From 81e1ea545ca465cda064e7cc80333fe7f0ef2aff Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Sat, 3 Dec 2022 12:07:32 +0100
Subject: [PATCH] Make LRU caches ipv6 aware (#1810)

Simplest solution, keeping the existing cache data structure

TLS certificate cache is used for DTLS traffic, too.

Note that Ookla cache already works with ipv6 flows.

TODO:
 * make the key/hashing more robust (extending the key size?)
 * update bittorrent cache too. That task is quite difficult because
   ntopng uses a public function (`ndpi_guess_undetected_protocol()`)
   intrinsically ipv4 only...
---
 src/lib/ndpi_main.c                           |  80 ++++++++++++------
 src/lib/protocols/hangout.c                   |   2 +-
 src/lib/protocols/mining.c                    |  34 +++++---
 src/lib/protocols/stun.c                      |  19 +++--
 src/lib/protocols/tls.c                       |  49 +++++++++--
 tests/pcap/lru_ipv6_caches.pcapng             | Bin 0 -> 24168 bytes
 tests/result/1kxun.pcap.out                   |   2 +-
 tests/result/6in4tunnel.pcap.out              |   2 +-
 tests/result/6in6tunnel.pcap.out              |   2 +-
 tests/result/anyconnect-vpn.pcap.out          |   2 +-
 tests/result/dtls.pcap.out                    |   2 +-
 tests/result/dtls2.pcap.out                   |   2 +-
 tests/result/dtls_certificate.pcapng.out      |   2 +-
 .../dtls_certificate_fragments.pcap.out       |   2 +-
 tests/result/dtls_old_version.pcapng.out      |   2 +-
 .../dtls_session_id_and_coockie_both.pcap.out |   2 +-
 tests/result/fuzz-2021-10-13.pcap.out         |   2 +-
 tests/result/http_ipv6.pcap.out               |   2 +-
 tests/result/lru_ipv6_caches.pcapng.out       |  49 +++++++++++
 tests/result/pinterest.pcap.out               |   4 +-
 tests/result/radius_false_positive.pcapng.out |   2 +-
 tests/result/reddit.pcap.out                  |   4 +-
 tests/result/smtp-starttls.pcap.out           |   2 +-
 tests/result/stun.pcap.out                    |   2 +-
 tests/result/tumblr.pcap.out                  |   4 +-
 25 files changed, 201 insertions(+), 74 deletions(-)
 create mode 100644 tests/pcap/lru_ipv6_caches.pcapng
 create mode 100644 tests/result/lru_ipv6_caches.pcapng.out

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 2fdc02b4b9c..e4fe28890e1 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -175,6 +175,7 @@ static ndpi_risk_info ndpi_known_risks[] = {
 
 extern void ndpi_unset_risk(struct ndpi_detection_module_struct *ndpi_str,
 			    struct ndpi_flow_struct *flow, ndpi_risk_enum r);
+extern u_int32_t make_mining_key(struct ndpi_flow_struct *flow);
 
 /* Forward */
 static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_str,
@@ -5693,6 +5694,19 @@ u_int16_t ndpi_guess_host_protocol_id(struct ndpi_detection_module_struct *ndpi_
 
 /* ********************************************************************************* */
 
+static u_int32_t make_msteams_key(struct ndpi_flow_struct *flow) {
+  u_int32_t key;
+
+  if(flow->is_ipv6)
+    key = ndpi_quick_hash(flow->c_address.v6, 16);
+  else
+    key = ntohl(flow->c_address.v4);
+
+  return key;
+}
+
+/* ********************************************************************************* */
+
 static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_str,
 				     struct ndpi_flow_struct *flow,
 				     ndpi_protocol *ret) {
@@ -5715,12 +5729,12 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s
       (MS Teams uses Skype as transport protocol for voice/video)
     */
   case NDPI_PROTOCOL_MSTEAMS:
-    if(flow->is_ipv6 == 0 && flow->l4_proto == IPPROTO_TCP) {
+    if(flow->l4_proto == IPPROTO_TCP) {
       // printf("====>> NDPI_PROTOCOL_MSTEAMS\n");
 
       if(ndpi_str->msteams_cache)
 	ndpi_lru_add_to_cache(ndpi_str->msteams_cache,
-			      ntohl(flow->c_address.v4),
+			      make_msteams_key(flow),
 			      (flow->last_packet_time_ms / 1000) & 0xFFFF /* 16 bit */);
     }
     break;
@@ -5740,12 +5754,11 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s
 
   case NDPI_PROTOCOL_SKYPE_TEAMS:
   case NDPI_PROTOCOL_SKYPE_TEAMS_CALL:
-    if(flow->is_ipv6 == 0
-       && flow->l4_proto == IPPROTO_UDP
+    if(flow->l4_proto == IPPROTO_UDP
        && ndpi_str->msteams_cache) {
       u_int16_t when;
 
-      if(ndpi_lru_find_cache(ndpi_str->msteams_cache, ntohl(flow->c_address.v4),
+      if(ndpi_lru_find_cache(ndpi_str->msteams_cache, make_msteams_key(flow),
 			     &when, 0 /* Don't remove it as it can be used for other connections */)) {
 	u_int16_t tdiff = ((flow->last_packet_time_ms /1000) & 0xFFFF) - when;
 
@@ -5755,7 +5768,7 @@ static void ndpi_reconcile_protocols(struct ndpi_detection_module_struct *ndpi_s
 
 	  /* Refresh cache */
 	  ndpi_lru_add_to_cache(ndpi_str->msteams_cache,
-				ntohl(flow->c_address.v4),
+				make_msteams_key(flow),
 				(flow->last_packet_time_ms / 1000) & 0xFFFF /* 16 bit */);
 	}
       }
@@ -5845,21 +5858,40 @@ int ndpi_search_into_bittorrent_cache(struct ndpi_detection_module_struct *ndpi_
 
 /* #define ZOOM_CACHE_DEBUG */
 
-static u_int8_t ndpi_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct,
-					    u_int32_t daddr /* Network byte order */) {
 
-#ifdef ZOOM_CACHE_DEBUG
-  printf("[%s:%u] ndpi_search_into_zoom_cache(%08X, %u)\n",
-	 __FILE__, __LINE__, daddr, dport);
-#endif
+static u_int32_t make_zoom_key(struct ndpi_flow_struct *flow, int server) {
+  u_int32_t key;
+
+  if(server) {
+    if(flow->is_ipv6)
+      key = ndpi_quick_hash(flow->s_address.v6, 16);
+    else
+      key = flow->s_address.v4;
+  } else {
+    if(flow->is_ipv6)
+      key = ndpi_quick_hash(flow->c_address.v6, 16);
+    else
+      key = flow->c_address.v4;
+  }
+
+  return key;
+}
+
+/* ********************************************************************************* */
+
+static u_int8_t ndpi_search_into_zoom_cache(struct ndpi_detection_module_struct *ndpi_struct,
+					    struct ndpi_flow_struct *flow, int server) {
 
   if(ndpi_struct->zoom_cache) {
     u_int16_t cached_proto;
-    u_int8_t found = ndpi_lru_find_cache(ndpi_struct->zoom_cache, daddr, &cached_proto,
+    u_int32_t key;
+
+    key = make_zoom_key(flow, server);
+    u_int8_t found = ndpi_lru_find_cache(ndpi_struct->zoom_cache, key, &cached_proto,
 					 0 /* Don't remove it as it can be used for other connections */);
 
