From bcc95cdfc03db3268fa2b056c7fa121079fe3b58 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Sun, 3 Dec 2023 09:03:56 +0100 Subject: [PATCH] Add realtime protocol output to `ndpiReader`. * support for using a new flow callback invoked before the flow memory is free'd * minor fixes * Win32 gmtime fix Signed-off-by: Toni Uhlig --- example/ndpiReader.c | 74 ++++++++++++++ example/reader_util.c | 3 + example/reader_util.h | 10 ++ src/include/ndpi_define.h.in | 17 ++-- src/lib/ndpi_main.c | 2 +- src/lib/ndpi_utils.c | 6 +- tests/cfgs/default/result/1kxun.pcap.out | 5 + tests/cfgs/default/result/EAQ.pcap.out | 2 + .../cfgs/default/result/alexa-app.pcapng.out | 8 ++ tests/cfgs/default/result/android.pcap.out | 21 ++++ .../result/dns_ambiguous_names.pcap.out | 2 + tests/cfgs/default/result/gquic.pcap.out | 1 + tests/cfgs/default/result/http_ipv6.pcap.out | 1 + tests/cfgs/default/result/ocs.pcap.out | 1 + tests/cfgs/default/result/pinterest.pcap.out | 6 ++ tests/cfgs/default/result/quic-27.pcap.out | 1 + tests/cfgs/default/result/quic.pcap.out | 7 ++ tests/cfgs/default/result/quic046.pcap.out | 1 + tests/cfgs/default/result/quic_0RTT.pcap.out | 1 + ..._of_order_same_packet_craziness.pcapng.out | 99 +++++++++++++++++++ tests/cfgs/default/result/quic_q39.pcap.out | 1 + tests/cfgs/default/result/quic_q46.pcap.out | 1 + tests/cfgs/default/result/quic_q46_b.pcap.out | 1 + tests/cfgs/default/result/quic_q50.pcap.out | 1 + tests/cfgs/default/result/quic_t50.pcap.out | 1 + tests/cfgs/default/result/quic_t51.pcap.out | 1 + tests/cfgs/default/result/quickplay.pcap.out | 1 + tests/cfgs/default/result/reddit.pcap.out | 27 +++++ tests/cfgs/default/result/sites.pcapng.out | 6 ++ .../default/result/smtp-starttls.pcap.out | 1 + .../default/result/starcraft_battle.pcap.out | 1 + tests/cfgs/default/result/telegram.pcap.out | 3 + .../result/tls_unidirectional.pcap.out | 1 + tests/cfgs/default/result/tumblr.pcap.out | 2 + tests/cfgs/default/result/tunnelbear.pcap.out | 1 + tests/cfgs/default/result/viber.pcap.out | 3 + tests/cfgs/default/result/wa_voice.pcap.out | 1 + tests/cfgs/default/result/webex.pcap.out | 1 + tests/cfgs/default/result/wechat.pcap.out | 8 ++ .../cfgs/default/result/youtube_quic.pcap.out | 3 + .../default/result/youtubeupload.pcap.out | 3 + .../enable_payload_stat/result/1kxun.pcap.out | 5 + windows/src/ndpi_define.h | 17 ++-- 43 files changed, 338 insertions(+), 20 deletions(-) diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 919a7963dd7..cc62d0d4913 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2643,6 +2643,77 @@ static void debug_printf(u_int32_t protocol, void *id_struct, /* *********************************************** */ +static int is_realtime_protocol(ndpi_protocol proto) +{ + static u_int16_t const realtime_protos[] = { + NDPI_PROTOCOL_YOUTUBE, + NDPI_PROTOCOL_YOUTUBE_UPLOAD, + NDPI_PROTOCOL_TIKTOK, + NDPI_PROTOCOL_GOOGLE, + NDPI_PROTOCOL_GOOGLE_CLASSROOM, + NDPI_PROTOCOL_GOOGLE_CLOUD, + NDPI_PROTOCOL_GOOGLE_DOCS, + NDPI_PROTOCOL_GOOGLE_DRIVE, + NDPI_PROTOCOL_GOOGLE_MAPS, + NDPI_PROTOCOL_GOOGLE_SERVICES + }; + + for (u_int16_t i = 0; i < NDPI_ARRAY_LENGTH(realtime_protos); i++) { + if (proto.app_protocol == realtime_protos[i] + || proto.master_protocol == realtime_protos[i]) + { + return 1; + } + } + + return 0; +} + +static void dump_realtime_protocol(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) +{ + FILE *out = results_file ? results_file : stdout; + char srcip[64], dstip[64]; + char ip_proto[64], app_name[64]; + char date[64]; + int ret = is_realtime_protocol(flow->detected_protocol); + time_t firsttime = flow->first_seen_ms; + struct tm result; + + if (ndpi_gmtime_r(&firsttime, &result) != NULL) + { + strftime(date, sizeof(date), "%d.%m.%y %H:%M:%S", &result); + } else { + snprintf(date, sizeof(date), "%s", "Unknown"); + } + + if (flow->ip_version==4) { + inet_ntop(AF_INET, &flow->src_ip, srcip, sizeof(srcip)); + inet_ntop(AF_INET, &flow->dst_ip, dstip, sizeof(dstip)); + } else { + snprintf(srcip, sizeof(srcip), "[%s]", flow->src_name); + snprintf(dstip, sizeof(dstip), "[%s]", flow->dst_name); + } + + ndpi_protocol2name(workflow->ndpi_struct, flow->detected_protocol, app_name, sizeof(app_name)); + + if (ret == 1) { + fprintf(out, "Detected Realtime protocol %s --> [%s] %s:%d <--> %s:%d app=%s <%s>\n", + date, ndpi_get_ip_proto_name(flow->protocol, ip_proto, sizeof(ip_proto)), + srcip, ntohs(flow->src_port), dstip, ntohs(flow->dst_port), + app_name, flow->human_readeable_string_buffer); + } +} + +static void on_protocol_discovered(struct ndpi_workflow * workflow, + struct ndpi_flow_info * flow, + void * userdata) +{ + (void)userdata; + dump_realtime_protocol(workflow, flow); +} + +/* *********************************************** */ + /** * @brief Setup for detection begin */ @@ -2701,6 +2772,9 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { } } + ndpi_workflow_set_flow_callback(ndpi_thread_info[thread_id].workflow, + on_protocol_discovered, NULL); + /* Make sure to load lists before finalizing the initialization */ ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].workflow->ndpi_struct, &enabled_bitmask); diff --git a/example/reader_util.c b/example/reader_util.c index 64b00b18f11..480c3f1802b 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -1423,6 +1423,9 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->flow_payload = flow->ndpi_flow->flow_payload, flow->flow_payload_len = flow->ndpi_flow->flow_payload_len; flow->ndpi_flow->flow_payload = NULL; /* We'll free the memory */ + if(workflow->flow_callback != NULL) + workflow->flow_callback(workflow, flow, workflow->flow_callback_userdata); + ndpi_free_flow_info_half(flow); } } diff --git a/example/reader_util.h b/example/reader_util.h index 9c55355e64c..b0e6a88c146 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -374,6 +374,9 @@ typedef struct ndpi_workflow { struct ndpi_workflow_prefs prefs; struct ndpi_stats stats; + ndpi_workflow_callback_ptr flow_callback; + void * flow_callback_userdata; + /* outside referencies */ pcap_t *pcap_handle; @@ -408,6 +411,13 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, const u_char *packet, ndpi_risk *flow_risk); + +/* Flow callback for completed flows, before the flow memory will be freed. */ +static inline