 (flows) -Num dissector calls: 493 (5.94 diss/flow) +Num dissector calls: 494 (5.95 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/9/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamspeak3.pcap.out b/tests/cfgs/default/result/teamspeak3.pcap.out index 5c12584ab58..7ed97acae4c 100644 --- a/tests/cfgs/default/result/teamspeak3.pcap.out +++ b/tests/cfgs/default/result/teamspeak3.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 198 (99.00 diss/flow) +Num dissector calls: 199 (99.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/teamviewer.pcap.out b/tests/cfgs/default/result/teamviewer.pcap.out index 27a898acdf6..84a211f7cc9 100644 --- a/tests/cfgs/default/result/teamviewer.pcap.out +++ b/tests/cfgs/default/result/teamviewer.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 0 DPI Packets (TCP): 4 (4.00 pkts/flow) DPI Packets (UDP): 4 (4.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 152 (76.00 diss/flow) +Num dissector calls: 153 (76.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out index 96a0db11aab..4e7d20706e0 100644 --- a/tests/cfgs/default/result/telegram.pcap.out +++ b/tests/cfgs/default/result/telegram.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 5 DPI Packets (UDP): 81 (1.69 pkts/flow) Confidence Unknown : 2 (flows) Confidence DPI : 46 (flows) -Num dissector calls: 1484 (30.92 diss/flow) +Num dissector calls: 1486 (30.96 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/6/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/tftp.pcap.out b/tests/cfgs/default/result/tftp.pcap.out index d38dd91fcb9..976b9b3216a 100644 --- a/tests/cfgs/default/result/tftp.pcap.out +++ b/tests/cfgs/default/result/tftp.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 13 (1.86 pkts/flow) Confidence DPI : 7 (flows) -Num dissector calls: 311 (44.43 diss/flow) +Num dissector calls: 313 (44.71 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/toca-boca.pcap.out b/tests/cfgs/default/result/toca-boca.pcap.out index 621c28b328e..ffd050c98ab 100644 --- a/tests/cfgs/default/result/toca-boca.pcap.out +++ b/tests/cfgs/default/result/toca-boca.pcap.out @@ -3,7 +3,7 @@ Guessed flow protos: 4 DPI Packets (UDP): 21 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 17 (flows) -Num dissector calls: 457 (21.76 diss/flow) +Num dissector calls: 461 (21.95 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index 9056fa2e0ff..39c1a368f77 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 27 (1.93 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence Match by port : 4 (flows) Confidence DPI : 25 (flows) -Num dissector calls: 435 (15.00 diss/flow) +Num dissector calls: 436 (15.03 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index 11146fb4604..76bf024c789 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -5,7 +5,7 @@ DPI Packets (UDP): 14 (7.00 pkts/flow) Confidence Match by port : 3 (flows) Confidence DPI : 53 (flows) Confidence Match by IP : 1 (flows) -Num dissector calls: 268 (4.70 diss/flow) +Num dissector calls: 269 (4.72 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/weibo.pcap.out b/tests/cfgs/default/result/weibo.pcap.out index 91d588442b8..53367fe4f78 100644 --- a/tests/cfgs/default/result/weibo.pcap.out +++ b/tests/cfgs/default/result/weibo.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 100 (3.33 pkts/flow) DPI Packets (UDP): 43 (3.07 pkts/flow) Confidence Match by port : 21 (flows) Confidence DPI : 23 (flows) -Num dissector calls: 516 (11.73 diss/flow) +Num dissector calls: 518 (11.77 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/63/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/wireguard.pcap.out b/tests/cfgs/default/result/wireguard.pcap.out index 51199156d81..b47f850717c 100644 --- a/tests/cfgs/default/result/wireguard.pcap.out +++ b/tests/cfgs/default/result/wireguard.