 #ifdef ZOOM_CACHE_DEBUG
-    printf("[Zoom] *** [TCP] SEARCHING host %u [found: %u]\n", daddr, found);
+    printf("[Zoom] *** [TCP] SEARCHING key %u [found: %u]\n", key, found);
 #endif
 
     return(found);
@@ -5871,9 +5903,9 @@ static u_int8_t ndpi_search_into_zoom_cache(struct ndpi_detection_module_struct
 /* ********************************************************************************* */
 
 static void ndpi_add_connection_as_zoom(struct ndpi_detection_module_struct *ndpi_struct,
-					u_int32_t daddr /* Network byte order */) {
+					struct ndpi_flow_struct *flow) {
   if(ndpi_struct->zoom_cache)
-    ndpi_lru_add_to_cache(ndpi_struct->zoom_cache, daddr, NDPI_PROTOCOL_ZOOM);
+    ndpi_lru_add_to_cache(ndpi_struct->zoom_cache, make_zoom_key(flow, 1), NDPI_PROTOCOL_ZOOM);
 }
 
 /* ********************************************************************************* */
@@ -5901,10 +5933,10 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
 
   /* TODO: this lookup seems in the wrong place here...
      Move it somewhere else (?) or setting flow->guessed_protocol_id directly in the mining dissector? */
-  if(ndpi_str->mining_cache && flow->is_ipv6 == 0) {
+  if(ndpi_str->mining_cache) {
     u_int16_t cached_proto;
 
-    if(ndpi_lru_find_cache(ndpi_str->mining_cache, flow->c_address.v4 + flow->s_address.v4,
+    if(ndpi_lru_find_cache(ndpi_str->mining_cache, make_mining_key(flow),
 			   &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) {
       ndpi_set_detected_protocol(ndpi_str, flow, cached_proto, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_PARTIAL_CACHE);
       ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0];
@@ -5982,10 +6014,9 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st
       /* This looks like BitTorrent */
       ndpi_set_detected_protocol(ndpi_str, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_PARTIAL_CACHE);
       ret.app_protocol = NDPI_PROTOCOL_BITTORRENT;
-    } else if((flow->l4_proto == IPPROTO_UDP) /* Zoom/UDP used for video */
-	      && (((ntohs(flow->c_port) == 8801 /* Zoom port */) && ndpi_search_into_zoom_cache(ndpi_str, flow->c_address.v4))
-		  || ((ntohs(flow->s_port) == 8801 /* Zoom port */) && ndpi_search_into_zoom_cache(ndpi_str, flow->s_address.v4))
-		  )) {
+    } else if((flow->l4_proto == IPPROTO_UDP) && /* Zoom/UDP used for video */
+	      ((ntohs(flow->s_port) == 8801 && ndpi_search_into_zoom_cache(ndpi_str, flow, 1)) ||
+	       (ntohs(flow->c_port) == 8801 && ndpi_search_into_zoom_cache(ndpi_str, flow, 0)))) {
       /* This looks like Zoom */
       ndpi_set_detected_protocol(ndpi_str, flow, NDPI_PROTOCOL_ZOOM, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI_PARTIAL_CACHE);
       ret.app_protocol = NDPI_PROTOCOL_ZOOM;
@@ -6642,9 +6673,8 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
 
   /* Zoom cache */
   if((ret.app_protocol == NDPI_PROTOCOL_ZOOM)
-     && (flow->l4_proto == IPPROTO_TCP)
-     && (ndpi_str->packet.iph != NULL))
-    ndpi_add_connection_as_zoom(ndpi_str, ndpi_str->packet.iph->daddr);
+     && (flow->l4_proto == IPPROTO_TCP))
+    ndpi_add_connection_as_zoom(ndpi_str, flow);
 
   return(ret);
 }
diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c
index ebc978420c4..867e0544fec 100644
--- a/src/lib/protocols/hangout.c
+++ b/src/lib/protocols/hangout.c
@@ -73,7 +73,7 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct,
 
       /* Hangout is over STUN hence the LRU cache is shared */
 
-      if(ndpi_struct->stun_cache && packet->iph) {
+      if(ndpi_struct->stun_cache) {
 	u_int32_t key = get_stun_lru_key(flow, !matched_src);
 
 #ifdef DEBUG_LRU
diff --git a/src/lib/protocols/mining.c b/src/lib/protocols/mining.c
index 6d6e48f029b..1f6fecd7b39 100644
--- a/src/lib/protocols/mining.c
+++ b/src/lib/protocols/mining.c
@@ -24,12 +24,27 @@
 #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MINING
 #include "ndpi_api.h"
 
+
+/* ************************************************************************** */
+
+u_int32_t make_mining_key(struct ndpi_flow_struct *flow) {
+  u_int32_t key;
+
+  /* network byte order */
+  if(flow->is_ipv6)
+    key = ndpi_quick_hash(flow->c_address.v6, 16) + ndpi_quick_hash(flow->s_address.v6, 16);
+  else
+    key = flow->c_address.v4 + flow->s_address.v4;
+
+  return key;
+}
+
 /* ************************************************************************** */
 
 static void cacheMiningHostTwins(struct ndpi_detection_module_struct *ndpi_struct,
-				 u_int32_t host_keys /* network byte order */) {
+				 struct ndpi_flow_struct *flow) {
   if(ndpi_struct->mining_cache)
-    ndpi_lru_add_to_cache(ndpi_struct->mining_cache, host_keys, NDPI_PROTOCOL_MINING);
+    ndpi_lru_add_to_cache(ndpi_struct->mining_cache, make_mining_key(flow), NDPI_PROTOCOL_MINING);
 }
 
 /* ************************************************************************** */
@@ -59,8 +74,7 @@ static void ndpi_search_mining_udp(struct ndpi_detection_module_struct *ndpi_str
     else {
       ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-      if(packet->iph) /* TODO: ipv6 */
-        cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
+      cacheMiningHostTwins(ndpi_struct, flow);
       return;
     }
   }
@@ -96,8 +110,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
       if((*to_match == magic) || (*to_match == magic1)) {
        ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
 	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	if(packet->iph) /* TODO: ipv6 */
-	  cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
+	cacheMiningHostTwins(ndpi_struct, flow);
 	return;
       }
     }
@@ -108,8 +121,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
       if(isEthPort(ntohs(packet->tcp->dest)) /* Ethereum port */) {
        ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
 	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	if(packet->iph) /* TODO: ipv6 */
-	  cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
+	cacheMiningHostTwins(ndpi_struct, flow);
 	return;
       } 
     } else if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len)
@@ -127,8 +139,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
       */
       ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ETH");
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-      if(packet->iph) /* TODO: ipv6 */
-        cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
+      cacheMiningHostTwins(ndpi_struct, flow);
       return;
     } else if(ndpi_strnstr((const char *)packet->payload, "{", packet->payload_packet_len)
 	      && (ndpi_strnstr((const char *)packet->payload, "\"method\":", packet->payload_packet_len)
@@ -151,8 +162,7 @@ static void ndpi_search_mining_tcp(struct ndpi_detection_module_struct *ndpi_str
       */
       ndpi_snprintf(flow->flow_extra_info, sizeof(flow->flow_extra_info), "%s", "ZCash/Monero");
       ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MINING, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-      if(packet->iph) /* TODO: ipv6 */
-        cacheMiningHostTwins(ndpi_struct, packet->iph->saddr + packet->iph->daddr);
+      cacheMiningHostTwins(ndpi_struct, flow);
       return;
     }
   }
diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c
index d60270ecc7e..a06612b289b 100644
--- a/src/lib/protocols/stun.c
+++ b/src/lib/protocols/stun.c
@@ -37,10 +37,17 @@
 /* ************************************************************ */
 
 u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) {
-  if(rev)
-    return(ntohl(flow->s_address.v4) + ntohs(flow->s_port));
-  else
-    return(ntohl(flow->c_address.v4) + ntohs(flow->c_port));
+  if(rev) {
+    if(flow->is_ipv6)
+      return ndpi_quick_hash(flow->s_address.v6, 16) + ntohs(flow->s_port);
+    else
+      return ntohl(flow->s_address.v4) + ntohs(flow->s_port);
+  } else {
+    if(flow->is_ipv6)
+      return ndpi_quick_hash(flow->c_address.v6, 16) + ntohs(flow->c_port);
+    else
+      return ntohl(flow->c_address.v4) + ntohs(flow->c_port);
+  }
 }
 
