From 41de272052cddd71010d9ee39af5cf5dba181970 Mon Sep 17 00:00:00 2001
From: 0xA50C1A1 <mage.wizard.88@gmail.com>
Date: Tue, 28 Nov 2023 18:39:06 +0300
Subject: [PATCH 1/3] =?UTF-8?q?Add=20Schneider=20Electric=E2=80=99s=20UMAS?=
 =?UTF-8?q?=20detection=20support?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 doc/protocols.rst                             |   9 ++++++
 src/include/ndpi_protocol_ids.h               |   1 +
 src/lib/ndpi_main.c                           |   4 +++
 src/lib/protocols/modbus.c                    |  13 ++++++--
 tests/cfgs/default/pcap/umas.pcap             | Bin 0 -> 32126 bytes
 .../result/custom_rules_ipv6.pcapng.out       |  10 +++----
 ...om_rules_same-ip_multiple_ports.pcapng.out |   6 ++--
 tests/cfgs/default/result/synscan.pcap.out    |   4 +--
 tests/cfgs/default/result/umas.pcap.out       |  28 ++++++++++++++++++
 9 files changed, 62 insertions(+), 13 deletions(-)
 create mode 100644 tests/cfgs/default/pcap/umas.pcap
 create mode 100644 tests/cfgs/default/result/umas.pcap.out

diff --git a/doc/protocols.rst b/doc/protocols.rst
index 11fc42534dc..1cbc7de811f 100644
--- a/doc/protocols.rst
+++ b/doc/protocols.rst
@@ -271,3 +271,12 @@ References: `Protocol Specs: <https://assets.omron.eu/downloads/manual/en/v4/w42
 Ether-S-I/O is a proprietary protocol used by Saia-Burgess's PLCs.
 
 References: `Wireshark wiki: <https://wiki.wireshark.org/EtherSIO.md>`_.
+
+
+.. _Proto 364:
+
+`NDPI_PROTOCOL_UMAS`
+============================
+UMAS is a proprietary Schneider Electric protocol based on Modbus. It's used in Modicon M580 and Modicon M340 CPU-based PLCs.
+
+References: `Unofficial article: <https://ics-cert.kaspersky.com/publications/reports/2022/09/29/the-secrets-of-schneider-electrics-umas-protocol/>`_.
diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h
index 20f6e2a6339..a1f0732eab1 100644
--- a/src/include/ndpi_protocol_ids.h
+++ b/src/include/ndpi_protocol_ids.h
@@ -392,6 +392,7 @@ typedef enum {
   NDPI_PROTOCOL_S7COMM_PLUS           = 361,
   NDPI_PROTOCOL_FINS                  = 362,
   NDPI_PROTOCOL_ETHERSIO              = 363,
+  NDPI_PROTOCOL_UMAS                  = 364,
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 9f152631fb2..f3786a719cd 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -2154,6 +2154,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  "EtherSIO", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
 			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 6060, 0, 0, 0, 0) /* UDP */);
+  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UMAS,
+			  "UMAS", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
+			  ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
+			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main.c"
diff --git a/src/lib/protocols/modbus.c b/src/lib/protocols/modbus.c
index 8eb0f8dae51..454b3cc85d8 100644
--- a/src/lib/protocols/modbus.c
+++ b/src/lib/protocols/modbus.c
@@ -47,9 +47,16 @@ static void ndpi_search_modbus_tcp(struct ndpi_detection_module_struct *ndpi_str
 
       // the fourth parameter of the payload is the length of the segment            
       if((modbus_len-1) == (packet->payload_packet_len - 7 /* ModbusTCP header len */)) {
-	NDPI_LOG_INFO(ndpi_struct, "found MODBUS\n");
-	ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MODBUS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-	return;
+        /* Check Modbus function code. 0x5A (90) is reserved for UMAS protocol */
+        if (packet->payload[7] == 0x5A) {
+          NDPI_LOG_INFO(ndpi_struct, "found Schneider Electric UMAS\n");
+          ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MODBUS, NDPI_PROTOCOL_UMAS, NDPI_CONFIDENCE_DPI);
+          return;
+        }
+
+        NDPI_LOG_INFO(ndpi_struct, "found MODBUS\n");
+        ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MODBUS, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+        return;
       }
     }
   }
diff --git a/tests/cfgs/default/pcap/umas.pcap b/tests/cfgs/default/pcap/umas.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..d28a1919a86e5064170e12939d74845ba699f8ba
GIT binary patch
literal 32126
zcmeI52V4}%_U~%~NM=SrFb_&HAp!zsf}jXWR?H$Gq9lnb26V(M<{Vjb#>I>%>Y6c!