void ndpi_workflow_set_flow_callback(struct ndpi_workflow * workflow, ndpi_workflow_callback_ptr callback, void * userdata) { + workflow->flow_callback = callback; + workflow->flow_callback_userdata = userdata; +} + int ndpi_is_datalink_supported(int datalink_type); /* compare two nodes in workflow */ diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 4d61d7130e4..3a5585f1274 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -290,14 +290,15 @@ ndpi_parse_packet_line_info(ndpi_struct,flow); \ } \ -#define NDPI_IPSEC_PROTOCOL_ESP 50 -#define NDPI_IPSEC_PROTOCOL_AH 51 -#define NDPI_GRE_PROTOCOL_TYPE 0x2F -#define NDPI_ICMP_PROTOCOL_TYPE 0x01 -#define NDPI_IGMP_PROTOCOL_TYPE 0x02 -#define NDPI_EGP_PROTOCOL_TYPE 0x08 -#define NDPI_OSPF_PROTOCOL_TYPE 0x59 -#define NDPI_SCTP_PROTOCOL_TYPE 132 +#define NDPI_IPSEC_PROTOCOL_ESP 50 +#define NDPI_IPSEC_PROTOCOL_AH 51 +#define NDPI_GRE_PROTOCOL_TYPE 0x2F +#define NDPI_ICMP_PROTOCOL_TYPE 0x01 +#define NDPI_IGMP_PROTOCOL_TYPE 0x02 +#define NDPI_EGP_PROTOCOL_TYPE 0x08 +#define NDPI_OSPF_PROTOCOL_TYPE 0x59 +#define NDPI_VRRP_PROTOCOL_TYPE 112 +#define NDPI_SCTP_PROTOCOL_TYPE 132 #define NDPI_IPIP_PROTOCOL_TYPE 0x04 #define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a #define NDPI_PGM_PROTOCOL_TYPE 0x71 diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9c327aa096a..8c622bc1e16 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4081,7 +4081,7 @@ static u_int16_t guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str } } return(NDPI_PROTOCOL_IP_ICMPV6); - case 112: + case NDPI_VRRP_PROTOCOL_TYPE: return(NDPI_PROTOCOL_IP_VRRP); } } diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index ff56bb61d3a..2c5e9a37816 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1569,7 +1569,7 @@ char *ndpi_get_ip_proto_name(u_int16_t ip_proto, char *name, unsigned int name_l snprintf(name, name_len, "PIM"); break; - case 112: + case NDPI_VRRP_PROTOCOL_TYPE: snprintf(name, name_len, "VRRP"); break; @@ -2815,8 +2815,8 @@ int ndpi_vsnprintf(char * str, size_t size, char const * format, va_list va_args struct tm *ndpi_gmtime_r(const time_t *timep, struct tm *result) { -#ifdef WIN32 - gmtime_s(result, timep); +#if defined(WIN32) && !defined(__GNUC__) + _gmtime64_s(result, timep); return result; #else return gmtime_r(timep, result); diff --git a/tests/cfgs/default/result/1kxun.pcap.out b/tests/cfgs/default/result/1kxun.pcap.out index 06c62403ac6..b1d7e30bc2a 100644 --- a/tests/cfgs/default/result/1kxun.pcap.out +++ b/tests/cfgs/default/result/1kxun.pcap.out @@ -1,3 +1,8 @@ +Detected Realtime protocol 19.05.95 04:04:06 --> [TCP] 192.168.2.126:41390 <--> 18.64.79.37:80 app=HTTP.Google +Detected Realtime protocol 19.05.95 04:33:00 --> [TCP] 192.168.2.126:38354 <--> 142.250.186.34:80 app=HTTP.Google +Detected Realtime protocol 19.05.95 04:42:17 --> [TCP] 192.168.2.126:36732 <--> 142.250.186.174:80 app=HTTP.Google +Detected Realtime protocol 19.05.95 08:26:40 --> [TCP] 192.168.2.126:44368 <--> 172.217.18.98:80 app=HTTP.GoogleServices +Detected Realtime protocol 20.05.95 05:20:06 --> [TCP] 192.168.2.126:53416 <--> 172.217.16.142:80 app=HTTP.Google Guessed flow protos: 6 DPI Packets (TCP): 408 (4.16 pkts/flow) diff --git a/tests/cfgs/default/result/EAQ.pcap.out b/tests/cfgs/default/result/EAQ.pcap.out index 0f8825bfb02..a2e017d1a5c 100644 --- a/tests/cfgs/default/result/EAQ.pcap.out +++ b/tests/cfgs/default/result/EAQ.pcap.out @@ -1,3 +1,5 @@ +Detected Realtime protocol 15.04.74 19:02:42 --> [TCP] 10.8.0.1:53497 <--> 173.194.119.48:80 app=HTTP.Google +Detected Realtime protocol 15.04.74 19:07:16 --> [TCP] 10.8.0.1:40467 <--> 173.194.119.24:80 app=HTTP.Google DPI Packets (TCP): 12 (6.00 pkts/flow) DPI Packets (UDP): 116 (4.00 pkts/flow) Confidence DPI : 31 (flows) diff --git a/tests/cfgs/default/result/alexa-app.pcapng.out b/tests/cfgs/default/result/alexa-app.pcapng.out index 65254dadc9d..5e0888ae59d 100644 --- a/tests/cfgs/default/result/alexa-app.pcapng.out +++ b/tests/cfgs/default/result/alexa-app.pcapng.out @@ -1,3 +1,11 @@ +Detected Realtime protocol 23.02.17 22:53:13 --> [UDP] 172.16.42.216:3440 <--> 172.16.42.1:53 app=DNS.Google +Detected Realtime protocol 23.02.17 22:54:07 --> [UDP] 172.16.42.216:55619 <--> 172.16.42.1:53 app=DNS.Google +Detected Realtime protocol 23.02.17 22:54:17 --> [TCP] 172.16.42.216:60246 <--> 172.217.9.142:80 app=HTTP.Google +Detected Realtime protocol 23.02.17 23:38:42 --> [UDP] 172.16.42.216:52603 <--> 172.16.42.1:53 app=DNS.Google +Detected Realtime protocol 23.02.17 23:38:34 --> [UDP] 172.16.42.216:53188 <--> 172.16.42.1:53 app=DNS.GoogleServices +Detected Realtime protocol 23.02.17 23:39:27 --> [TCP] 172.16.42.216:42878 <--> 173.194.223.188:5228 app=TLS.GoogleServices +Detected Realtime protocol 23.02.17 23:42:04 --> [UDP] 172.16.42.216:10462 <--> 172.16.42.1:53 app=DNS.Google +Detected Realtime protocol 23.02.17 23:42:13 --> [TCP] 172.16.42.216:35540 <--> 172.217.9.142:80 app=HTTP.Google Guessed flow protos: 14 DPI Packets (TCP): 850 (7.02 pkts/flow) diff --git a/tests/cfgs/default/result/android.pcap.out b/tests/cfgs/default/result/android.pcap.out index 13bed82d767..3da2dde4926 100644 --- a/tests/cfgs/default/result/android.pcap.out +++ b/tests/cfgs/default/result/android.pcap.out @@ -1,3 +1,24 @@ +Detected Realtime protocol 31.12.15 20:33:57 --> [UDP] 192.168.2.16:34540 <--> 192.168.2.1:53 app=DNS.Google +Detected Realtime protocol 31.12.15 20:35:23 --> [UDP] 192.168.2.16:54837 <--> 192.168.2.1:53 app=DNS.GoogleServices +Detected Realtime protocol 31.12.15 20:34:48 --> [TCP] 192.168.2.16:32974 <--> 216.239.38.120:443 app=TLS.Google +Detected Realtime protocol 31.12.15 20:45:48 --> [TCP] 192.168.2.16:52486 <--> 172.217.20.74:443 app=TLS.GoogleServices +Detected Realtime protocol 31.12.15 20:47:42 --> [UDP] 192.168.2.16:47081 <--> 192.168.2.1:53 app=DNS.Google +Detected Realtime protocol 31.12.15 20:49:57 --> [UDP] 192.168.2.16:51430 <--> 192.168.2.1:53 app=DNS.Google +Detected Realtime protocol 31.12.15 20:48:47 --> [TCP] 192.168.2.16:36890 <--> 172.217.18.3:443 app=TLS.Google +Detected Realtime protocol 31.12.15 20:48:31 --> [TCP] 192.168.2.16:36888 <--> 172.217.18.3:443 app=TLS.Google +Detected Realtime protocol 31.12.15 21:02:41 --> [UDP] 192.168.2.16:39008 <--> 192.168.2.1:53 