 /* ************************************************************ */
@@ -48,7 +55,6 @@ u_int32_t get_stun_lru_key(struct ndpi_flow_struct *flow, u_int8_t rev) {
 static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
 					 struct ndpi_flow_struct *flow,
 					 u_int app_proto) {
-  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   ndpi_confidence_t confidence = NDPI_CONFIDENCE_DPI;
 
   if(app_proto == NDPI_PROTOCOL_UNKNOWN) {
@@ -59,7 +65,6 @@ static void ndpi_int_stun_add_connection(struct ndpi_detection_module_struct *nd
   }
 
   if(ndpi_struct->stun_cache
-     && packet->iph
      && (app_proto != NDPI_PROTOCOL_UNKNOWN)
      ) /* Cache flow sender info */ {
     u_int32_t key = get_stun_lru_key(flow, 0);
@@ -182,7 +187,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct *
     return(NDPI_IS_NOT_STUN);
   }
 
-  if(ndpi_struct->stun_cache && packet->iph) { /* TODO: ipv6 */
+  if(ndpi_struct->stun_cache) {
     u_int16_t proto;
     u_int32_t key = get_stun_lru_key(flow, 0);
     int rc = ndpi_lru_find_cache(ndpi_struct->stun_cache, key, &proto,
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 3e8b50c4e48..e8ce0ea9782 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -290,6 +290,42 @@ static int extractRDNSequence(struct ndpi_packet_struct *packet,
 
 /* **************************************** */
 
+static u_int32_t make_tls_cert_key(struct ndpi_packet_struct *packet, int is_from_client)
+{
+  u_int32_t key;
+
+  /* Server ip/port */
+  if(packet->iphv6 == NULL) {
+    if(packet->tcp) {
+      if(is_from_client)
+        key = packet->iph->daddr + packet->tcp->dest;
+      else
+        key = packet->iph->saddr + packet->tcp->source;
+    } else {
+      if(is_from_client)
+        key = packet->iph->daddr + packet->udp->dest;
+      else
+        key = packet->iph->saddr + packet->udp->source;
+    }
+  } else {
+    if(packet->tcp) {
+      if(is_from_client)
+        key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_dst, 16) + packet->tcp->dest;
+      else
+        key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_src, 16) + packet->tcp->source;
+    } else {
+      if(is_from_client)
+        key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_dst, 16) + packet->udp->dest;
+      else
+        key = ndpi_quick_hash((unsigned char *)&packet->iphv6->ip6_src, 16) + packet->udp->source;
+    }
+  }
+
+  return key;
+}
+
+/* **************************************** */
+
 static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct,
 				struct ndpi_flow_struct *flow,
 				int is_from_client) {
@@ -298,14 +334,11 @@ static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct
   if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) {
     /* Subprotocol not yet set */
 
-    if(ndpi_struct->tls_cert_cache && packet->iph && packet->tcp) {
-      u_int32_t key; /* Server ip/port */
+    if(ndpi_struct->tls_cert_cache) {
       u_int16_t cached_proto;
+      u_int32_t key;
 
-      if(is_from_client)
-        key = packet->iph->daddr + packet->tcp->dest;
-      else
-        key = packet->iph->saddr + packet->tcp->source;
+      key = make_tls_cert_key(packet, is_from_client);
 
       if(ndpi_lru_find_cache(ndpi_struct->tls_cert_cache, key,
 			     &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) {
@@ -695,8 +728,8 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi
 	flow->category = ndpi_get_proto_category(ndpi_struct, ret);
 	ndpi_check_subprotocol_risk(ndpi_struct, flow, proto_id);
 
-	if(ndpi_struct->tls_cert_cache && packet->iph && packet->tcp) {
-	  u_int32_t key = packet->iph->saddr + packet->tcp->source; /* Server */
+	if(ndpi_struct->tls_cert_cache) {
+	  u_int32_t key = make_tls_cert_key(packet, 0 /* from the server */);
 