zRRIOX3}O~Rn0HRiFfc=J|99_y_kP}c_x5h})O2_Ky3YAlRiCcz!F%U_P3ICmsa^Pl
z17E6IHVZgt$S2N_$3%#~{wJ^Qt96$8?^PqNgxK=?I+7GsLUMNX3V~GB!i@9HZPrf>
zJT`?}@qs)dgv(bs%;E6}hr{Qh;?Smi;t2aONwuW9RMCoe0rsdS`k)%Ba=x`N6ANx;
zgQ{jsLjlQtR#y@A_JE!pXkn^XLkqq;V+}Py^R%}BYIt30=ZzM%wW_CL&F{yeVgxF`
z(~}dzCqoFea$u`ky?Rz!@Gep-1C^{i4OSX>3v{dAY?kSfgQ-*Zp_Q9$`6LQ9VydS%
zig$_XwPe&Y5|GHAGCgakU$sCogoAuzxP+J!b)rUh>U6TT61jK>h-^A_5_PiT&_jrj
zwt_KseBuO0VXEgH8@>mlcMQPC-@J_~j+2K_2v4X2XXjACYhHZPAGTnsXHGBPWok|@
zC3CQ8iM+v_W7lMYLNup}aG>p4!zNhJSK2;&(iP5!Nx8P1_Iyvq+KR-2TiQ_Dbk1!k
z1fC()Ag)3D|5F$AWPC)eCzUaA+Vid;rUa$FdQ01FR+R~2(mYVdlhyy(o;(-H+JpKt
zwaF?IvEa7Q+vvwe+JkuDP3%ED+Q_qK@<}vo!K93a1o5uY9@JE^2i+C|nvRI3@h~Wc
zf;QNLxGIFKnG3z8Hlx)|ONaBM0ax~kLxh@lZ1lL$;COm^Q7WrF0~qb;2=?>?dqSu^
zc)_9e@Uf{~SjQ*(VGE{u_H5=skB6p~uVha@u%|29bE5)^q2L6xM?D2{gqYFwVOc%}
zKfy*0X-v1^;T+OTny<U2$26&POjG$@d0E&}Qx+>fYGdtauRP)qYrYqwH@bp1&Uzb_
zm(r^TAb=VTA=DW+4)MuM*np{?Gvax<6t1e0GtPoDdZRN6Gocvjxly<?Q&cnVM>n+(
z>>-401V1q${hEailr>*upBy!a0$@i4<sFpC%G;aK!ro%R9T-!~(<yI=6Y5+64qRcq
z0$isic2zX-4h}6|XyV}%5JN%cD?s;LKIsN^$E3`I(}C~9SX(csEsR^`^Er2*Py<L3
z@E^o794?QqqS`=BT|-k#TSr$QY^bMi(8$oJag(Oanzv{vGH%t{#MI2(qD|X&?K@a@
zwCZGSW82xz-l0p^ZrywI?B(d>?9$uStxsR~ejc9v2Y7k=`1<(=3>*|Vc*xLU!$*u9
z6*M|HBy>#J*zj@VBO;@sV<yDL#U~^tO`J42dCJsj(^F>56wgYXJ!kH``3n{<N?W{S
z>9XZ3R<2sTX6?H58#Zp*ye0jYt=qQm*tu)>p1u3_A2^tC=-14{M~)sle&S@-sqE8d
za?YMR|J#L&mo8tqdM)?*jhnY_-?@A5{)68iK6;#&U-0B<VbQba#V=mIdj00@yOPrP
zWgk9%`uyeVx9{aYuxV$$sCA`sQ{;5u-Jt!_Ly41#+pKDT<h1^L9amQWhr80|73(PB
z%hW2X{l$X2ZM==Xr_xaZ$6@&>Vf~YJl(<Q|5Kj@!-8O(`1fqFj30kQ4H;xh|Rjd~J
zF<LkREKC3kyHE?&>smNZPlat9yhSbKDp{BS7LG*=3ot52y}!{y9Rn5O4w9IZM;6kJ
z@6TxASg;UA`fsJA5DMYlkv5DhBBBR5LPF>O+qj(y*$Lk;Dfct7mIpy;{p;Ud81k!=
z(bTyepco2|#~~ji;qpYsKG-B*YOn6{>%G!tUX??H5cuP;?<g%cT~=CB^I7Log2Th6
z_N@L0VDv|_Sa8o8{4s_4LldNH`~ejw8>l~ib5<cw;TxuU{<zJ9AsYO#RT2F?Yw$-J
z`om-&6hq;y)E^s|FMBFr=Q9ypmEaS-RRnol@cW-xVj+ZR00-jT0v1UzmG-DHvhrL$
zhja{rFPtvsLKUq%JeFZWKl=1$_2WQBKc;~n^Sq6|-lcxj0%@rq_325Z?W$}rYrDEj
z{rFhPk9pw7boArHN{~X~+ID5Dq6P-5K*IGuv7kQ|3}yAlAVz<riv{;R!5^ckKeVB4
zHU7YM^^LZx=vWof1(0A;ZdaUkynECieH8t1-xK_C82zyTn<ENW(RTF>a*7L=OgXb-
zs{P5GUTd@ZMt-qLIkU)g#p|gV9X!%{iHz5IwLPbJJbc4$`;RO&@j4-W+&u=<Qw+4V
z?DRLB3kiLVV<i;GNa(Ow@Bjihm@z4YYUn_!Av6SdNC};p$4clvCFG_^=z$jyx`c%C
zzRHCEh!E`l4_J`U;RURO1~U@6Bo_Sc3-@T!Yn3jzN=^udIVqvh>8ykvP(rSXgnsu0
zLXVNq<0l}B!v7_7^cPk_Ll_A?77HE*z<tVF+J^*n2)V&Mos`gu<E(@rFoLURZ$&~6
z1AtH|5_)tAL{a#^gj$|tB{Y<gP^nn(C=eprSCkOmb=UNv?hr9Z35jm85`rmHAmpM*
z=ux2CED1qE4>Ld%h5t*a+Z|Ry!<Yz3h*<D=C`6#elu*MugsdT^krJBzij@#N+5ke%
zii92y1wwjA=tee(qHryty0HN4_>WldI`sZEE1}_xg!IIMJh)H&T0{xqol;F7vVeIX
zEgH+stx_Rgum_WJEJvJpkC9MfJ4HfyBY=<@9pxOM7z*prSPrAy+6C)vAz`ie2*!HD
z)2h5AsP|=BZ;ZsH^{#ubx6weA?OrdBwyZl!^-h9%cfop3KM0~ITpN@Bd+zlXTvKDa
z_Z`XTk1pVk*Wiyq)E@?Q{84+aH?2^O?OrdR`eUt<KVE}BAlMg>W;l_7!vC+_>pgv@
zM*N|^nCi_Txba6Z`q5J?$X`k$=XX%35hNpMwgMMVh@}GjTzxy(cd~W0w{^4b<cw|i
z<u^6?6T5m{!-iKtyM~>jOY@h4OUI#0AH0{H1Lx<fIVd=$T#Y!wR!sFOZOsp2tn@gj
z^aiN(3p%x92nAvCibJQkGj-J2rgk7kgwgejQUy0a1>>=TchW!$^<Zj;Q_Y?KcT90N