app=DNS.GoogleServices +Detected Realtime protocol 31.12.15 21:05:17 --> [TCP] 192.168.2.16:50384 <--> 172.217.168.206:443 app=TLS.Google +Detected Realtime protocol 31.12.15 21:31:55 --> [UDP] 192.168.2.16:40580 <--> 192.168.2.1:53 app=DNS.Google +Detected Realtime protocol 31.12.15 21:32:32 --> [TCP] 192.168.2.16:32996 <--> 216.239.38.120:443 app=TLS.Google +Detected Realtime protocol 31.12.15 21:34:52 --> [UDP] 192.168.2.16:46359 <--> 192.168.2.1:53 app=DNS.Google +Detected Realtime protocol 31.12.15 21:35:21 --> [TCP] 192.168.2.16:32998 <--> 216.239.38.120:443 app=TLS.Google +Detected Realtime protocol 31.12.15 21:35:43 --> [UDP] 192.168.2.16:35689 <--> 192.168.2.1:53 app=DNS.GoogleServices +Detected Realtime protocol 31.12.15 21:40:00 --> [UDP] 192.168.2.16:58892 <--> 192.168.2.1:53 app=DNS.Google +Detected Realtime protocol 31.12.15 21:40:23 --> [TCP] 192.168.2.16:33002 <--> 216.239.38.120:443 app=TLS.Google +Detected Realtime protocol 31.12.15 21:43:47 --> [UDP] 192.168.2.16:32832 <--> 192.168.2.1:53 app=DNS.Google +Detected Realtime protocol 31.12.15 21:43:59 --> [TCP] 192.168.2.16:33014 <--> 216.239.38.120:443 app=TLS.Google +Detected Realtime protocol 31.12.15 21:44:41 --> [UDP] 192.168.2.16:39760 <--> 192.168.2.1:53 app=DNS.GoogleServices +Detected Realtime protocol 31.12.15 21:45:47 --> [TCP] 192.168.2.16:44374 <--> 172.217.22.10:443 app=TLS.GoogleServices Guessed flow protos: 3 DPI Packets (TCP): 147 (5.25 pkts/flow) diff --git a/tests/cfgs/default/result/dns_ambiguous_names.pcap.out b/tests/cfgs/default/result/dns_ambiguous_names.pcap.out index afabfe15beb..e89d0d84f57 100644 --- a/tests/cfgs/default/result/dns_ambiguous_names.pcap.out +++ b/tests/cfgs/default/result/dns_ambiguous_names.pcap.out @@ -1,3 +1,5 @@ +Detected Realtime protocol 12.10.87 21:57:08 --> [UDP] 10.200.2.11:46134 <--> 8.8.8.8:53 app=DNS.GoogleServices +Detected Realtime protocol 12.10.87 21:59:37 --> [UDP] 10.200.2.11:44198 <--> 8.8.8.8:53 app=DNS.Google DPI Packets (UDP): 20 (2.00 pkts/flow) Confidence DPI : 10 (flows) Num dissector calls: 10 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/gquic.pcap.out b/tests/cfgs/default/result/gquic.pcap.out index c39aabab9e2..eba8179fb89 100644 --- a/tests/cfgs/default/result/gquic.pcap.out +++ b/tests/cfgs/default/result/gquic.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 19.07.14 21:32:58 --> [UDP] 10.44.5.25:61097 <--> 216.58.213.163:443 app=QUIC.Google <> DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 1 (flows) Num dissector calls: 1 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/http_ipv6.pcap.out b/tests/cfgs/default/result/http_ipv6.pcap.out index 7b4e4755cb5..6e8a05c7421 100644 --- a/tests/cfgs/default/result/http_ipv6.pcap.out +++ b/tests/cfgs/default/result/http_ipv6.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 28.10.63 03:50:00 --> [UDP] [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <--> [2a00:1450:4001:803::1017]:443 app=QUIC.Google Guessed flow protos: 7 DPI Packets (TCP): 77 (5.92 pkts/flow) diff --git a/tests/cfgs/default/result/ocs.pcap.out b/tests/cfgs/default/result/ocs.pcap.out index 7312aac6885..69d1574588a 100644 --- a/tests/cfgs/default/result/ocs.pcap.out +++ b/tests/cfgs/default/result/ocs.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 02.09.07 20:35:57 --> [TCP] 192.168.180.2:32946 <--> 64.233.184.188:443 app=TLS.GoogleServices Guessed flow protos: 2 DPI Packets (TCP): 92 (7.67 pkts/flow) diff --git a/tests/cfgs/default/result/pinterest.pcap.out b/tests/cfgs/default/result/pinterest.pcap.out index 85edd088fc3..350ecc94dda 100644 --- a/tests/cfgs/default/result/pinterest.pcap.out +++ b/tests/cfgs/default/result/pinterest.pcap.out @@ -1,3 +1,9 @@ +Detected Realtime protocol 10.08.39 01:36:30 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40694 <--> [2a00:1450:4007:816::2004]:443 app=TLS.Google +Detected Realtime protocol 10.08.39 01:45:33 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51582 <--> [2a00:1450:4007:816::2003]:443 app=TLS.Google +Detected Realtime protocol 10.08.39 01:47:01 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54416 <--> [2a00:1450:4007:806::200e]:443 app=TLS.Google +Detected Realtime protocol 10.08.39 01:59:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47790 <--> [2a00:1450:4007:816::200a]:443 app=TLS.GoogleServices +Detected Realtime protocol 10.08.39 02:25:48 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40894 <--> [2a00:1450:4007:816::200d]:443 app=TLS.Google +Detected Realtime protocol 10.08.39 06:42:52 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:45126 <--> [2a00:1450:4007:80a::200e]:443 app=TLS.Google Guessed flow protos: 16 DPI Packets (TCP): 216 (5.84 pkts/flow) diff --git a/tests/cfgs/default/result/quic-27.pcap.out b/tests/cfgs/default/result/quic-27.pcap.out index 7c01e8ab9db..23c106195d8 100644 --- a/tests/cfgs/default/result/quic-27.pcap.out +++ b/tests/cfgs/default/result/quic-27.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 08.10.30 13:05:15 --> [UDP] [3ef4:2194:f4a6:3503:40cd:714:57:c4e4]:64229 <--> [2f3d:64d1:9d59:549b::200e]:443 app=QUIC.Google <> DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 1 (flows) Num dissector calls: 1 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/quic.pcap.out b/tests/cfgs/default/result/quic.pcap.out index 108b5f86b69..6fb310c344c 100644 --- a/tests/cfgs/default/result/quic.pcap.out +++ b/tests/cfgs/default/result/quic.pcap.out @@ -1,3 +1,10 @@ +Detected Realtime protocol 23.07.32 03:51:41 --> [UDP] 192.168.1.105:45669 <--> 172.217.16.4:443 app=QUIC.Google +Detected Realtime protocol 23.07.32 03:52:16 --> [UDP] 192.168.1.105:34438 <--> 216.58.210.238:443 app=QUIC.YouTube +Detected Realtime protocol 23.07.32 03:52:29 --> [UDP] 192.168.1.105:48445 <--> 216.58.214.110:443 app=QUIC.YouTube +Detected Realtime protocol 23.07.32 03:52:36 --> [UDP] 192.168.1.105:40030 <--> 216.58.201.227:443 app=QUIC.Google +Detected Realtime protocol 23.07.32 03:52:44 --> [UDP] 192.168.1.105:55934 <--> 216.58.201.238:443 app=QUIC.YouTube +Detected Realtime protocol 23.07.32 03:52:58 --> [UDP] 192.168.1.105:53817 <--> 216.58.210.225:443 app=QUIC.YouTube +Detected Realtime protocol 12.01.33 11:01:39 --> [UDP] 192.168.1.109:35236 <--> 216.58.210.206:443 app=QUIC.YouTube Guessed flow protos: 1 DPI Packets (UDP): 12 (1.20 pkts/flow) diff --git a/tests/cfgs/default/result/quic046.pcap.out b/tests/cfgs/default/result/quic046.pcap.out index 1bdc0674d08..49661f11caa 100644 --- a/tests/cfgs/default/result/quic046.pcap.out +++ b/tests/cfgs/default/result/quic046.