 	  ndpi_lru_add_to_cache(ndpi_struct->tls_cert_cache, key, proto_id);
 	}
diff --git a/tests/pcap/lru_ipv6_caches.pcapng b/tests/pcap/lru_ipv6_caches.pcapng
new file mode 100644
index 0000000000000000000000000000000000000000..503e8c1a9234b1bed2f63cbb8860057425381b4b
GIT binary patch
literal 24168
zcmeHvcR&+a*Y~8+ks=C4z|f?qFbO?ip@Y&pNHLHAp%X%Nl_H8_0kNSVvWmTT5euRy
ztQ`eZY^b;vP^_!i-g`qvW?6i`>^|)K$M<@7XPkb{`JHor=iHeaq-15KTnPx`W<8Dy
z{z1M88v)sh_^=YWd~P;}O^e8)`SMtioB$pxF*=^Zqot#UW`-8Dh%|0In`UWZNt1Hq
z#&c+qJPwQBcYOkf7tKwKX7-(-GiecAK0k@a<0SIKxyk8f;gPJ!7>;3bBr7>Fy6++e
zla|U)OZ?GkV<wFspE}rCpf?FoMqIgxX_+)rL%OLUI>D4NA)1rO;c+7oG7^Hg0d+V)
z7ELdJ%j2ZRuy}F$G-F_dIZe-r%crIHZ6~uL<5<za0#<6@*$MR7X%T6O{4@q?h?*Fp
z<1(<@*_`xLJ}V-gqYuO*5JQL`4J>^)B8Vi|5(E3N(ZB+?`Cx(VU^4~rnp#um3%21R
zY(!-K=i&42%z(S<3Z{%tAERT`pT_lG+9Lz*{X*+@l1oaxG-Jkzg&z0J_vFg1+!u_f
z`-S8-A%s--nR>YhLQ(L%({}W0&H1)VP!^O~0v6by%q=f!>yp7XT!f8+tTP-2WJ+|!
zB20zJ17!@<VPCN9N`z@p1Z4(?2AM?0aBrMnd*gLMftpiB`CA2+U+|hcZ`N=>CRSX@
z1z<E)M^C=gJTZ(K2=y4KkM5U~1NFgUz!VV!<_i-HgHN%AHoH`A722){^~|wL2)o#(
z8o+F6I<RJ~${V1M*ujityOy`cjMmJ;^np0R2Jty#UN<B@NpZ#W$wd(HLbRs7dco*8
z_1_2c$-$_)ff)QFpV%*jGM8G0D_lz3zH4r{*6CAQ53k)5{4}Ow8*%=dD@O}r{8y?1
zeJCT#ceQAqlbqCgY%mO##s38Zyguq8#)$fi>zF=3rq}^f6WNxp&n4&TVHn_Xf1WZl
zGUKyxGQ|&Ej?yw*b>jvSi^;48eufSD`c+X~T|U@`i?HGCbQRG~*Dy%}0YNnst8MMm
zQ=EMr12Z$785wl}fOtrV6rzogi8%|uArgp^+PZ)>X^$1(owyd=Xft;9C02-zQLY|B
z-f|)KF@iwdVE^b5Dg$*aJ6K<L3GBl~*zh`*iKt_l{B=M^zd#+mOpF5fj=o%WMidK(
zqdV9;Ie6Oyh1)wg+W5KphWq(Ac)Q!UIWT{80;qB8D6kEYQo?M^)kh=>yu3HO+K}!F
z?M=+l6WH79m>%YpZPc~3+fe7jwxqb<d*^S1_D1DxJ=A9>v=<)-qdQLzN&mY-f^onu
zVb0A398}X5>0g^CvCPOCi-QkBFd@co-!{~>f_=CM8=ixzMC72V{6c_n0mL{uBiO^%
z)*p>#xmo;UjB7x|fJTb1@D|`qK%{aF5DEJh=gI2MSHuw=a8iJ^x&Z6K+*cE9dmnDL
z6tnzh{I-$zR@0yrVqLhsu?0b(y%1}B{5$BL9T@+3yIn=J+ck0`7XSFz!gTJ7|2%<?
z>fP6!o<w|#WoK9~xS{Gfn!d2@8Pt(a4hPm?@sE#(w>!@cNj#{1f$<>BkrMfeEFbCP
zi#Nab#^M2w%a-oH;DYaSBJ;wgB^WOFc)<D$o)^}OpH*BrlRNui>x>{~<<*n#&(~E$
zT;ANh0)i651#&fPFlP4!pBs{#F=7G6mj*L~s`6U=?q71dtaT(Oq+#8xIK}Dy)6e)F
zv#-oW5DB{q=J-R=s_7@Z2Fn@6vzqF>fo^aSHVMRk-*Qk_$kf*&stS`Wmx@m?PULho
zoZQ$uXQ$R(RJ-%V4x@|dp{<*LeU%fUOYP_iMpWrfHIN<69}Mi8kM{I@M&uFXx=Xxm
zA4d%2ifMC(MkZ?BC)0W2(ViE!LYa1h%lz$X)4+Jd$A-wc@p3+fdoCyxxoz)rS`6iR
zS-)ZNi0=cB!Y>Vp%<+minNsY#RTGz`iF==RA53P$t;<8=&l^SpY|*N+qdnb^h1fa_
zj;-F}=7DzN`AFn?cziOhuS<F-XWiZMYT2pjn=w1_`L%1xwIRu`)_1Y|>gYc;+Ro8w
zDvRgO|Hs@f$gjg_7+3r#zb?LMET#Q?t(EV#GAY6ZF7IqnaU$dm`?qeuNNDH4J~Lrz
z%aCB)nTf+#YTeZh^BI+6JBFRbFfI|20OTs$%9ep#h4-t-HGY*5CNpD4s%);o%vYD>
zOc&WjP-acFPId7PHhZ~a@0uH+KS_U;jMp?^u(T}aKs_J^_<UdatYt{@{ctLl?=9)s
zrit#+85t4w{{PtL-}8MH7t5XhDc^J6%nixu^sgg@eJHp3a_P`{H`g3tE(Hc-`5w<B
zZ**FRq)*S^DCpB>uK`CtHxl+~$NoNz&!t~Cw+=~-5y!-GDZYPUIN@uIy(<n+;&&;t
zlldofwIfTUx2Vi{0C7neVLxl|T)O$U)`9Vf=X8<B#Phu{e$9}f=v~`aHD2DZIM2+^
zt=7<cRu=bc`qmqUfhS>ncB;j9kC;>?X*d&$PdsK<ecJ|NhSx{r`r~UYh8aFSF;2nP
zAL)mU+A|i^)lK*$VK>_9?Y2eL^K>C*$(O%$^<##QC9UMPfjolOQRF;$cOQlsz(wZu
zM<cN_y@n^(v|v1fml;cIA1D*gBO>RA${vhIpv=~nxz;<6)rF0}i^;@um-zJdfw6&?