z7pRloAc?7-g?9YWj26a&h0we!))MHofCMK1hH$(M2uBmWmT#&~`oTs_^)Phj!QEv2
z5h@>B_Dr-gYoJV12d%{E3;_pwJ}P%LXRU28V{K<bZGS>-Q)zASIY>=y8=z*d9_pkI
zY{XQrwq1CIw6-0TnEZs=F2UN~900{oQxj|305Y(kY<5p|wx$!pSk)zBK><FGji*fq
zAID(RX^47f{A=~<RnwYRM5}3|Sj_@>bRbzr+qNTU)#z2Dp7y|6y?WrS`Js&UTL<+s
zg!+x6^=m4tA8p#k!)o>F)z5<WjMlHaQvD2}e%rhS5ZWCEEd{-W5v*P1IqD^pG3o)9
z+c;%`dVgbAsfet#kilbP7(KQPJQfTdYe7AR58mWN#o}7MdLFap6;qE{DOnf{9y@?U
z@81Kh8a+yML~5-bL;b=S>vsU^7YX&#r}b+ts~;sgcs(nD7nDG$QvD*Ke#fzXx8pzy
z_5MZzr#G-#IF`}E<6z+lxVOJdEo>pRQ2M^g&tKKq-Y<Dc3E+D^b>7M;H~|)(Lkova
z1TED27vC?bKCI3bS%foMa}KQe2-Ykig>dGUkTB8;gn1-*awj1%*tMHoRhPfMRIg##
z@?KH1lp@4}k6_k)+OTjuM`2ZZ8Ki^R*=wv-9miPJ`%u*?sOl_QRS_uCsy5)HK$cWe
z;YCHY1A4ux+VNh~s#+)!sDi4(<wrp7eg+{CBpA@)0RV?fHJd$WZ6)IwEBjh3c%liF
zO{A^F7&PS<?Z6+b{ooDl2X7SX_(T)x_zCNHYc*)0-rv{{3M*J~L@-+T2`n507Ph50
zT0xEK;|LOH$fE%U9B(NOGbK|8xup^nieoZ}qObyvHu|-i^@b%oek4O>K@Tb$3YBd}
zui34onj9O#kv5yM_8Q<%^eMwN+kpqcB19OimFgJ^^`v*H8{0rJ)YQOhHsRP?NiW%V
ztXOLr#aL6gWqSe-@_uO1nwo$rMi;jD76JCfPhJ{i7Hq^+&!dUF654o*m1>#*H8n<$
z4rvd?P_r+sDFhTw-huFBh0C$x2=ILdd@u#iuWA=AWToFBYLYFwG`GCa^PJSqQeRd(
zqZ#cq20PEg1l(zArzuFw?38x8xCjmT>u1V#!b?-7)J~-+>dASqlfIe5#ZH2n@cJ1L
zfw>63-h`w;<fjU@q8V4=p{-+E%z+WK)2r1yl;d&){6Fyw4~zZzMF3NQ0>ZB?z~L53
z?`CD2Mun-9r(!}zh2i65z>S`-v*6L##$=_q9IoR#oL#J0av-GT!59351?+T8R>v08
zBbt>?3?m(Q$>=FO3HW}J(lG-;86D|+Q>W)?kVM#sNtq5A%Yz#q2&O(Lw!){EfKCr=
zh1av77;1Kv(y@kY?Gn>Kny>kkPNE_u30y^VNy8M}kCx3^$ZFXHM$3AL1%(a3vdPpk
zbC8l*#;2O=(pmdg8MUlP(Xzq@V3`M6)}uS<p{BflAw`^GlwMb)?XDMXcj7`z7~g#T
z!M<O(j(D-H>1lX$&4PCB-^yxdETf$sU?)s)e{WCiv;aMsohsDMeJ3=C3G@U^$^<!$
zcps>pj!Je0fSrTU&KuasQ1i8vU?D*}aiR_yAYEhIK0|Zj!rXC$z$o*V7Qa6@8b+)?
z*z?bBMh<GHSUJQoau_TY6uH18X-~=luM{#4s+2?6ZPsz_BjwOWkwcLSa0o*V+8LmS
zn(}cDIiT-h0kZI9T?^m9!ew#c47{)WH@woo_;%bs`kDaJ*?X6jPCO%>FtOlSAGlrl
zK<Qw=l+kHG>70MfO6L=$qZCd)>jQM)3J!yF3h1GxoDSsw<m(K`Q96>_sz8=}1&%f}
zx41B+18m^@^RE!#dFw9!>SKANQ}LFSP68vH1hL>bjH^FND4ljt7a1KjO2+~wNornE
zuQ!IZ=Y6Jh%oY32a}S^+MmnzhKo2$R(y43i-;)35ULW{dss|!SXEaw+9;Y+J)QOCA
z#9~1)yoONzn$p3@QbtFeYHl=SrSpZ-QHuSGy?_o((8A;?nunVIC>=b>|J@7Hx!0JL
zP7))XrDDMgKe+xEQ#v?e$mnQLIzKI0>A?FR5W$%$_MI1gKxZ@3xd-t#LCyct2{7oy
zN@pS?oy}swOSpOdR!Hes*3!|WbmH7t>3pMfOcd$7#QWy`NayZj&_m7t(h11u%SvYw
zBc1(X!7F&M{WYJ`=~zog`o#3Xa8^3sDIKNRf>%R<P8QOM_5wZB{C}DbJ}TS+_nQ(3
zHgyR%1-=rDSqw2lyy^O|ru3;Y#-53B^bROR`kM;ejU!vhNLD(N8R=w+1+PcSV>T<0
zl8tQIRMR1Wl}<UO(@L@LydDX3t{|P)S3nOn>(ChqU;j4?`o)L}9Hr|@@XHa%se@k(
zKG02n%SxRFoPW<xc94!`5-Xi#Mmkr-f;aGhLKd@i0>fl<bSRz7g_^_+?o2S%i`k5L
zKPa8figext1D)TIPRcgWL(R9+`_5;O<<RFckfC|J#gQ&GKP|%BAn8_-Y>#w0nv>En
z1?LuUe-pY#MAt~GC8WCh@yQP?bY=$Ua3nBCQFlK+H-Uxjp9LA^{rKF1wtrZ|>&*4^
zan`?PKTf~ZJwK8-k;Y153L}Z%#e%mG0hIrwqZm%I$Vli?62{wD`$+{QAyOpq79)Tc
zNTSPR&_hjmKS4iYy=&}HQ?dj1i*UDWt)a9Z_ZUOcg6$HV$)Yno0y?Ug;8)^}u7}46
zFseXKg*4oPCe2YR=8RH1i2I<VNX-!`a0J9k&0CG|Mc{A|Er)wNK{tg2au1U=h*@bV
z;hiUMRaE&I#Fo>T-fQ6j9O9UQYaV%yUm;Hu;o~>z$zeNK=}dL3|MPC}qFC?_B7pDZ
zl#UHZ$><2E=7lU)I+c`;(odD&VFd6Q>12d}9%{<zKwfESqtZsDEwwTrfbN1B=J(Ul
zQsqzFi)3)=%N0m7vUP2LQ`ijMQ}KIH6AVZ=a68Q500b_cScTJ&Y>`gK!Z$uJ!v(is
zVGhTYewVJeoVtoUPAjSV>CV+~4Psuf?--nBr8A9@&S$Zp1Yd3YLh0Cox{QwWr`#%c