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 02.06.79 07:58:53 --> [UDP] 192.168.1.236:50587 <--> 216.58.206.86:443 app=QUIC.YouTube DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 1 (flows) Num dissector calls: 1 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/quic_0RTT.pcap.out b/tests/cfgs/default/result/quic_0RTT.pcap.out index 1c03094ba9e..a415ba018c5 100644 --- a/tests/cfgs/default/result/quic_0RTT.pcap.out +++ b/tests/cfgs/default/result/quic_0RTT.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 23.12.24 12:00:02 --> [UDP] 192.168.2.100:51972 <--> 142.250.181.227:443 app=QUIC.Google <> DPI Packets (UDP): 4 (2.00 pkts/flow) Confidence DPI : 2 (flows) Num dissector calls: 199 (99.50 diss/flow) diff --git a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 6d083b602d5..959c223a0a5 100644 --- a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,3 +1,102 @@ +Detected Realtime protocol 30.08.50 17:57:44 --> [UDP] 133.205.75.230:56528 <--> 208.229.157.81:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 05.09.50 17:46:41 --> [UDP] 147.196.90.42:61647 <--> 177.86.46.206:443 app=QUIC.Google <> +Detected Realtime protocol 17.10.50 16:37:50 --> [UDP] 168.144.64.5:55376 <--> 212.22.246.243:443 app=QUIC.Google +Detected Realtime protocol 17.10.50 16:38:29 --> [UDP] 168.144.64.5:64964 <--> 133.202.76.105:443 app=QUIC.Google <> +Detected Realtime protocol 17.10.50 18:30:15 --> [UDP] 168.144.64.5:59827 <--> 37.47.218.224:443 app=QUIC.Google <> +Detected Realtime protocol 18.10.50 10:01:33 --> [UDP] 168.144.64.5:51053 <--> 241.138.147.133:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 05.12.50 19:47:19 --> [UDP] 10.117.78.100:44252 <--> 251.236.18.198:443 app=QUIC.Google <> +Detected Realtime protocol 06.12.50 00:54:33 --> [UDP] 10.117.78.100:55273 <--> 202.152.155.121:443 app=QUIC.Google <> +Detected Realtime protocol 10.02.51 23:15:29 --> [UDP] 168.144.64.5:53404 <--> 113.250.137.243:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 10.02.51 23:48:55 --> [UDP] 168.144.64.5:53431 <--> 128.248.24.1:443 app=QUIC.Google <> +Detected Realtime protocol 11.02.51 00:53:11 --> [UDP] 168.144.64.5:50482 <--> 121.209.126.161:443 app=QUIC.YouTube <> +Detected Realtime protocol 11.02.51 01:17:55 --> [UDP] 168.144.64.5:62652 <--> 158.146.215.30:443 app=QUIC.Google <> +Detected Realtime protocol 11.02.51 01:50:55 --> [UDP] 168.144.64.5:63136 <--> 9.65.169.252:443 app=QUIC.YouTube <> +Detected Realtime protocol 11.02.51 14:47:09 --> [UDP] 168.144.64.5:51456 <--> 102.194.207.179:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 11.02.51 18:32:15 --> [UDP] 168.144.64.5:63163 <--> 113.250.137.243:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 11.02.51 18:59:56 --> [UDP] 168.144.64.5:51248 <--> 99.42.133.245:443 app=QUIC.Google <> +Detected Realtime protocol 12.02.51 11:49:23 --> [UDP] 168.144.64.5:60896 <--> 45.228.175.189:443 app=QUIC.Google <> +Detected Realtime protocol 12.02.51 21:19:48 --> [UDP] 168.144.64.5:60551 <--> 128.248.24.1:443 app=QUIC.Google <> +Detected Realtime protocol 13.02.51 02:09:02 --> [UDP] 168.144.64.5:56488 <--> 177.86.46.206:443 app=QUIC.YouTube <> +Detected Realtime protocol 14.02.51 04:14:13 --> [UDP] 168.144.64.5:51296 <--> 128.248.24.1:443 app=QUIC.Google <> +Detected Realtime protocol 16.02.51 07:07:20 --> [UDP] 168.144.64.5:57767 <--> 76.83.40.87:443 app=QUIC.YouTube <> +Detected Realtime protocol 17.02.51 10:17:21 --> [UDP] 168.144.64.5:63736 <--> 213.188.47.247:443 app=QUIC.YouTube <> +Detected Realtime protocol 17.02.51 10:22:10 --> [UDP] 168.144.64.5:52273 <--> 244.214.160.219:443 app=QUIC.YouTube <> +Detected Realtime protocol 17.02.51 10:28:21 --> [UDP] 168.144.64.5:49324 <--> 35.194.157.47:443 app=QUIC.GoogleCloud <> +Detected Realtime protocol 18.02.51 00:03:49 --> [UDP] 168.144.64.5:62047 <--> 136.125.67.96:443 app=QUIC.Google +Detected Realtime protocol 24.02.51 01:05:09 --> [UDP] 168.144.64.5:64976 <--> 220.80.126.73:443 app=QUIC.YouTube <> +Detected Realtime protocol 24.02.51 04:02:14 --> [UDP] 168.144.64.5:61209 <--> 35.194.157.47:443 app=QUIC.GoogleCloud <> +Detected Realtime protocol 24.02.51 17:43:41 --> [UDP] 168.144.64.5:50540 <--> 99.45.60.254:443 app=QUIC.YouTube <> +Detected Realtime protocol 25.02.51 09:16:11 --> [UDP] 168.144.64.5:60809 <--> 9.65.169.252:443 app=QUIC.YouTube +Detected Realtime protocol 25.02.51 13:49:27 --> [UDP] 168.144.64.5:55637 <--> 169.81.163.225:443 app=QUIC.YouTube <> +Detected Realtime protocol 27.02.51 00:39:13 --> [UDP] 168.144.64.5:53127 <--> 113.250.137.243:443 app=QUIC.Google +Detected Realtime protocol 28.02.51 06:10:57 --> [UDP] 168.144.64.5:50073 <--> 152.128.87.238:443 app=QUIC.YouTube <> +Detected Realtime protocol 01.03.51 05:18:14 --> [UDP] 192.168.254.11:59048 <--> 251.236.18.198:443 app=QUIC.Google <> +Detected Realtime protocol 01.03.51 13:18:10 --> [UDP] 192.168.254.11:45652 <--> 170.196.90.126:443 app=QUIC.GoogleServices +Detected Realtime protocol 01.03.51 13:52:58 --> [UDP] 192.168.254.11:43427 <--> 98.251.203.81:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 03.03.51 10:22:05 --> [UDP] 192.168.254.11:51075 <--> 117.148.117.30:443 app=QUIC.Google <> +Detected Realtime protocol 03.03.51 10:26:36 --> [UDP] 192.168.254.11:49689 <--> 87.179.155.149:443 app=QUIC.Google <> +Detected Realtime protocol 03.03.51 18:17:52 --> [UDP] 168.144.64.5:62818 <--> 113.250.137.243:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 03.03.51 22:12:51 --> [UDP] 168.144.64.5:56425 <--> 125.136.204.4:443 app=QUIC.YouTube <> +Detected Realtime protocol 06.03.51 03:03:52 --> [UDP] 168.144.64.5:50552 <--> 108.171.138.182:443 app=QUIC.Google <> +Detected Realtime protocol 06.03.51 09:28:10 --> [UDP] 168.144.64.5:56844 <--> 113.250.137.243:443 app=QUIC.Google <> +Detected Realtime protocol 07.03.51 09:57:07 --> [UDP] 168.144.64.5:61341 <--> 16.232.218.117:443 app=QUIC.YouTube <> +Detected Realtime protocol 07.03.51 18:48:22 --> [UDP] 168.144.64.5:56683 <--> 