zDKd9?41+S^c;t2LHtmM++4roM9ifIjEV)IVxiC@cSx=EwS6~v*hd683$Gf!j+`G%z
zSZv@ixK)08AO`;k_uFwe+-1Fpquhztb)sogF$^-1z6SaGfYiOZK(GrJVIw2bK8HYU
zCzn@^Xet;P7|oSb-RGFlb&}gEUm+$ju-1Dsg4%&-)~p~PFVENAq#87?i|B>C5uz9x
z1^C%gi2&t6o-QEvNq}<8H1E|#fPJ_K8%{29yl8TX<E`!c<c@3jE_Zln6x)=^VzW7H
zhM5U-dbY}4Y6s6lSq84n)>Av&+Qs&K)OBm8><Vi#tX?`>^R!z#G45KqTRX{;ZQRf-
zv1x)u1=4Ef9?SF4se^ZoFs61?AT10E3vAoK?beY2@N5%2YYvV?*)zhZ9SzM!$Kdm2
z(c)@wWeY+8XS)T`_263PDzzhJ`K)8=;5o{Ns2z*DFQ!mC^oyn+rFQJGfAa2f7m#8-
zJt(|#bu4_^l=s&BhGrZ24Ih3Ba@j?T)GrEp&By^q@~Iu+j?>RjJ5G4mxJ<j((5$8i
z<x-lrlmP3(Za->lJ18m8=jgR5I;1c=`+eqpkQhdpm@ri^%>VK)Jkxhpg4%b|tnWTE
z6JrKbn^J}xl%L<`xnk6uDWCRRJbR=~ia_Sukj|!*pSoKgebtcKp+}}#Pg>f9eEit0
z-1A0S791g!Atj3!Tz>TH;f^4K76)pF0jUew>o`H8q<NofY{Nn@J`f!73*TGaq<?+9
z=}s0x5FDAK)JE<#o*c70N<(<fB7*Urj@b{dbt9y{BQ>)sn`twO#v93%yb@lsaCGh|
z6G`X$+_o`&&*_Uj7=w*Mi(w2(Z+uX<3GBl~*syWUuuMH9`LE*|qg!K&PKnR2?v!lq
zun&LZO6>r#pS)6;O$Q(`m|QjkWp;*4U(c~PeYA@ix$3DwK<0ts`m>fyZemnYcnm8w
zMsP*It02Qf#rBT928KZrR+=G}b{sl0#gZA#;fE)4IJ{Iklh0uC9q7z-6Q-*#fk<a&
zfeSc&`a?VLyzzL;gCXIKphb{3;CtU(z*YVyC7&HjeqSF}f$;_&I}h`RKf;dC)-)J)
z<8#`o?6<l+?VR^1XZqZVIRH5VlDx^_?_x&^Y}blu(v-=NDtlNv=Usb9*<jfD82=bM
zJP*k%?;H{y%FPq-(7lCI8`p*V3;0hdG^%EU!PZ|kD_*O=LA=)&i8ULTQQGu1H77zI
z*$bm}qn4ul>5;PhIjTC;4jRGUkL;F&#UlasCs~{O?lwq;WSsvk*{9d29omvbD4~>A
zg=jm;bCy542(KZyDb3B@*d>|T^!i@+6>tr43PQ^rJ4;9B7Q?sdz|H=<2*gFh538;I
zCY0{v7<-`f{b#E(RVsXrc+cLtZAZHU9@iG^`qTyPA|rJL3X*OIG&NRT@t!3oysJ>^
zy4$frzq`ufZ=kFPxf+&89Hq_Z_^5_93u=djkTVRU7=Uc3R3ViBtEf~J6{-ZJ7!`9S
zo0pWF%wZd&C=+m$vHdo{Z+F79^oxQ64R7gx$OZBZRuZU;8*X}@;*j5n58odJ{HEh)
z?ba@HD7Xf!Uu@O~e0xRe4p@JZHTMha8At8#+ts*HrZ_fkS)i^7&tv2l0rzf%YjbtM
z+DWipELbmxe10A9Cs>cPcnsER0=5VI0(f2lFth3PL^1Nd%O|3!9S8H45UCwCvdNW_
zx*$_9A;(I%z_n_y$4Rh0Ui=iSFChfL$z<v6AR~|z4}$e5*+UJ@{XFz<#9;5&z8G92
z`#lCnghm;)v`+x??+fyYqhS32u5CEGfW9{K1lt?EJ;C-x@fTqIBpm2&({&>U<PZ>l
z*F&>cLyrobWoBZEGHC>H6-1m!=A27V`B1s&i6Cyh6z*0aw92gwK^z~D)dZ0vFShUF
z*~3%y=Pn392z^KFrTb&4FS<03%YV7L>Wm3;0E;)x<G5=iiz3JiP9yPKtL&Q$W&vN0
zMdAb9bCQhvI*BrnHI}j-S%K8*k9s;eY{JJSAhz`oWC~(F>JvLF@IqpY_1V5Y;(E1c
z8&P%tx3B!(_wb0U%}KQc#5a(gerWdW>+pzDNP#PYEZFWjD|AJon=sn*N2$tiwoz4f
zhsO!?5;#)5)7R?YWM^PImZ^>xri^w+o=+4WnMXL<Biod_tXrCo9U1GEw-4oLjaBs*
z9w}t5QHdJi9=@*1Rrus0<HprDiuf@ZXF!e@Jh@m>L1MdF&GkDwRfI=Mm<1&>lxI(U
zH|2=%uB9qv8%ZI<UQza7cdewDsOTPckFn6((`+huPPLf@VjEuCAA`RLSqA1p_RZ&Y
zL0}&)!iKBI5G~Q_F+}U;B|!{!{=T7coy$xC4~`6t8utFMDzyWoF9gaQn1|(GcKs-q
z3_GDeST3>H=XhARdiiNA%lGAy`yqcfmk`u{J-dLtMR|Bj`I#e+7iLp043<k`Km9nD
zWD3E87#74Jrvkw~T!am)CnU@pKrJoWds59R69RlsI-_&vpU2>Y@cvr*3j7ca8k9Ss
zP3+Weun!ku!^tINi6)nj70(dJjm|d#@AHzN@2*dccf@LGI^BdhVN;9&wIjFbGN{IO
z@dH7g**kXsZ`6(^|HsvUC$k7apc39=L!ox8adrjyB=O-P55SgtiFwox7i-FHYDet#
zY7hw&Ety8JE+%cIc1*f?4CK9o=lnnw7&2B4+{I;^@1=IM9NlL|?f71`(k+>aDlmDd
zsHn(;e?TGun^<v*GW$~w%KV;L=%CgeqwkRZ&5EvLlz7{VuCtbP$ID~3k7NCQkA0V}
zwO{a|eAZ~z4akzc+&n7mz?F8Lt6^QwHg`P^zcZHbD1tNkkb!4XRGycm!HuMhTG}<W
z<fg>+hNG8$3sAi0vBrM3y)2_@%^cI4$M;xS7+#*Wx9ME?C#!v$zxL+k?0-?+&>~j<
zpnP|o*Xc@fk$Q8Z%tOk9o_;1pnH&WA5%!1WLdQXWW?hs!l>+wRB5XK+B37dL6R}Eq