zS?T<wbXq9(of3!uI2@#NeG2HICJP;Ad;b60igX&^XQeZpi4KP&7L-B+@Kri%(;2)X
zqtlS~9h3L0bgC$w=8AMmAp+p&BAwiD&_m7t(g{fVz)B~Dk&dod@E#%n*_@hPEgd~d
zXNk5JjIYoEAk~Wi%y{s$2JSqS;<NV<0dSflonA-=HOr+DKyCP>4;vd09(PwxRWF!L
zm+Z>n_JWIq(h{TE2eve%k4mJwViHD2ga_9>?9Xhed;Gti7u>>&l@MyvCI`nnw;YV3
zG55y{_L|SST5R(*GZ?uv7YoXQATs+z$25C5gRIx+Q!cMfw1@~!jj0}&hCB)7q7<2x
z1p$|K$mQpK&_m5)DVKa|fGJ%QGLn8`yro91!-qc*X6xeG15!uGN#iN}S(NnAg7ha-
z(%<qyz)VQW;zHxin5kXxSe*W@iLVbqj^2U5vEO~@4#pLF7_UcgR(c(Y!V^GFHAgiC
za<q<kiw54HYay&#LgJ)I?{tuX#Eg}}OhyLn#DWhvqp3z2IDn*#fdOTZ)?JHbMiZ+F
zeWQuu$n^ncG&%I0*0h^&0BXudF0>PaG+5}x)m<B6EATZxM<)e0;(kZWNS_Lm`4C)5
zT4SZ8cA|fs=<b0K@k)IV068@xE_BPpM_nAa`}2$r4vG-Dck~jC2}+2FS0Sc;ojP@q
zNZ#-S#5XiDIzCi+r-MXtyMaD&iHHs!FM`6MQ6WLG($ah=-MN!Qa;HIK(jN-PPJ#ns
zLqwy4;^RZ%3q1uMWM?mt+yxQmpy2TdF?IJNoi{yM>4+KWz-zW2aYmC*>2v{uWpo-*
zIz@i0bikQFr?DcPk1(UjfhP<C61W!hP*YAPBA(g-&Jdb6A}(WtVuOOgMp0aRY<N^y
zt)-nhOC);c0^$@K9zQlRG(J376dD^F4L_U&M?-0Sa~<Ly6%sm86rC6vJ0>DJ3HMlA
zNhAj5Er?%Gd_rtce0X$}C_G9Oniv`tFN%qc4i1frgR|g~Ho&S8XgDJd`I%K=&!A4$
zaBf35cV8z@e<%-CO9)1-+Py~RO-a9i{@$YaXi-p<C?P5~G%h+KF*HOJ5i~k9qV~W9
zFtT@e5Yl-Sz)EKpBb`2C!6%&2B$Q6qS~`Z(@he=5wq-}yp*(&O3qCYuc!#5zBArig
zKf?*Y7Y5H>f?{$_tmCr@th6DB1=@y;dO&+Q^dzb$ryUj*9f#;fCyW^bkjErMz~6;2
z^|Oa&oM_$}J)?94_%SqIG<uRKNR${JniLwVN(Q>S4s!LCNPe^xl0iZ7!DB<B!xW%*
zf}T^+)`0j2#f=xmgvN$PhlsqOQN)dnj;5^*`(=@(fcUw&h~g&2#fL^p+fqZ~6cYp2
zL1{x78x#>A8X}QAvus%R$fTgyC~O}J$3_NC5+y~)j)&F}932}Af7>Ktl0<UF+LZM5
za~_PIyb{MsJC%`kfLQPu?vK7o?_RrsH)Va%h|->t#!3f<N}$t7k<MqhKjJ`SA|T1}
zpof}rI$cG6gWUaH`ijQHMn{Ugeck&z`3}Y=?d9gy!P9+!t0wW2x(j=PL~>PT-~U*y
zA@OzX@8$0*a`zI6+=9X*5@JIol52myxT}9(QSZ>i@Ziwe;<<mecw>UaU7{l+6QXM1
zLgybH5gI9xT(?F#3zo3bnaxNiSS<Jg_eZiAuX`<>#*|K@9jtU9Dg!zOigdo<{m}%Z
z<8Kans41r-ZA<^7uZ6_V-^*L%?dc*C1%u5&QP75O{8?Wak{Z?`kI+dmK_S#{RO9BK
z)ezNcpwpqS$Tu`B9Qs+TC^mFLLTH>sa?9F`b`3>y{QR8;^zPtXx6L7)#9gd(<}lKk
zAQpUu`y<&LT#s5hO(>m!Y*sojaseHEMLJ*c{%AVVsa^(ps41tT+&6CjSp!|=ox>M;
zhrDy#`3vQlddJ;AU7odj++&wPI<99}>C9!MGhHnB2BVPdxoOW@I!!5^!h5WAAo>D2
zdWv+u;r-Dfr1NS4=%J>ZPMtA~v47lWH?vN0mJagZPmBDS9`ZY5cdOe&WCOIY&fq$x
zW^8?krIF6f2ds4FG16Hi7JP?yYh=$&d)3luM(Io{VWk7Nb3mt|BAxGHKxaMDIdB&A
zP*Y9^E|Gsc4#=!*NC)u{=`}!Z<|FHtr0z9KK6n8!SwSt**UMj2<2Q-qv9;(Ai_{#Y
zT*i2SF>!PEhW_cC5GM)=j|+~Dih_$g#COrL7*XPoD-H5&?Ie;ai6%rQ(lEiz&6!7F
zC6QE1)QKyGtRm?)q~r3QmCk%dI_t%P^6~QLrjE6Ano~N5c-n0DPwJG8P?1jgc%ZWz
z=}epfdZ;O<gLRik@Gi(161<%cF+SX3!n-)lA;%NlEObqRd1((0S6>t7AJpLWP0QW{
z)=+FZ9$T}}*Zb&~3rqWt<2ngapBfcR<X;&b)5d8>=dr7vd3k@ZpI2zN^tiQ;?fV|i
zX@x%B*F8NfemJ14boAQ*!>>E`jPO`?JF`{lxbS^#0!@P*UA|2-_jL`u|GukBMMy$M
z`9z=nix%Y=z7McE_i4)PH_shzNwkA^nDv`;bjQn};!`~)yX!s=3h~u?I`rj1TkTT|
zlZFm9)_WHHJ#eU-&(!_4zwcb--~Vvyiu*0gk<M!sZMGSP1&nldiv>TT<<Cu>z+73(
z)`HTpZpunWgVGTw()ke$bdDjN6~3T{nsPelv(=-TKXKV}SCHLxRCAkoI`8c+iN>th
zRpD(YQ8iC%>UsRGVe`{(9=iW}aAMLOn=@Nx1UwGi7#CIbWI*|f$2<0GXC0W=s8Ds-
zh{QA1=hcz23nZ*GE;}H>U<-G`iwm=65^@>xSI$YFaspylexd6}Fn5p+IcyCJ`Vlhm
zadJiZo$h9;vjZEcj%lN+>E>qU<~GpHt<eCt&_1E33kAQ=FJAcDsW1M=ayR&=6)q|K
zdFPj6e=|duS0OHXW`?{=5$4l*s*MtLR0ml0QH^S0t~w%2)!};1sHotPOV@8jI+e{?