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 0 DPI Packets (UDP): 6 (3.00 pkts/flow) Confidence DPI : 2 (flows) -Num dissector calls: 259 (129.50 diss/flow) +Num dissector calls: 261 (130.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom2.pcap.out b/tests/cfgs/default/result/zoom2.pcap.out index a3613f3f170..8b9ff753449 100644 --- a/tests/cfgs/default/result/zoom2.pcap.out +++ b/tests/cfgs/default/result/zoom2.pcap.out @@ -4,7 +4,7 @@ DPI Packets (TCP): 8 (8.00 pkts/flow) DPI Packets (UDP): 15 (5.00 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) Confidence DPI : 5 (flows) -Num dissector calls: 485 (97.00 diss/flow) +Num dissector calls: 488 (97.60 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 1/0/0 (insert/search/found) diff --git a/tests/cfgs/default/result/zoom_p2p.pcapng.out b/tests/cfgs/default/result/zoom_p2p.pcapng.out index 539f608ec1a..664406a81c8 100644 --- a/tests/cfgs/default/result/zoom_p2p.pcapng.out +++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out @@ -4,7 +4,7 @@ DPI Packets (UDP): 52 (5.20 pkts/flow) DPI Packets (other): 2 (1.00 pkts/flow) Confidence DPI (partial cache): 4 (flows) Confidence DPI : 8 (flows) -Num dissector calls: 792 (66.00 diss/flow) +Num dissector calls: 796 (66.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/12/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out index e8a6aa07e2a..2854544befc 100644 --- a/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out +++ b/tests/cfgs/disable_protocols/result/dns_long_domainname.pcap.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 2 (2.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 125 (125.00 diss/flow) +Num dissector calls: 126 (126.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out index 31ce158e77c..a1a4c658b03 100644 --- a/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out +++ b/tests/cfgs/disable_protocols/result/quic-mvfst-27.pcapng.out @@ -2,7 +2,7 @@ Guessed flow protos: 1 DPI Packets (UDP): 13 (13.00 pkts/flow) Confidence Match by IP : 1 (flows) -Num dissector calls: 185 (185.00 diss/flow) +Num dissector calls: 186 (186.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/3/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) diff --git a/utils/asn_update.sh b/utils/asn_update.sh index 86ade7b42ae..423ae54ad85 100755 --- a/utils/asn_update.sh +++ b/utils/asn_update.sh @@ -184,6 +184,16 @@ DEST=../src/lib/inc_generated/ndpi_asn_hulu.c.inc create_list NDPI_PROTOCOL_HULU $DEST "AS23286" echo "(3) Hulu IPs are available in $DEST" +echo "(1) Downloading EpicGames.." +DEST=../src/lib/inc_generated/ndpi_asn_epicgames.c.inc +create_list NDPI_PROTOCOL_EPICGAMES $DEST "AS4356" "AS397645" "AS395701" "AS393326" +echo "(3) EpicGames IPs are available in $DEST" + +echo "(1) Downloading Nvidia..." +DEST=../src/lib/inc_generated/ndpi_asn_nvidia.c.inc +create_list NDPI_PROTOCOL_NVIDIA $DEST "AS60977" "AS50889" "AS20347" "AS11414" +echo "(3) Nvidia IPs are available in $DEST" + if [ ${TOTAL_ASN} -eq ${FAILED_ASN} ]; then printf '%s: %s\n' "${0}" "All download(s) failed, ./get_routes_by_asn.sh broken?" exit 1 diff --git a/windows/nDPI.vcxproj b/windows/nDPI.vcxproj index 0c831dc3b75..a5885dbe9f1 100644 --- a/windows/nDPI.vcxproj +++ b/windows/nDPI.vcxproj @@ -156,6 +156,7 @@ + diff --git a/windows/nDPI.vcxproj.filters b/windows/nDPI.vcxproj.filters index 26fbd988a5e..b8639e19f29 100644 --- a/windows/nDPI.vcxproj.filters +++ b/windows/nDPI.vcxproj.filters @@ -21,6 +21,7 @@ +