zEbwRYq66UF_dS6>r^P#hCyrJkvMrbisnOy5tYi)s<(M*)xtvJ21^Xz}WnhijV=(g6
z5557w*cSO4K<Pcf`=#{X-H-NknF@4rjd$vQzl5)AAKh0Q5}6lo3uMmT{s_oi^Pgo-
zEz%hhnR@pHGUs{j2Qp6zWjgoUiT5{@ITZfhK3(ANd0vixmO0Shj34+LU*F$G*{3#v
zIDm_=VKFG#%@~Z62Ok@Cm;PN&4$UW>*0#E3dM)Ae@eLnq47W55#>qM{KjvgSwrAOK
z1F^;DH7gPGnw8vYnAc8mLMt2BIXgmshA6}L8w0Twr7xwXrwoiSyiTej>ZH2ood(n?
zF3rAios>Ny_w8wjN@#R{jN$tdVQ$8d$ShedkeRaBx^bOiu>c2^(3pOic<gO}%mHzY
zw^L;774HbJPgz3zv&@0m|0u5UIE0=o9*6@8@mci_yzin|&wxCpq0(inFfL1Ce6H@d
zuYa_S88}Dk_!uxpN>%JP3BcTNK7gH_<5W(7yKicMXKFtVAB3GoP!}{7pBgX+0WY&k
zM4469Yr&io!5jo1b4R|HQMy^2kq2W6f<#Hm`#dvoZ_%C|x%XU~*;$RGd*nMFC+-?3
z)r;A@iY_J7&h*TDyUo|iZ=qkwcJ0#MrDFmYo@Po=4NqVGl)9~F>pF?hr6Jo2HoeI>
z9Ui*eEfLMgnZlcR)uHI9u3ma+sNIqVmhHMwU=o<;a_l+5?|@=bXO(QQV&|pTe*2Xd
z&+h*wfw%kjvSt5g?8e8KX2A0Ql^A=Ai!uGet*5~75`l}b;bW{q#2Blv_zK?2<ifc2
zV{mwB#_mpOQ#}$vIq+Z1B|?bUcM15-D{w_r=a?Cv%KGQH^vx%-+;4T@a#-WLJj=t2
ztM{AIRf=`D!|xPU;&TcS1lkH~61>fmu5KR^n+<80%`x^-+!$UmH!3oo{$JX>QWTrL
zE?5LNT%C4`@ko2_lbp!nkC}dppv}<_K7&^#n9ca_M>lGBpUMX~z(v^beg@x<MB*=3
zuTj|dqiBaX=W$L(sR<bw_L$E2??)Tb3~keVV=pXcSk2#tDD*s)ANLmOXk+3m-T(av
z@0Ueddxyj?tW}s_lCl$h64KmR3@3}I|IROjH<*q8DHf;yPP!lP_OLuPovRhPwoYkW
z1!XO?`6ZEfb8x@J=^hvozg)=r?iWW^QgCJv+uPXP64M#)mov{wG*iAritlvT_oT99
z_vRZHUrdBLhA@H-_4@@MJCX8-hD68Mb(oI)z^QiZ1e53pJCDBa+5_f9Cg(`SEsZ|l
zB^GaWW69UC8>961r9d5nSFMX1T*prF<3plj!&*#7G&bAZ%-1%`*et_wFdUO^jz>6c
zPgXCiK07I@F1M{HMC?A)adlxxXTOe_!p;Ws`H5OWy+7E8i?B%`26|bbhLBSFh|t6s
zG=l7r{tsIS0q%oX#u|Z8yCd0t<@pOzlV=p<Dt`O+q#V3(CsRBL1Tv98B1s_#ln43l
z7^UwfD0itAxqc1Uhl{Y`<Wkro%e^QyIbwmQJYpMi9YIEtNQfs;)|EtJ?R~#>$1?kB
zYxN=-iPgumrX?4krqfDaO(Py$EZsiC4yhXlrzOIs41P{PfF?;JM6lKZhvX3oLL$a6
zz(4SzlEbADNjXGP2BDau`4l>uPj0Is5eY=1JYm$B#i8flpLEjFtG8LB(S}NiNf^v?
zzBG|cBBE32(x{{u$&V~HoapC6AB8Hz9jW2+cJWDR?5KDak29X;k{D@7r=jZb6lu6}
z|0#He=3r+>v$L6CjH)ZkGU%uo!x9y=V6e*oyA}*%Q%h6JU^MN|vWBAy@PQJ;rR-So
z+^8g8B9}!Ui7LT^;=^UZZzgDt;8zln+|<aV|D>2Ys@kX6h}1-`VdQtcQ&Zy&Ba;%)
zAauBxxWHf{L1;ONAWpJH$hi~Z?<ZYc9eeBclr(=@W~@#*`ubC?x1Oete*SE>scn_H
zl;*uw<^;2^V&TMHvF^;kiUq%u=CX>D`KJSO={GjylXz%8DG?n56j0M5tDqxul{Q{7
zfA)M&+OXx(^A9-m-qe;aTsa0+gBJ`Vk0dLNYLD6w7V~5hK_lYGw}-1`>de%}qD**N
zfozP@^JNSSBe-$Aq%5d={@^C%OZ8uZ4uki~5eVPNz@Or|eWG;85J-t}Vgw3BoCM4k
zZV}O$@bWQaKFUMQt4ynm=h0*M{A8w)Q6w+k*pSVQ=0<XOd??(g-_O9!z{}9dhTyWl
z-e@A?jgz2o8rd8*MUBP8qVr@xe4_fOE~X!mFmkj|os5i(0T1=`LDR7dLD!8%V^D2u
zA0^CF5#E>-nVS5kJJBiMuOiMf!K?+p!Qt^!|8(Jx4CbRUQ19UoV<L*6`GjA@qyV5~
zLTeV0OeE(M;=vL_h(gj3$Bll^(|VWE(1Yt2aNoX}r7+%xf8vYFk-6Jne@_0I0N%Y2
zvI9NM=?Fq5A&#g$k;Zz=o&55twZy&sly@2$J1S!u#0wq~*yW5nue*L(YCN7uldqNA
zt=qdHL+eJE)-OwG6(4e~i=S-FHhQ#m^y2Ksl~0g#MAN}RJjhSmf92#~jb8ncFz>$B
z*vOrA({e)3&Iw6;AO{FXAQlXyfmkQhfk@*%D=jBptXvh`F;TghckCHUay?VBXC~8k
z;zhZ`W!+&!4der-xgk7dRMeNm6{&_XnkH>Z1*pe6FL!I@$q^TQ7N-Goy*BK5_l1yE
z;h%8CJhND)I{U(C-SdA`&bM77`}O)lN~ch+Zoj#l)6Y_tQy1zoLoF+>EaA_YJ5&9O
zKg0H-C#&I?`CrPO6KNK+_QghhvYa0)$G_H-qVj<=EcsRDv^6T+3*R)h`+B^<^B1X)
zvj=kbmLcNqt7;f`r%gZ*X9NJJfpn{Sm`!@ya=F%K)&{c;F23dWN)NVikw?crJ?wrk