z=`3WVb4)C#h?B=`&QN6;otBi&a%)yPU?q%fx{7ov;(*Qtq|;><=%J>Zj`yk|{u|bA
z4%-{DD{RZQCF@pi*t~4*>ZrZ?O`h!-pT5m|*s?XNm#ta8dG)xx{%eQq3yHoo_P4QT
zLqc-K=8WZ%i8oCnxFF{WN&34aLXJTWpTr>%V>2lczk!1~<&DX5A&Z(7z%IT-Z^_6J
zL$932vTl$FebP!u8PxwUd_zjd9{kllTl%n@#yLm*)S_N`XIJcgX6M;$V_yx;Bi{MT
zn#P!BI=|}e+S`h^s!Pk<<w$3ZEi0WxjC3xD1(iwim<=1EjE;!X`3_SzfBdc+A4Vjg
zqoYWtG70G1MLM%igC1(i>2&c-K4B<YGUWO(x42w;gUusesf7AAeVAGFTbIQ%B1a@O
z>vGG>^?Gh@ZuP)JFRv!`4<0jSOq^ld)GZq6(>7h(t76Jq{N!@Oi&Gn$e%-umqvg7%
zWlvZ5_j_aTVrt{#Jam2^NQ6kIXIDe643c`voWkM8*sUZI4nFY#9`LXSKK@M$(mCeA
zN+*qx&RwzKXR<tI!|pGmV@&DH4PvDOvu;2~TanJsWS~=objFo{9%{<z{F~gNd>Z7|
zmu`gi1j{Z+&~IpmYd=rk;p8369S@QXgT-}*K^=JX_%95DNGCIxmCj;DIz?hZ72KQ1
zVm2HyWOQ0lI`1d4($S%Gv=r%7O$Rz<Nas2}aX?Kuoxe0(|8Ist9WwEbX*5!S>k2H=
zmq=DZ&JYszrgKZ73rT-FfCtoDJYdT?5a<O)>ZWj0@Bq~F#0;59*SCP&49MZo_yqL+
zAe=!u8p*75mN3#O6AP-v@|X<=Wf`5;l+NfStaM<u8v2f=BAse6(1G6q3W(?l=%J>Z
z&L4zbr4ROMr#K2+Z(mcLv29j|8I1&e_0=?t52v{LbljZMdhl;olg&QgyY_mm#lt;0
z)e(h5C)`*+eVBdn5Y>zR0n1F<WG$O0v1_hr(|?bp`?3`yn-AW6gZ@OPKb#wS4G-7J
z&~5ra4n64(&le^>F7+>ny62{UG^sTw)tRgAec+cDO^S#6_6y*CdfZh1p^3#4K~z`|
z^Q^nMi#yvSJ{u9Rvh9SYl|B7OroT;&9~0KBtkpzb$fM_<H*WrM<7V!3N%iL>bG4q?
zLo`oLFX4AQ7t=vY^3zmny5t?w*|Ch3&QeA?Rbqi;jyz_=QCmjGgwi>*la&rURRB5~
zigYA%+)}xkNaxlZ&_hi*ogw88)AD`9LHElRs=7415Rj2rI=NYXd6ZGU=gjDL$Bqm?
zqtT#O_LQktUMH&f3eP4bSMBtPZaUG@swlJI$(4|@D+`_+y)!qsx5}J?5!!pcR|F*O
zY#F(7!|RIhR1+sZjXBPnEpl|5UG2B$%5Ia#zjf(anNqytyrzlJX2&7lkc-DwE&M*a
zGCyj?`Kfb8@6+}6SwrTHQn~X^r_t>8J-ROFboy0_pUH_%z7q~yS!>^QgWc=dJU3sB
zH=a@UW;&l+gf%QIIQ(GC6jg(zU4=$ZNXrT93p>p5>u&b*=YZDD3^d!7tw`5Mo7mRU
z!9Xo+d3n3?D~2Bzx73-k)(Yul?`Ea5jEN3cQ!FG4<S`qL%`!TsluoxZtaRY970^*v
zpaXh9r!mrbcog(dQ%>iOh3V}5g?%5`H=o<SvaDdbr4jEy5AEO7*9WHcEE&73xhQSS
zs7M{H>^?g7A?mHqtnJXIXi2Vc^Nfy5cH5eE`L)}VDB-S@ic<mmZLJP&y_jkHv23z%
zN%J);a_4^I_m5fY<Pu}6KQrxvR*SA{V>Z5zvr*aU{OsPeDK<sE9?QdW-x=TT-)Ziw
zVJ%&R9`nYXF+I>_w8==vo)*7K*1F%k;bA@JXMWrX(d5(ip3z6{I1Kj<O}?^h-1Ji>
zA$lV>HI7*__w?#kBS$*@8vAy4oR!MCdE;|0-U-PX{5>j1WB8e4J9Dx^m){OGc6!9y
zH6`{^j=<ihWZMrL>j5?$kdDJyRyxZW=`<D#Ig8~n8(s}%bj&E7O%Jq5X9#XEDL;|m
znDZM_I*L&N=m8ybq%#G_Zq)oCeWLo2TpLzdep=UT@A)@}jz0`+sORKy(Z1=iVC(ho
zj%~Nj^gC!jD)`84qV7GpU&f~I-P_$ApfNb@c<B(0CXLP?fBn3`ZoaWv+n|a#i@lFt
zc`w|4b4~iN`MD|)X-|Lg)|;S{U-@x&k9`IqP3G?put?l=TC8#S$cd*<I<DY0?-#c`
z*D2C6wPk==*t@sK%8!J&=6*ElKf~^rqkH(O^?OsEW}Pf(*rCU_U2FRUc-w?)wigcb
zaGG8|^KC|m-;&5J_bfJ=Ej+Mk+QYJHBiHNp5hD){U#dFj^{=j#hkN=YW#}br?qNTD
z<Fx4)Y~OZo8b58?>4s(%EkElG3_&oBAF+a2!3f4&EabwUFonMgo(B%Zi>C~XIR$g&
zJ!`koqhJ~+b{lRQfa#22w%{XH)RcD{yrK?(M92#o%eH~*Kr!U-I$-RN*Ma>59!1?H
zf@a-TIt+bZsi9+kxI9s-zl)iBUP^enyL!@uVDoL|76}cn4lNf>6H5vW1rn!zp%%{1
z)UWSL9Mml{>*<-PRqeT(Rqd?Lcf71QbB%T8)+a9?dd;6cu6k8f#{oZ|PxiUIGIsPY
z^A8R13LdIAby3=YOIw0(U%7keT3V})T~|(y-um?I%I8*JwzkMq%{ytdres&i*zHTw
z&s`oBVtxC>0UQ6pEhGH{?|TfdQ0=kuz`2}XqJNFPbFANZt<G+%GOo_J8dGfDxXHpJ
zzwW#oA8<6{WRu|=k<RCjtaMf~(&;P~@|Hok_J-2IW-g;+LFpI^b=YooV4ejAHC07A
zyk$Vg1?lW<0(z(^r*q)!Z=;rkjk38lc;%xNg99G=I~Zl}OViT0m{|J6@7xG(<+s(H
zMx5<!&|u7j7@avUCmf&M`ul`0oS2g1Vm;jnv7DWaCR7M-bieq>bi>}~Q+S4}mQJ0y
zpnqSlrOC5BZcg~2a^Tc&_Xi#S*5vm=G0(N5P98s^;W^+)OrE&JCETUdF<CQPGg$j&
zw?NJ(;}W%`(fPwKeM#20vs%98;rS0ETAsf{T&Cq@oKnwOXBjoyDX}oxq`;wV->WOy
zhgR(}NG{mrw`5h*%;l5XtpAdKIZo{GN%KyhUQ6fO%si#y<1<S?*3IU{!adi*JC55k
zcKw-GXJY4XOnAI=zE6vTNQbAV!#0Vtijj_sSjb-m;o1vI2LnYJoi>zCjD-&A1Z^8r
zy+N%t-+<Clyb%RGpyPvdhH8KwYJQatYNf<})wq=_-=5pxxA*4Gy9<r44L!79!rAUJ
zV;puWFGw}Fk_RD7#Xyf|a<gz$&>x1We-Qo!holg@*@d5SmlbQNnopnJQdO0w+G7`=
z;Ay-eN#FS*BpY(Jkg)I0fZ+2FqTxS04Vj@1y&o1INH6&idP9S(3B3_YURzcus~MsA
zh=nTfyQr^kDHM!3Wl-8uD5VhJv&;@OqEPsXT}EXoK!K-30ulgMBKnWW$h!<W1*hBK
z4G$XF_63v7Ft7#RcZNIpzvdLq7p`U%G#8k>;gAf@OHiNqIKl7Tz{ie)O==x9hV0J{
zFHIeN|H)x>{od`qTG;!k&06p{Zk)&JjM>eWYxi%obb9H6FN-R69=!Ff$H^Hf^LJ*%