113.250.137.243:443 app=QUIC.Google <> +Detected Realtime protocol 08.03.51 16:32:41 --> [UDP] 168.144.64.5:64700 <--> 16.232.218.117:443 app=QUIC.YouTube +Detected Realtime protocol 09.03.51 05:12:01 --> [UDP] 168.144.64.5:60936 <--> 9.65.169.252:443 app=QUIC.YouTube <> +Detected Realtime protocol 09.03.51 11:00:11 --> [UDP] 168.144.64.5:59965 <--> 22.12.150.194:443 app=QUIC.YouTube <> +Detected Realtime protocol 10.03.51 03:49:44 --> [UDP] 168.144.64.5:64693 <--> 113.250.137.243:443 app=QUIC.Google <> +Detected Realtime protocol 12.03.51 11:09:19 --> [UDP] 168.144.64.5:59680 <--> 117.148.117.30:443 app=QUIC.Google +Detected Realtime protocol 12.03.51 14:50:42 --> [UDP] 168.144.64.5:57565 <--> 217.254.108.174:443 app=QUIC.YouTube <> +Detected Realtime protocol 12.03.51 14:57:55 --> [UDP] 168.144.64.5:52387 <--> 143.52.137.18:443 app=QUIC.Google <> +Detected Realtime protocol 13.03.51 15:17:13 --> [UDP] 168.144.64.5:49860 <--> 113.250.137.243:443 app=QUIC.Google +Detected Realtime protocol 14.03.51 12:13:51 --> [UDP] 168.144.64.5:60949 <--> 185.186.183.185:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 17.03.51 17:47:46 --> [UDP] 168.144.64.5:57735 <--> 137.238.249.2:443 app=QUIC.Google <> +Detected Realtime protocol 08.11.52 17:36:46 --> [UDP] 52.187.20.175:50588 <--> 208.229.157.81:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 09.11.52 08:24:36 --> [UDP] 52.187.20.175:61089 <--> 99.42.133.245:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 09.11.52 12:51:14 --> [UDP] 52.187.20.175:49880 <--> 208.229.157.81:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 30.11.52 05:16:33 --> [UDP] 159.117.176.124:58337 <--> 208.229.157.81:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 10.12.52 13:00:31 --> [UDP] 159.117.176.124:49867 <--> 198.74.29.79:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 01.01.53 05:21:38 --> [UDP] 52.187.20.175:58123 <--> 118.89.218.46:443 app=QUIC.Google <> +Detected Realtime protocol 01.01.53 06:00:42 --> [UDP] 52.187.20.175:63507 <--> 121.209.126.161:443 app=QUIC.Google <> +Detected Realtime protocol 01.01.53 21:35:00 --> [UDP] 52.187.20.175:57066 <--> 108.171.138.182:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 23.01.53 07:30:02 --> [UDP] 52.187.20.175:52512 <--> 196.245.61.64:443 app=QUIC.GoogleServices <2 x@/q> +Detected Realtime protocol 12.02.53 14:25:58 --> [UDP] 52.187.20.175:51619 <--> 208.229.157.81:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 19.02.53 16:19:04 --> [UDP] 168.144.64.5:55066 <--> 128.248.24.1:443 app=QUIC.Google <> +Detected Realtime protocol 19.02.53 16:31:55 --> [UDP] 168.144.64.5:61886 <--> 65.33.51.74:443 app=QUIC.Google <> +Detected Realtime protocol 19.02.53 16:35:14 --> [UDP] 168.144.64.5:65391 <--> 128.248.24.1:443 app=QUIC.Google <> +Detected Realtime protocol 19.02.53 16:59:37 --> [UDP] 168.144.64.5:58832 <--> 117.148.117.30:443 app=QUIC.Google <> +Detected Realtime protocol 19.02.53 17:38:49 --> [UDP] 168.144.64.5:58429 <--> 38.57.8.121:443 app=QUIC.Google <> +Detected Realtime protocol 20.02.53 06:46:01 --> [UDP] 168.144.64.5:55479 <--> 113.250.137.243:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 20.02.53 10:09:05 --> [UDP] 168.144.64.5:60934 <--> 128.248.24.1:443 app=QUIC.Google <> +Detected Realtime protocol 21.02.53 02:56:21 --> [UDP] 168.144.64.5:59785 <--> 128.248.24.1:443 app=QUIC.Google <> +Detected Realtime protocol 21.02.53 03:03:56 --> [UDP] 168.144.64.5:63925 <--> 39.227.72.32:443 app=QUIC.Google <> +Detected Realtime protocol 21.02.53 13:17:42 --> [UDP] 168.144.64.5:49926 <--> 103.179.40.184:443 app=QUIC.YouTube <> +Detected Realtime protocol 21.02.53 13:39:43 --> [UDP] 168.144.64.5:56384 <--> 117.148.117.30:443 app=QUIC.Google +Detected Realtime protocol 21.02.53 16:25:06 --> [UDP] 168.144.64.5:57398 <--> 137.238.249.2:443 app=QUIC.Google <> +Detected Realtime protocol 21.02.53 19:41:30 --> [UDP] 168.144.64.5:64497 <--> 102.194.207.179:443 app=QUIC.Google <> +Detected Realtime protocol 21.02.53 22:42:21 --> [UDP] 168.144.64.5:55572 <--> 117.148.117.30:443 app=QUIC.Google <> +Detected Realtime protocol 21.02.53 23:40:48 --> [UDP] 168.144.64.5:58956 <--> 128.248.24.1:443 app=QUIC.Google <7 Wa> +Detected Realtime protocol 22.02.53 12:26:01 --> [UDP] 168.144.64.5:54449 <--> 102.194.207.179:443 app=QUIC.Google <> +Detected Realtime protocol 25.02.53 06:02:23 --> [UDP] 168.144.64.5:60342 <--> 93.100.151.221:443 app=QUIC.YouTube <> +Detected Realtime protocol 27.02.53 18:56:25 --> [UDP] 168.144.64.5:65186 <--> 9.65.169.252:443 app=QUIC.YouTube <> +Detected Realtime protocol 02.03.53 19:33:33 --> [UDP] 168.144.64.5:52942 <--> 93.100.151.221:443 app=QUIC.Google <> +Detected Realtime protocol 05.03.53 21:05:43 --> [UDP] 52.187.20.175:62114 <--> 198.74.29.79:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 18.03.53 10:44:17 --> [UDP] 168.144.64.5:55561 <--> 35.194.157.47:443 app=QUIC.GoogleCloud <> +Detected Realtime protocol 24.03.53 21:45:22 --> [UDP] 159.117.176.124:61202 <--> 198.74.29.79:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 26.03.53 10:15:50 --> [UDP] 159.117.176.124:49521 <--> 128.248.24.1:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 05.04.53 12:09:54 --> [UDP] 168.144.64.5:49217 <--> 185.186.183.185:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 06.04.53 01:13:55 --> [UDP] 52.187.20.175:61286 <--> 198.74.29.79:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 24.04.53 07:56:41 --> [UDP] 52.187.20.175:53260 <--> 102.194.207.179:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 25.04.53 17:53:22 --> [UDP] 168.144.64.5:50023 <--> 76.231.104.92:443 app=QUIC.YouTube +Detected Realtime protocol 29.04.53 03:10:36 --> [UDP] 168.144.64.5:65360 <--> 65.33.51.74:443 app=QUIC.Google +Detected Realtime protocol 30.04.53 16:53:03 --> [UDP] 159.117.176.124:64134 <--> 207.121.63.92:443 app=QUIC.Google <> +Detected Realtime protocol 30.04.53 17:01:22 --> [UDP] 52.187.20.175:61484 <--> 202.152.155.121:443 app=QUIC.Google <> +Detected Realtime protocol 22.10.53 20:10:16 --> [UDP] 168.144.64.5:50224 <--> 126.3.93.89:443 app=QUIC.GoogleServices <> +Detected Realtime protocol 22.10.53 22:45:35 --> [UDP] 168.144.64.5:62719 <--> 31.219.210.96:443 app=QUIC.Google <> +Detected Realtime protocol 22.10.53 23:40:34 --> [UDP] 168.144.64.5:58351 <--> 193.68.169.100:443 app=QUIC.Google +Detected Realtime protocol 23.10.53 03:17:25 --> [UDP] 168.144.64.5:60919 <--> 53.101.228.200:443 app=QUIC.Google <> +Detected Realtime protocol 26.10.53 18:57:49 --> [UDP] 168.144.64.5:50423 <--> 144.237.113.58:443 app=QUIC.Google <> +Detected Realtime protocol 16.12.53 19:34:39 --> [UDP] 168.144.64.5:59206 <--> 76.231.104.92:443 app=QUIC.Google <> DPI Packets (UDP): 113 (1.00 pkts/flow) Confidence DPI (partial) : 3 (flows) Confidence DPI : 110 (flows) diff --git a/tests/cfgs/default/result/quic_q39.pcap.out b/tests/cfgs/default/result/quic_q39.pcap.out index 9ab647c4c59..d6410eff13e 100644 --- a/tests/cfgs/default/result/quic_q39.pcap.out +++ b/tests/cfgs/default/result/quic_q39.