zafK|AW`1p^CR2f>yFteKSd}@yAV+TY%Ht0+_)jl*xH9cR&LO0$fHp3o`NV@lj+Qbn
zWQT<xSfuIxWpuZaj5R7NCJ88O-XF3Af;0s|gK^a9;y_nK<v~OOnwGR>#q+rdNjwf+
zNT<?(PO~C7JYQZ~Dxa>2(%^-p;iJA^Nb5gM^G-_Q3uqff=?rr^!^8r$fV6EwXBdP3
z`)GS8Q^b$CxMrtY)M_PZ$F4DXR}DPX*OEpUnJCVhu=2=!i}JbQ#V2dsUa}m|G^JkG
z_PGB-^-}zPuN0%$7p@e^jBC7z>hiV?pa+7U$;MIbpiGRX>dv)6Xueb6g&n;TzGm}g
zG7pm7dj8C(gn9ojK2`iq4HBprU<i<(Q4@@C08QzkV@0GXK@u1PlK^T|HKA(UJbjF-
z{=&>235i@D@ErqXm<kv<0ct@bN1<%gTugGtJZHkZFYyEdYJlotx&Urfg%3;xTt6te
zO84JLL?wjuO!&Ule~dIBI!XDU`lD#8-5I^d;CWf=+=rHKVQ~R#^8-FVe?ng$P{N^{
z7-?@2oI$L)EN^?ZqqO>=gYE~!X?)BU|J6Re#XBpfoVp@+s7+Sd!a3e^yi1ALbhg^U
z3(lzFU5N+fE}C_vG74cUOP9BNrrq|B?<`$*GF!FI{NY@e5xwI&_?9Yihi|=E9}qah
z<HC~V$Y;lyCiF>ePWgGv^KTb~4twb)n^-YAU;7S2CsZNROMYUNsTSFYlT>l)s$JU^
z^*8kBAl*B0&1sU$6tuOKF6*CotabWGF>mry@kVWXpX~iLEY7d4!_GP*O=*#o!ej^U
zIoDRKb$HhEgswJQa*Wj1Nq4qchw+<t>;*L#Va!N`FdEcp${-MjOA(N&e1Z(vln|5b
zOTQ?HhrC`i?+-Muay_U81`ALXIp9<}oq<}Q<|vp36pW^#DX0r5(kSDGk%&|ZLRM02
zTR3IBX@ppBe$J8`rP>MycDy4G{<ObVf4K-wf|)5DWdv6#V29|Ys2TW=5&S2P74RNy
zGG!OFH-EqJl*aAv$G*F`q5N9I$mzegT#5HRc;c=SGaWGF#U|+*zpur;P6vZ_wcqmo
zA{~2QeSX=Cl-BWcP0tNi`2`lgJn-|&L=vJ#vsUZpZhXDJR-f{tdLQXY1@*qM2=#ut
zL5+vsoqG9TSnq!-5vAVWnJE6FdLPII^}eWb{qNK(hQoS4>)>DN{mKW=H`ITb-JRy;
z#cfhAWqzemV=A8?>p2~gwEJhh|FhozS?~9cK7Q8wKkI!F>;0kPZr@E9cb5Y0{#oz;
z*RO<r*84wxE%CG7|5@*^9D|kK|G(Dzsi59Zg7rRqet*4>pZl`ZaZLRt@Io6d!iLR#
zkty{WZ0^h8^AQg}`MYypY$H~cpBcWN{pH-7A`OY~53Biu&3zda^y9fN_;CyMv*(Y-
zEo9ji5x-MZEnYLuUz$QKhU1pGvZ9PzB%FMHG;RTMMf^?y<pxMoMmxiCOS{3qam%iY
z(_iaGx!rvqDt5<*I2;Mrs}FClI&V2`+|E&Be~w#zj$3|?TYipPetxI;+ute13=wyu
zn=$Sdcl$YR8G=vQKgTUU$1Oj<Q~Y24PVs%*;#AW=Zs7|DC~$tz&5T9$1Ae0+j>PJG
z2J@1n&+LYCn;ENq-R-3z^Vv+=P`uDcy=vgx=IudnZu6?O*xcq|OQY0eGux?=W-*b2
z&uxx~D5)PXw;3-J%xxA)W>usHHn-W$-ptuO+1)%LfM-5MFt=Gf_WXyVv1Lo6KK>EX
z@QBx1KYpWk-qlIj%~a<XP4Ulv@kf&FHaul2TT@d^SNHB7#$|7hKDIY<?ziiT(f3Z?
zDW|GG5AZ2|O?v&(M|<Y&-c{RcUj|58MinZTc5PoYv+IxKg3u!XMliSe+<Y1Tw~|*^
zZmv*ZQks=p7mr|oFEt;)N%%b<kM&}SvVmBWk;t#Q0Bgcz9>f~up4C>fUCu4r8~yF8
z9Z6>(*6nr>>*k3V*6yjn{_bd;R}eQfdvL5}rOF0kjh6|q7D;B+;S(6v&bA!ySeElt
zbC!EhAJ!K-kBDb+9L~`a=M|kAxhwz3ttD^M3a53%mhyX#`^`Dbr0-Q)((|HZhIs~)
zHAZT&mdYpAnAf*7tv{bNt;}sTnmF5~D`NdDmxbk>be|ZP=KEJoZZPuA8eOg&&kdfe
zZB<(!*3gIb?{lWM?Kz~m(l#^w{x&Jutt!KpFYd?s3AhM07}wJJW%XylHe7@aZ+D4^
zc9(ox1}3cW;oN51EC<vFwV9S;#NhnX`J{rmgyg=z+xPtTGiF7B^+q^96Z`v!znyts
zWRx&7JKH&DhFFB<B3Dl4?{HpWUD@t?2m<YcF@?AD?Z!1jV&_f;%uX|lfUE=?Hfx$$
zjO)K;r`{A@eu4eBn!AafUF}qj%qD;1C}`)Z(~fO}+nMIEc1Y~};}~XVfGaOH#?RQ%
z(~lSXZ`oOUe|@;r!9(?G_D_%B8+-X#fNN<pv~$5c`mg<VLau-f#x1gW-H`Ox?x%zF
z*XdIP-1xuOUr(U?i7TQ`a8DTLw?xjI`p%(-4(1tS+=!23^uXRB@o)P^%)e2VHg>*o
zE~&<ufzkh#e>K%VZ(88Ls=Z>={A-0(#6!J0d4j*OneajBYQKN+c0PQ6Xh`f#KruTV
zz3nYr9nnPaH(YK1EjyR(KGOQ|b)kjiw)M%{hH~MmNr#9qj<=ke7SeAge%|<$_lN7@
z?+xH0Y<T_!zc~;o@3^WoU~{tlJv{6)?X%2c;-h^q9>vdX-xW-@JG}k<9S5RVUG$P&
zTK4-i1b^pCZ%H(xe@-^u7XkT4hQt?@D==U1yjhvfbjSE?diFp5yKk6n@V5qo<p`sS
zO=iTGy|oc{S8d+gzI?K;Rx};@qA^J}b8uf2x6}@eFS0RTWLkK8Fp_=QsYYxsOkcb&
jj&GX0qkIa{coTEisH{};{kn<IFGC&qOD~V^^Tq!FWRG*9