zjX5117WRGp_3EmscbANEzW2IT_~V=2vu1{c#|_ffzdG)o*0fTx=FOs}*|udVU$kb9
zZ`L5YsOiF`v#LKt#VqKy;O>=QR`m2+H+PrA);ACLu9;obdQBqI8R*PPXAL8rkz%3h
zN_muqR{|NGc9f3)AXYkXF9!n}Pmzx5N}vOONC$q+(;W0rQ%=Y8T}ZRLW=D<s3PTF#
zUmLR|{Y`<%FJ1Ci4m+?o_Flx=Zi{B8M&^A#vPdnmspkD{?XPk>ewfmDZ)Eeq?#l)H
zysw*7Hc4+Z+SKGI+1<p)W96qACXL!@w3_AAVE4(veI{%8{N{bscS*?0(0fm}&)n}9
z(W%wQKHF~JZgTidh{2xNML)uQ#;k8Xeq5e&c9rU6%R~2P%wAAD%fhh2cEK=rcb}JQ
z)pO6~wi>~EWZu)jC*NuKbdAm9G%PdRu8&x`()jBsw~Q6rR`uNXs+ZxqII}$kje0r`
zJg{(R=)l9y6Ffo!HtvpZ`^xRcV@JK#8|{)3{JMPX+Wb+lPuau47fg`O=E1CV)-uwG
z6bl=yl}Bkfq{!&Br*v|oSn0q$H_%c1^Z1|#bYMP6KtAsWJ=B!b(QjiLZnLy)mP6u_
zfe#${yB{v|S^vh|zuSX~M}FtG_T6JT%(-Y@kc;c~y|0h&X&h*+I@9{(qc)vw*AE#|
zHS9vl6`g~giED$*O;%fUwGR^iZr`&=w<M?7($loaO=Cw`)Q%uK-mza}l6BwDjrraq
z|JvF7DJ|Z6WPB(L;<PX*I;3^BA?e=uY`XB2+K2evTGtFx3|?*yDEiU!ltaquIUnBg
za^5yMrCQxut&gCZzx3vZ9jdpNHasNMdiSwo#*9&!I?)CX$2oGvl|!FC?rHNyR4Iyl
zkl(v+;ByxzPyNiZv&@|<@8^!|u79}A`1W`D&(uq|JnE8H_A~rD(y^MrN@pD-on*04
zZKHf<4M$=boeq>v;A~bp@cKE>;VAYUwT(b$9@3dx0eYw@r<1u){aWgR=zVq@EWWn%
zyFS%9F6!~hSvgBH%&ZnfyquKwYF2vcqs`ydng)3}G)d?l+&Jw*r9-2n4}tBUIli2n
zS+whU^4bkUBR%JKNl$X`UVQM_<AmXUmRTbj2W8AG&G{@L)sn#pIDGm+A|#%!bKuey
z2RZz~&#|v)p_-Z|ypd-Jf4#5?2_ULO73M+(FfTfY@acc}r$YGfUHYje`&5^GYQQIG
zz&lO&^N8V~><NF&lMgdN0(c$Lf}RuGq<ld-UzW1cS?|d3D+TU6u~0o-KC_0GG#MRB
zN@v6&RyuIy13HR-@Cx*R&T6FdDFXCRQ%(o+=sSN%HGfWGFXV)f(07%m@Mj<R@9M?i
z<wUk%i2$0{r)%ty5W>?EYQN(TM$o%kI8Dhwx*u0qM*2-!<{*5pDf6L(mZ8@wj_fj6
zQ)UomWb<&Dkb|+Co@a16dIrxE1D}DgwYGwIF5FV{GovGrgLX^HIktjNq?4V=N@oKj
zoz-HY#&-G48eXtvbUIQxORnk=d#DGddZAhyK0HdPKeB0T2RfiBAaMfFL(NKQsP-AW
z0`{dqy$8cq>5nuZ0}EP++iD)voPZoYs6l4NMfi7-u;dc>9D)bcD=XbPjqbY)ePt@-
zu&hcV&OamXEwl`t6Cx^DYl9*ewl*U}WqYs=xDWU6=$>J84-a~UG|EFIzD!Bl%TNio
zs>rsg(AI@pYZgSa`!*|@jgCwmXS-OaxdQ^Wr!-*m13eiUD~d+<y$-R0(_pHHrWL;#
zMWd!TtZD85G?|E|ZClVo%`Z|kC6vHWT4|(4$ZklwkkE^}GSD;V#T>a|=&fOpWbXx&
zJ&>z8-pyWmJXh&>9A^l@K1;|6pfnynQ9pGCwrn*%pNPQMBVel=oXr&vqrIDuZ5#~y
zIq<JwNuLVg9!HK5^h_cUK^|r~1UL^Ry>Y{L$ZM8<H5q7kH48FH_`u3!6C;yMu~2J^
zJWRtuM#iKQWum34%N9gK80M%NkAJzZ_OJJW9xyqJOwR2CJ=ByBX6R$|1_8g|k_D+H
zB=p&rHu!qGD)__-w)B=gc!q491<Q}5-#xKmlMF5J59IL9WF(yJuLa?$0Yj7YT?GdU
z+@0s{G8WC8scK}Je=fIVwn_Bbf?4E*RYc<Q813V#x=pM%l>BnZyz0W~H<@4W`x~5p
z?{p^a^xFdm-fmj={=nO>*E{d=e?9%<P5$kXxn~v&OBV{V3lEu&`FdujPyf96pODT8
zp)T8f=VnGaXT?J8ZSpV;2Xq-7Yf5LJ87rL@l+I5@I@;TS&P}A#GZgetQ%*<o@EX45
z?MZw1`5eEKjs_#v=48e+4dvW$ZXC=p^L9|<dbu<X<JfI!7RH&@AoaPa)vQnInjexa
z%mY)7ZJBbF+r7aHn?{9$ynDia?a*Z^6I)z$Z&ava;nzMVddr5<oN1aWoSApMKa>@^
zT7(6r^tTxKD_Nah`1GuS#a#7MJe5u}_IeBSCK_st=9W1*c@|EE&BMeq*W@Hv-1YzM
z2nP;W?`?UAv~)a?%iS<z=0^TO=d&%ujrAkil?$#KG#aIOb>V;~&kFWFbBNJ3+kKqt
zz~9hQC#H9vPvoV;J$95Hzj6M@Xt7y*$(~;qb>3SsL%oVLJJ1H{q_$zDvxSk)O|ejC
zmpn|vOQ(#E4W*OOi<J&Ed+0lriga{#0i6P*^Q-{$P*YB)Tj(4;(>d?1mM-p+@BMy7
zb2ASe`;}Rtb9OH~zweXJqoVjLMXNq_x_I$k(Za5U_jr+g;-~lz&D+uU$F`rTAMY5B
zesOnk7n7@DMw<8159kCw9<XP}lo2D|M1*h8^WQR{%*VAb?ggjfx!3phs^w)RW?f4j
zbSv4@rM-KzRn9tDJ$0@*%z3f3wQtuF9fydlW=GHJWL2cK)n4JbcbZPte4VVpI$7^^
zvYzO8c+T0l`h3*Z^VSc7Tz?BPy%?l&Iq3d{ph1s=E?f>u%?~P@b$$eYPQds%_XFqL
zA3P_Ur;}{j?3;tbzPDZWed<z@9`i7`XpMi@lG`z!ZJK|Z=ui!GFxKfUOALRCC7qE@
zfmo=!PadXWkRqdFOHgwU^bVHk0THEBp-4w}AJBP+bV6{}1vTY#N*={M-1<6WXKttc
z@x#DP&pZb1?`N32Y3z7=yCo*c4k5>KHB4T;*LoB=sMvIQScywk)dbOm_F36(Wgf>C
zy7#o(zIfZAvd2yV5i_f%37mSiS?HhN!}E)Z>C~kBo;G7wM@;)RW9q4h)y31^Chlvw
zqIB8uyr?s7yj~`gPQClqRGjGk?r2_^YU#2U8;!G~j~AE69m|_tImP`)pQtlk#;(@5
z6<hh$DNBD=Wz?mLhrO;XaD00{+c@jy>evZMm!m#5@a^%SAgZ!VVt%3cP+nNLsORnu
z<D-s!-QU&!@b*c5=LQ<x^m(ZE{J`awp&=aWM|1X>TKn!CGp&3Ndh&EDRyw~h(s?Hq
z3Nqwj8is;0I-MyUtIptm*oa9v7Jwfv7$cnorR$C$1L*v~A1<U{gko|{tm7fL^cr!b
zNm-Ah!3PUKPw_`YP(P{%v~!|mdifYzaL7Hf_ROT^Ef0K2UL-zMxxnH2ynPE!b@;T>