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 11.06.91 13:26:50 --> [UDP] 170.216.16.209:38620 <--> 21.157.183.227:443 app=QUIC.YouTube DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 1 (flows) Num dissector calls: 1 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/quic_q46.pcap.out b/tests/cfgs/default/result/quic_q46.pcap.out index 044854fa7aa..54b4fae072e 100644 --- a/tests/cfgs/default/result/quic_q46.pcap.out +++ b/tests/cfgs/default/result/quic_q46.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 12.10.92 05:00:55 --> [UDP] 172.29.42.236:38292 <--> 153.20.183.203:443 app=QUIC.Google DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 1 (flows) Num dissector calls: 1 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/quic_q46_b.pcap.out b/tests/cfgs/default/result/quic_q46_b.pcap.out index 8b52b26f381..53443dca79b 100644 --- a/tests/cfgs/default/result/quic_q46_b.pcap.out +++ b/tests/cfgs/default/result/quic_q46_b.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 02.08.58 04:22:08 --> [UDP] 172.27.69.216:45530 <--> 110.231.134.35:443 app=QUIC.YouTubeUpload DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 1 (flows) Num dissector calls: 1 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/quic_q50.pcap.out b/tests/cfgs/default/result/quic_q50.pcap.out index 928531a32f3..bd7aa069558 100644 --- a/tests/cfgs/default/result/quic_q50.pcap.out +++ b/tests/cfgs/default/result/quic_q50.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 08.10.30 16:34:29 --> [UDP] 248.144.129.147:39203 <--> 184.151.193.237:443 app=QUIC.GoogleServices DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 1 (flows) Num dissector calls: 1 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/quic_t50.pcap.out b/tests/cfgs/default/result/quic_t50.pcap.out index 37f7de820b0..c77829add80 100644 --- a/tests/cfgs/default/result/quic_t50.pcap.out +++ b/tests/cfgs/default/result/quic_t50.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 19.03.28 15:29:24 --> [UDP] 40.154.127.200:49836 <--> 166.240.188.209:443 app=QUIC.GoogleServices <> DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 1 (flows) Num dissector calls: 1 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/quic_t51.pcap.out b/tests/cfgs/default/result/quic_t51.pcap.out index 0e5873f35f9..bc993036640 100644 --- a/tests/cfgs/default/result/quic_t51.pcap.out +++ b/tests/cfgs/default/result/quic_t51.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 07.04.28 07:46:53 --> [UDP] 187.227.136.152:55356 <--> 211.247.147.90:443 app=QUIC.Google <> DPI Packets (UDP): 1 (1.00 pkts/flow) Confidence DPI : 1 (flows) Num dissector calls: 1 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/quickplay.pcap.out b/tests/cfgs/default/result/quickplay.pcap.out index 2308e321990..51460240941 100644 --- a/tests/cfgs/default/result/quickplay.pcap.out +++ b/tests/cfgs/default/result/quickplay.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 17.03.53 06:53:20 --> [TCP] 10.54.169.250:33277 <--> 120.28.26.231:80 app=HTTP.Google DPI Packets (TCP): 78 (3.71 pkts/flow) Confidence DPI : 21 (flows) Num dissector calls: 213 (10.14 diss/flow) diff --git a/tests/cfgs/default/result/reddit.pcap.out b/tests/cfgs/default/result/reddit.pcap.out index 73ce7537d94..886f7f58313 100644 --- a/tests/cfgs/default/result/reddit.pcap.out +++ b/tests/cfgs/default/result/reddit.pcap.out @@ -1,3 +1,30 @@ +Detected Realtime protocol 01.09.39 20:47:31 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40028 <--> [2a00:1450:4007:80a::200a]:443 app=TLS.GoogleServices +Detected Realtime protocol 01.09.39 20:47:31 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:40030 <--> [2a00:1450:4007:80a::200a]:443 app=TLS.GoogleServices +Detected Realtime protocol 01.09.39 21:29:45 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:50960 <--> [2a00:1450:4007:805::2002]:443 app=TLS.GoogleServices +Detected Realtime protocol 01.09.39 21:38:05 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51026 <--> [64:ff9b::acd9:12c2]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 21:40:42 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:39520 <--> [2a00:1450:4007:816::2008]:443 app=TLS.GoogleServices +Detected Realtime protocol 01.09.39 21:45:31 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54862 <--> [2a00:1450:4007:806::200e]:443 app=TLS.YouTube +Detected Realtime protocol 01.09.39 21:52:04 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51100 <--> [64:ff9b::d83a:d1e6]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 21:52:16 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51102 <--> [64:ff9b::d83a:d1e6]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 21:58:32 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:54726 <--> [2a00:1450:4007:808::2006]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 21:59:09 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:57282 <--> [2a00:1450:4007:805::2004]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:00:30 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:58122 <--> [2a00:1450:4007:805::2001]:443 app=TLS.YouTube +Detected Realtime protocol 01.09.39 22:00:31 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:52296 <--> [2a00:1450:4007:815::2016]:443 app=TLS.YouTube +Detected Realtime protocol 01.09.39 22:00:43 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47302 <--> [2a00:1450:4007:80c::2003]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:00:43 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:47304 <--> [2a00:1450:4007:80c::2003]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:26:13 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:51006 <--> [2a00:1450:4007:805::2002]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:26:24 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59336 <--> [2a00:1450:4007:80b::2002]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:27:01 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:59624 <--> [2a00:1450:4007:80b::2001]:443 app=TLS.Google <68a.safeframe.googlesyndication> +Detected Realtime protocol 01.09.39 22:35:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46806 <--> [2a00:1450:4007:808::2001]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:35:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46808 <--> [2a00:1450:4007:808::2001]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:35:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46810 <--> [2a00:1450:4007:808::2001]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:35:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46812 <--> [2a00:1450:4007:808::2001]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:35:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:46814 <--> [2a00:1450:4007:808::2001]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:35:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38166 <--> [2a00:1450:4007:811::200a]:443 app=TLS.GoogleServices +Detected Realtime protocol 01.09.39 22:35:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36964 <--> [2a00:1450:4007:80f::2001]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:35:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36966 <--> [2a00:1450:4007:80f::2001]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:35:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36970 <--> [2a00:1450:4007:80f::2001]:443 app=TLS.Google +Detected Realtime protocol 01.09.39 22:35:26 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:36968 <--> [2a00:1450:4007:80f::2001]:443 app=TLS.Google Guessed flow protos: 1 DPI Packets (TCP): 445 (7.42 pkts/flow) diff --git a/tests/cfgs/default/result/sites.pcapng.out b/tests/cfgs/default/result/sites.pcapng.out index 06d1e0b6604..bdc3d79111a 100644 --- a/tests/cfgs/default/result/sites.pcapng.out +++ b/tests/cfgs/default/result/sites.pcapng.out @@ -1,3 +1,9 @@ +Detected Realtime protocol 04.11.07 04:57:47 --> [TCP] 192.168.1.250:41878 <--> 92.122.95.99:443 app=TLS.TikTok +Detected Realtime protocol 11.11.45 11:56:06 --> [UDP] 192.168.1.123:59102 <--> 216.58.209.46:443 app=QUIC.GoogleClassroom <> +Detected Realtime protocol 19.12.44 12:21:20 --> [TCP] 192.168.1.128:38858 <--> 142.250.180.142:443 app=TLS.GoogleMaps +Detected Realtime protocol 16.05.45 04:03:07 --> [TCP] 192.168.1.128:56458 <--> 142.250.185.142:443 app=TLS.GoogleDrive +Detected Realtime protocol 17.05.45 04:22:06 --> [UDP] 192.168.1.128:38642 <--> 216.58.212.142:443 app=QUIC.Google <> +Detected Realtime protocol 17.05.45 18:44:46 --> [UDP] 192.168.1.128:36832 <--> 142.250.181.238:443 app=QUIC.Google <> Guessed flow protos: 4 DPI Packets (TCP): 229 (5.20 pkts/flow) diff --git a/tests/cfgs/default/result/smtp-starttls.pcap.out b/tests/cfgs/default/result/smtp-starttls.pcap.out index 36842ade089..bc2cf3c15c9 100644 --- a/tests/cfgs/default/result/smtp-starttls.pcap.out +++ b/tests/cfgs/default/result/smtp-starttls.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 07.07.54 00:26:02 --> [TCP] 10.0.0.1:57406 <--> 173.194.68.26:25 app=SMTPS.Google DPI Packets (TCP): 26 (13.00 pkts/flow) Confidence DPI : 2 (flows) Num dissector calls: 158 (79.00 diss/flow) diff --git a/tests/cfgs/default/result/starcraft_battle.pcap.out b/tests/cfgs/default/result/starcraft_battle.pcap.out index 6ad9807c5ec..5710a31efdf 100644 --- a/tests/cfgs/default/result/starcraft_battle.pcap.out +++ b/tests/cfgs/default/result/starcraft_battle.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 28.01.19 22:08:38 --> [TCP] 192.168.1.100:3506 <--> 173.194.113.224:80 app=HTTP.Google Guessed flow protos: 13 DPI Packets (TCP): 165 (4.34 pkts/flow) diff --git a/tests/cfgs/default/result/telegram.pcap.out b/tests/cfgs/default/result/telegram.pcap.out index c5fc5391cc9..efd7403db89 100644 --- a/tests/cfgs/default/result/telegram.pcap.out +++ b/tests/cfgs/default/result/telegram.pcap.out @@ -1,3 +1,6 @@ +Detected Realtime protocol 04.06.16 00:11:54 --> [UDP] 192.168.1.77:47127 <--> 192.168.1.1:53 app=DNS.GoogleServices +Detected Realtime protocol 04.06.16 04:19:22 --> [UDP] 192.168.1.77:61974 <--> 216.58.205.68:443 app=QUIC.Google +Detected Realtime protocol 04.06.16 04:19:24 --> [UDP] 192.168.1.77:50822 <--> 216.58.205.68:443 app=QUIC.Google DPI Packets (UDP): 82 (1.71 pkts/flow) Confidence Unknown : 3 (flows) Confidence DPI : 45 (flows) diff --git a/tests/cfgs/default/result/tls_unidirectional.pcap.out b/tests/cfgs/default/result/tls_unidirectional.pcap.out index a92590d0d0c..fea56b42bd2 100644 --- a/tests/cfgs/default/result/tls_unidirectional.pcap.out +++ b/tests/cfgs/default/result/tls_unidirectional.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 20.07.09 15:42:47 --> [TCP] 142.250.27.188:5228 <--> 10.140.72.24:12654 app=TLS.Google DPI Packets (TCP): 12 (6.00 pkts/flow) Confidence DPI : 2 (flows) Num dissector calls: 4 (2.00 diss/flow) diff --git a/tests/cfgs/default/result/tumblr.pcap.out b/tests/cfgs/default/result/tumblr.pcap.out index 4d5251063b5..3a8e36bde21 100644 --- a/tests/cfgs/default/result/tumblr.pcap.out +++ b/tests/cfgs/default/result/tumblr.pcap.out @@ -1,3 +1,5 @@ +Detected Realtime protocol 06.09.39 22:21:04 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:49548 <--> [2a00:1450:4007:809::200e]:443 app=TLS.Google +Detected Realtime protocol 06.09.39 22:21:35 --> [TCP] [2a01:cb01:2049:8b07:991d:ec85:28df:f629]:38608 <--> [2a00:1450:4007:80b::200a]:443 app=TLS.GoogleServices Guessed flow protos: 28 DPI Packets (TCP): 198 (4.21 pkts/flow) diff --git a/tests/cfgs/default/result/tunnelbear.pcap.out b/tests/cfgs/default/result/tunnelbear.pcap.out index 8fe3ca4fec8..5e4b7066304 100644 --- a/tests/cfgs/default/result/tunnelbear.pcap.out +++ b/tests/cfgs/default/result/tunnelbear.