literal 0
HcmV?d00001

diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out
index a072f768fd6..62f2b0a4e02 100644
--- a/tests/result/1kxun.pcap.out
+++ b/tests/result/1kxun.pcap.out
@@ -11,7 +11,7 @@ LRU cache bittorrent: 0/45/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/8/0 (insert/search/found)
-LRU cache mining:     0/16/0 (insert/search/found)
+LRU cache mining:     0/20/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          164/72 (search/found)
 Automa domain:        156/0 (search/found)
diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out
index e32b912bb39..d443255c15a 100644
--- a/tests/result/6in4tunnel.pcap.out
+++ b/tests/result/6in4tunnel.pcap.out
@@ -9,7 +9,7 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/2/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          9/5 (search/found)
diff --git a/tests/result/6in6tunnel.pcap.out b/tests/result/6in6tunnel.pcap.out
index e427f96a56f..afceeb36d08 100644
--- a/tests/result/6in6tunnel.pcap.out
+++ b/tests/result/6in6tunnel.pcap.out
@@ -8,7 +8,7 @@ LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache mining:     0/1/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          0/0 (search/found)
 Automa domain:        0/0 (search/found)
diff --git a/tests/result/anyconnect-vpn.pcap.out b/tests/result/anyconnect-vpn.pcap.out
index af60ebef6b6..ceca285c152 100644
--- a/tests/result/anyconnect-vpn.pcap.out
+++ b/tests/result/anyconnect-vpn.pcap.out
@@ -11,7 +11,7 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/8/0 (insert/search/found)
+LRU cache tls_cert:   0/11/0 (insert/search/found)
 LRU cache mining:     0/10/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          70/13 (search/found)
diff --git a/tests/result/dtls.pcap.out b/tests/result/dtls.pcap.out
index 95a990e7c87..e812bea9c59 100644
--- a/tests/result/dtls.pcap.out
+++ b/tests/result/dtls.pcap.out
@@ -7,7 +7,7 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/2/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          0/0 (search/found)
diff --git a/tests/result/dtls2.pcap.out b/tests/result/dtls2.pcap.out
index e53020d6b56..ddf97651535 100644
--- a/tests/result/dtls2.pcap.out
+++ b/tests/result/dtls2.pcap.out
@@ -7,7 +7,7 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/3/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          0/0 (search/found)
diff --git a/tests/result/dtls_certificate.pcapng.out b/tests/result/dtls_certificate.pcapng.out
index 9b8a1785187..ebfe62e2935 100644
--- a/tests/result/dtls_certificate.pcapng.out
+++ b/tests/result/dtls_certificate.pcapng.out
@@ -7,7 +7,7 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache tls_cert:   1/1/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          0/0 (search/found)
diff --git a/tests/result/dtls_certificate_fragments.pcap.out b/tests/result/dtls_certificate_fragments.pcap.out
index d3d2b7cf8f7..970818d2105 100644
--- a/tests/result/dtls_certificate_fragments.pcap.out
+++ b/tests/result/dtls_certificate_fragments.pcap.out
@@ -7,7 +7,7 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/3/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          0/0 (search/found)
diff --git a/tests/result/dtls_old_version.pcapng.out b/tests/result/dtls_old_version.pcapng.out
index 553b8590338..f6e0f187378 100644
--- a/tests/result/dtls_old_version.pcapng.out
+++ b/tests/result/dtls_old_version.pcapng.out
@@ -7,7 +7,7 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/5/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          0/0 (search/found)
diff --git a/tests/result/dtls_session_id_and_coockie_both.pcap.out b/tests/result/dtls_session_id_and_coockie_both.pcap.out
index 34fd5ceddc4..d998983452a 100644
--- a/tests/result/dtls_session_id_and_coockie_both.pcap.out
+++ b/tests/result/dtls_session_id_and_coockie_both.pcap.out
@@ -7,7 +7,7 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/3/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          0/0 (search/found)
diff --git a/tests/result/fuzz-2021-10-13.pcap.out b/tests/result/fuzz-2021-10-13.pcap.out
index 2d347ff5854..469f70563dc 100644
--- a/tests/result/fuzz-2021-10-13.pcap.out
+++ b/tests/result/fuzz-2021-10-13.pcap.out
@@ -8,7 +8,7 @@ LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache mining:     0/2/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          0/0 (search/found)
 Automa domain:        0/0 (search/found)
diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out
index 6147c2b6f6e..38771632051 100644
--- a/tests/result/http_ipv6.pcap.out
+++ b/tests/result/http_ipv6.pcap.out
@@ -10,7 +10,7 @@ LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache mining:     0/7/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          7/7 (search/found)
 Automa domain:        7/0 (search/found)
diff --git a/tests/result/lru_ipv6_caches.pcapng.out b/tests/result/lru_ipv6_caches.pcapng.out
new file mode 100644
index 00000000000..a57067b599f
--- /dev/null
+++ b/tests/result/lru_ipv6_caches.pcapng.out
@@ -0,0 +1,49 @@
+Guessed flow protos:	5
+
+DPI Packets (TCP):	9	(3.00 pkts/flow)
+DPI Packets (UDP):	42	(4.67 pkts/flow)
+Confidence Unknown          : 4 (flows)
+Confidence DPI (cache)      : 2 (flows)
+Confidence DPI              : 6 (flows)
+Num dissector calls: 1237 (103.08 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/12/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       2/18/4 (insert/search/found)
+LRU cache tls_cert:   1/3/2 (insert/search/found)
+LRU cache mining:     0/4/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+Automa host:          9/0 (search/found)
+Automa domain:        9/0 (search/found)
+Automa tls cert:      1/1 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  3/3 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia protocols:   0/0 (search/found)
+
+Unknown	23	4214	4
+BitTorrent	2	332	1
+WhatsAppCall	24	3996	3
+STUN	30	3450	1
+Cloudflare	9	8862	3
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+
+
+	1	UDP [32fb:f967:681e:e96b:face:b00c::74fd]:3478 <-> [20ed:470f:6f73:ce60:60be:8b4f:df37:b080]:45658 [proto: 78/STUN][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][14 pkts/1612 bytes <-> 16 pkts/1838 bytes][Goodput ratio: 46/46][2.71 sec][bytes ratio: -0.066 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 12/1 188/155 778/396 231/147][Pkt Len c2s/s2c min/avg/max/stddev: 84/84 115/115 214/206 44/39][PLAIN TEXT (4/WtFTidwfa)][Plen Bins: 46,23,16,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44144 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.16 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
+	3	TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44150 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
+	4	TCP [2001:db8:200::1]:443 -> [2001:db8:1::1]:44192 [proto: 91.220/TLS.Cloudflare][IP: 0/Unknown][Encrypted][Confidence: DPI (cache)][cat: Web/5][3 pkts/2954 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][0.15 sec][(Negotiated) ALPN: h2][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.2][ServerNames: *.bikroy.com,sni.cloudflaressl.com,bikroy.com][JA3S: 9ebc57def2efb523f25c77af13aa6d48][Issuer: C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3][Subject: C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com][Certificate SHA-1: FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0][Validity: 2021-06-29 00:00:00 - 2022-06-28 23:59:59][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
+	5	UDP [3069:c624:1d42:9469:98b1:67ff:fe43:325]:56131 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][11 pkts/1958 bytes -> 0 pkts/0 bytes][Goodput ratio: 65/0][2.35 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 7/0 236/0 1183/0 350/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 178/0 214/0 41/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BHBeRjaHJ)][Plen Bins: 9,0,18,0,72,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	UDP [2118:ec33:112b:7908:2c80:27ff:fef7:d71f]:48415 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][11 pkts/1742 bytes -> 0 pkts/0 bytes][Goodput ratio: 61/0][2.97 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 2/0 279/0 1388/0 400/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 158/0 214/0 51/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (NGuJOnsW)][Plen Bins: 18,0,36,0,45,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2fda:1f8a:c107:88a4:e509:d2e1:445f:f34c]:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][8.49 sec][Risk: ** Known Proto on Non Std Port **** Unidirectional Traffic **][Risk Score: 60][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	8	UDP [3297:a1af:5121:cfc:360b:2e07:872f:1ea0]:43865 -> [32fb:f967:681e:e96b:face:b00c::74fd]:3478 [proto: 78.45/STUN.WhatsAppCall][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VoIP/10][2 pkts/296 bytes -> 0 pkts/0 bytes][Goodput ratio: 58/0][0.26 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (BZ9/sp6)][Plen Bins: 50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+
+
+Undetected flows:
+	1	UDP [2a2f:8509:1cb2:466d:ecbf:69d6:109c:608]:62229 -> [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][9 pkts/2397 bytes -> 0 pkts/0 bytes][Goodput ratio: 77/0][9.99 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 1249/0 8358/0 2694/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 266/0 610/0 243/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (added.f)][Plen Bins: 44,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27]:60506 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][11 pkts/1319 bytes -> 0 pkts/0 bytes][Goodput ratio: 48/0][6.03 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 670/0 2769/0 758/0][Pkt Len c2s/s2c min/avg/max/stddev: 82/0 120/0 431/0 99/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (added.f)][Plen Bins: 72,18,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [38b2:46b7:27a4:94c3:c134:948:e069:d71f]:1 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][2 pkts/332 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][20.08 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP [3991:72d:336e:65ec:c5bf:a5fa:83ad:23de]:6881 -> [2c7f:d7a0:44a9:49e9:e586:fb7f:5b85:9c83]:1 [proto: 0/Unknown][IP: 0/Unknown][ClearText][Confidence: Unknown][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 62/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (hash20)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/result/pinterest.pcap.out b/tests/result/pinterest.pcap.out
index 34a4ef48015..5086b6626f2 100644
--- a/tests/result/pinterest.pcap.out
+++ b/tests/result/pinterest.pcap.out
@@ -8,8 +8,8 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/6/0 (insert/search/found)
+LRU cache mining:     0/16/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          22/17 (search/found)
 Automa domain:        22/0 (search/found)
diff --git a/tests/result/radius_false_positive.pcapng.out b/tests/result/radius_false_positive.pcapng.out
index 9565510eb98..be5b67cf8c0 100644
--- a/tests/result/radius_false_positive.pcapng.out
+++ b/tests/result/radius_false_positive.pcapng.out
@@ -8,7 +8,7 @@ LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache mining:     0/1/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          0/0 (search/found)
 Automa domain:        0/0 (search/found)
diff --git a/tests/result/reddit.pcap.out b/tests/result/reddit.pcap.out
index 84957d9cfd5..82ead0bd1d1 100644
--- a/tests/result/reddit.pcap.out
+++ b/tests/result/reddit.pcap.out
@@ -8,8 +8,8 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/14/0 (insert/search/found)
+LRU cache mining:     0/1/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          70/52 (search/found)
 Automa domain:        70/0 (search/found)
diff --git a/tests/result/smtp-starttls.pcap.out b/tests/result/smtp-starttls.pcap.out
index f55ca99bfa7..111f340d635 100644
--- a/tests/result/smtp-starttls.pcap.out
+++ b/tests/result/smtp-starttls.pcap.out
@@ -7,7 +7,7 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/2/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          3/1 (search/found)
diff --git a/tests/result/stun.pcap.out b/tests/result/stun.pcap.out
index a0248eee4dd..cb49a7abaad 100644
--- a/tests/result/stun.pcap.out
+++ b/tests/result/stun.pcap.out
@@ -7,7 +7,7 @@ Num dissector calls: 589 (147.25 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
-LRU cache stun:       4/20/0 (insert/search/found)
+LRU cache stun:       4/34/0 (insert/search/found)
 LRU cache tls_cert:   0/0/0 (insert/search/found)
 LRU cache mining:     0/0/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
diff --git a/tests/result/tumblr.pcap.out b/tests/result/tumblr.pcap.out
index 2ed9d061ee0..3a3f520d855 100644
--- a/tests/result/tumblr.pcap.out
+++ b/tests/result/tumblr.pcap.out
@@ -8,8 +8,8 @@ LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
-LRU cache tls_cert:   0/0/0 (insert/search/found)
-LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/8/0 (insert/search/found)
+LRU cache mining:     0/28/0 (insert/search/found)
 LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          9/5 (search/found)
 Automa domain:        9/0 (search/found)