zGf@ABZ?SHxtX2zjFW)&d(QN7EHFuum4QVka>%p5X%ZtB`<~MIS*s|*ceb+H7r|rCF
zxOwHs%15`~b=Nqy<-(+Mmg_6eg!cJyv$CN2!L&1yiVr(m=zcrwkrzI`&9!e`UHvb(
zwf8-F`$=GAYFYb~4p*PqF8+M{Y}}z}p>FY_?wfwMOK6}4Z>rpk%XECiwO_EJL+tqh
z;WvuxZa>)eLhyN(b+y}wt=U$ZAeXScL&34Ct=Uh?va{b`6Z1y*@W}hp5&bkD!VZ?6
zww00P53x`PbJt(1X<UavFS6`R;D6Li4P#+x&2LS8|535031RM<*8qFkCJez)6aQ9h
zHR|;jOMmTX2OH~+1{VBnOm*ZnfI4pQ7JmJL|1LMG@Mp8s%7Sk~Yo*lxg&Uw&YS_ZI
zT%#w4m8l>;6ZMMWv92S0$E4iCpv9U}y&p<eO7(=GcNL1!rAAL>E~}N>8Ld<UD>r%z
Hq*nePwqcr8

literal 0
HcmV?d00001

diff --git a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out
index 56c967ad865..71d4c1d8f41 100644
--- a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out
+++ b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out
@@ -29,8 +29,8 @@ CustomProtocolF	1	1287	1
 CustomProtocolG	1	318	1
 CustomProtocolH	1	318	1
 
-	1	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 374/CustomProtocolE][IP: 374/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
-	2	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 375/CustomProtocolF][IP: 375/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
-	3	UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 373/CustomProtocolD][IP: 373/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	UDP [fe80::76ac:b9ff:fe6c:c124]:12717 -> [ff02::1]:64315 [proto: 376/CustomProtocolG][IP: 376/CustomProtocolG][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	UDP [fe80::76ac:b9ff:fe6c:c124]:12718 -> [ff02::1]:26993 [proto: 377/CustomProtocolH][IP: 377/CustomProtocolH][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 375/CustomProtocolE][IP: 375/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+	2	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 376/CustomProtocolF][IP: 376/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+	3	UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 374/CustomProtocolD][IP: 374/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP [fe80::76ac:b9ff:fe6c:c124]:12717 -> [ff02::1]:64315 [proto: 377/CustomProtocolG][IP: 377/CustomProtocolG][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP [fe80::76ac:b9ff:fe6c:c124]:12718 -> [ff02::1]:26993 [proto: 378/CustomProtocolH][IP: 378/CustomProtocolH][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
index 5257071b937..b49c07032d2 100644
--- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
+++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
@@ -27,6 +27,6 @@ CustomProtocolA	3	222	1
 CustomProtocolB	2	148	1
 Unknown	3	222	1
 
-	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.370/TLS.CustomProtocolA][IP: 370/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 372/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 371/CustomProtocolB][IP: 371/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.371/TLS.CustomProtocolA][IP: 371/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 373/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 372/CustomProtocolB][IP: 372/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/synscan.pcap.out b/tests/cfgs/default/result/synscan.pcap.out
index 009f691672a..d372f8f36e2 100644
--- a/tests/cfgs/default/result/synscan.pcap.out
+++ b/tests/cfgs/default/result/synscan.pcap.out
@@ -129,7 +129,7 @@ iSCSI	2	116	2
 	45	TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	46	TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	47	TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	48	TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 364/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	48	TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 365/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	49	TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	50	TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	51	TCP 172.16.0.8:36050 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@@ -194,7 +194,7 @@ iSCSI	2	116	2