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 22.02.38 19:26:58 --> [TCP] 10.8.0.1:47046 <--> 74.125.200.188:5228 app=TLS.GoogleServices Guessed flow protos: 1 DPI Packets (TCP): 125 (5.95 pkts/flow) diff --git a/tests/cfgs/default/result/viber.pcap.out b/tests/cfgs/default/result/viber.pcap.out index ec87feb57ab..5ac756af699 100644 --- a/tests/cfgs/default/result/viber.pcap.out +++ b/tests/cfgs/default/result/viber.pcap.out @@ -1,3 +1,6 @@ +Detected Realtime protocol 21.08.63 13:53:39 --> [UDP] 192.168.0.17:35331 <--> 192.168.0.15:53 app=DNS.Google +Detected Realtime protocol 21.08.63 13:54:10 --> [TCP] 192.168.0.17:43702 <--> 172.217.23.78:443 app=TLS.Google +Detected Realtime protocol 22.08.63 00:38:49 --> [UDP] 192.168.0.17:50097 <--> 192.168.0.15:53 app=DNS.Google Guessed flow protos: 4 DPI Packets (TCP): 94 (7.23 pkts/flow) diff --git a/tests/cfgs/default/result/wa_voice.pcap.out b/tests/cfgs/default/result/wa_voice.pcap.out index f88b535a271..c0dbc0086cd 100644 --- a/tests/cfgs/default/result/wa_voice.pcap.out +++ b/tests/cfgs/default/result/wa_voice.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 24.07.50 19:05:42 --> [UDP] 192.168.2.12:51431 <--> 192.168.2.1:53 app=DNS.Google DPI Packets (TCP): 20 (3.33 pkts/flow) DPI Packets (UDP): 33 (1.57 pkts/flow) DPI Packets (other): 1 (1.00 pkts/flow) diff --git a/tests/cfgs/default/result/webex.pcap.out b/tests/cfgs/default/result/webex.pcap.out index ee8e582205b..ff0f2dfe14b 100644 --- a/tests/cfgs/default/result/webex.pcap.out +++ b/tests/cfgs/default/result/webex.pcap.out @@ -1,3 +1,4 @@ +Detected Realtime protocol 15.08.46 13:43:45 --> [TCP] 10.8.0.1:43433 <--> 216.58.208.40:443 app=TLS.Google Guessed flow protos: 4 DPI Packets (TCP): 395 (7.18 pkts/flow) diff --git a/tests/cfgs/default/result/wechat.pcap.out b/tests/cfgs/default/result/wechat.pcap.out index e708f4fde55..dc8f56ba621 100644 --- a/tests/cfgs/default/result/wechat.pcap.out +++ b/tests/cfgs/default/result/wechat.pcap.out @@ -1,3 +1,11 @@ +Detected Realtime protocol 25.11.54 08:34:17 --> [UDP] 192.168.1.103:53734 <--> 192.168.1.254:53 app=DNS.Google +Detected Realtime protocol 25.11.54 08:34:53 --> [TCP] 192.168.1.103:38657 <--> 172.217.22.14:443 app=TLS.Google +Detected Realtime protocol 25.11.54 10:38:53 --> [UDP] 192.168.1.103:46078 <--> 192.168.1.254:53 app=DNS.Google +Detected Realtime protocol 25.11.54 10:39:45 --> [UDP] 192.168.1.103:51507 <--> 172.217.23.67:443 app=QUIC.Google +Detected Realtime protocol 25.11.54 10:50:26 --> [UDP] 192.168.1.103:55862 <--> 192.168.1.254:53 app=DNS.GoogleDocs +Detected Realtime protocol 25.11.54 10:51:07 --> [UDP] 192.168.1.103:57591 <--> 216.58.198.46:443 app=QUIC.GoogleDocs +Detected Realtime protocol 28.11.54 21:58:31 --> [UDP] 192.168.1.103:60562 <--> 192.168.1.254:53 app=DNS.Google +Detected Realtime protocol 28.11.54 21:59:08 --> [UDP] 192.168.1.103:35601 <--> 172.217.23.67:443 app=QUIC.Google Guessed flow protos: 25 DPI Packets (TCP): 448 (7.59 pkts/flow) diff --git a/tests/cfgs/default/result/youtube_quic.pcap.out b/tests/cfgs/default/result/youtube_quic.pcap.out index 4636cd18e39..c960bda2078 100644 --- a/tests/cfgs/default/result/youtube_quic.pcap.out +++ b/tests/cfgs/default/result/youtube_quic.pcap.out @@ -1,3 +1,6 @@ +Detected Realtime protocol 23.01.66 05:11:06 --> [UDP] 192.168.1.7:54997 <--> 216.58.205.66:443 app=QUIC.Google +Detected Realtime protocol 23.01.66 05:15:38 --> [UDP] 192.168.1.7:56074 <--> 216.58.198.33:443 app=QUIC.YouTube +Detected Realtime protocol 23.01.66 05:26:41 --> [UDP] 192.168.1.7:53859 <--> 216.58.205.66:443 app=QUIC.Google DPI Packets (UDP): 3 (1.00 pkts/flow) Confidence DPI : 3 (flows) Num dissector calls: 3 (1.00 diss/flow) diff --git a/tests/cfgs/default/result/youtubeupload.pcap.out b/tests/cfgs/default/result/youtubeupload.pcap.out index fc79be6468a..b0bedbd6c2e 100644 --- a/tests/cfgs/default/result/youtubeupload.pcap.out +++ b/tests/cfgs/default/result/youtubeupload.pcap.out @@ -1,3 +1,6 @@ +Detected Realtime protocol 08.12.54 03:46:34 --> [UDP] 192.168.2.27:51925 <--> 172.217.23.111:443 app=QUIC.YouTubeUpload +Detected Realtime protocol 08.12.54 03:47:15 --> [TCP] 192.168.2.27:57452 <--> 172.217.23.111:443 app=TLS.YouTubeUpload +Detected Realtime protocol 08.12.54 04:07:31 --> [UDP] 192.168.2.27:62232 <--> 172.217.23.111:443 app=QUIC.YouTubeUpload DPI Packets (TCP): 8 (8.00 pkts/flow) DPI Packets (UDP): 2 (1.00 pkts/flow) Confidence DPI : 3 (flows) diff --git a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out index 1e00db350cf..b5394ff8081 100644 --- a/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out +++ b/tests/cfgs/enable_payload_stat/result/1kxun.pcap.out @@ -1,3 +1,8 @@ +Detected Realtime protocol 19.05.95 04:04:06 --> [TCP] 192.168.2.126:41390 <--> 18.64.79.37:80 app=HTTP.Google +Detected Realtime protocol 19.05.95 04:33:00 --> [TCP] 192.168.2.126:38354 <--> 142.250.186.34:80 app=HTTP.Google +Detected Realtime protocol 19.05.95 04:42:17 --> [TCP] 192.168.2.126:36732 <--> 142.250.186.174:80 app=HTTP.Google +Detected Realtime protocol 19.05.95 08:26:40 --> [TCP] 192.168.2.126:44368 <--> 172.217.18.98:80 app=HTTP.GoogleServices +Detected Realtime protocol 20.05.95 05:20:06 --> [TCP] 192.168.2.126:53416 <--> 172.217.16.142:80 app=HTTP.Google Guessed flow protos: 6 DPI Packets (TCP): 408 (4.16 pkts/flow) diff --git a/windows/src/ndpi_define.h b/windows/src/ndpi_define.h index 5a47f925408..1097a95e9e4 100644 --- a/windows/src/ndpi_define.h +++ b/windows/src/ndpi_define.h @@ -283,14 +283,15 @@ ndpi_parse_packet_line_info(ndpi_struct,flow); \ } \ -#define NDPI_IPSEC_PROTOCOL_ESP 50 -#define NDPI_IPSEC_PROTOCOL_AH 51 -#define NDPI_GRE_PROTOCOL_TYPE 0x2F -#define NDPI_ICMP_PROTOCOL_TYPE 0x01 -#define NDPI_IGMP_PROTOCOL_TYPE 0x02 -#define NDPI_EGP_PROTOCOL_TYPE 0x08 -#define NDPI_OSPF_PROTOCOL_TYPE 0x59 -#define NDPI_SCTP_PROTOCOL_TYPE 132 +#define NDPI_IPSEC_PROTOCOL_ESP 50 +#define NDPI_IPSEC_PROTOCOL_AH 51 +#define NDPI_GRE_PROTOCOL_TYPE 0x2F +#define NDPI_ICMP_PROTOCOL_TYPE 0x01 +#define NDPI_IGMP_PROTOCOL_TYPE 0x02 +#define NDPI_EGP_PROTOCOL_TYPE 0x08 +#define NDPI_OSPF_PROTOCOL_TYPE 0x59 +#define NDPI_VRRP_PROTOCOL_TYPE 112 +#define NDPI_SCTP_PROTOCOL_TYPE 132 #define NDPI_IPIP_PROTOCOL_TYPE 0x04 #define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a #define NDPI_PGM_PROTOCOL_TYPE 0x71