 	110	TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	111	TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	112	TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	113	TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 364/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	113	TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 365/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	114	TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	115	TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	116	TCP 172.16.0.8:36051 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/default/result/umas.pcap.out b/tests/cfgs/default/result/umas.pcap.out
new file mode 100644
index 00000000000..11501702888
--- /dev/null
+++ b/tests/cfgs/default/result/umas.pcap.out
@@ -0,0 +1,28 @@
+Guessed flow protos:	0
+
+DPI Packets (TCP):	4	(4.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+Modbus	191	29046	1
+
+	1	TCP 192.168.63.100:7718 <-> 192.168.63.253:502 [proto: 364.44/UMAS.Modbus][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][94 pkts/6876 bytes <-> 97 pkts/22170 bytes][Goodput ratio: 26/76][0.77 sec][bytes ratio: -0.527 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 8/8 183/183 21/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/64 73/229 315/315 36/105][PLAIN TEXT (PU 311 10)][Plen Bins: 57,1,5,2,0,1,0,4,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

From bcfc65d852471aeb0f4159f671d14984a0e81ef7 Mon Sep 17 00:00:00 2001
From: Vladimir Gavrilov <105977161+0xA50C1A1@users.noreply.github.com>
Date: Tue, 28 Nov 2023 18:54:38 +0300
Subject: [PATCH 2/3] Swap proto IDs in ndpi_set_detected_protocol

---
 src/lib/protocols/modbus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/protocols/modbus.c b/src/lib/protocols/modbus.c
index 454b3cc85d8..e57b0d69ed4 100644
--- a/src/lib/protocols/modbus.c
+++ b/src/lib/protocols/modbus.c
@@ -50,7 +50,7 @@ static void ndpi_search_modbus_tcp(struct ndpi_detection_module_struct *ndpi_str
         /* Check Modbus function code. 0x5A (90) is reserved for UMAS protocol */
         if (packet->payload[7] == 0x5A) {
           NDPI_LOG_INFO(ndpi_struct, "found Schneider Electric UMAS\n");
-          ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MODBUS, NDPI_PROTOCOL_UMAS, NDPI_CONFIDENCE_DPI);
+          ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UMAS, NDPI_PROTOCOL_MODBUS, NDPI_CONFIDENCE_DPI);
           return;
         }
 

From 76eb58b95b21e04bcdd904c612dbe4b7dda9430d Mon Sep 17 00:00:00 2001
From: 0xA50C1A1 <mage.wizard.88@gmail.com>
Date: Tue, 28 Nov 2023 19:00:18 +0300
Subject: [PATCH 3/3] Update unit test result

---
 tests/cfgs/default/result/umas.pcap.out | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/cfgs/default/result/umas.pcap.out b/tests/cfgs/default/result/umas.pcap.out
index 11501702888..879d397796d 100644
--- a/tests/cfgs/default/result/umas.pcap.out
+++ b/tests/cfgs/default/result/umas.pcap.out
@@ -23,6 +23,6 @@ Patricia risk IPv6:   0/0 (search/found)
 Patricia protocols:   2/0 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 
-Modbus	191	29046	1
+UMAS	191	29046	1
 
-	1	TCP 192.168.63.100:7718 <-> 192.168.63.253:502 [proto: 364.44/UMAS.Modbus][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][94 pkts/6876 bytes <-> 97 pkts/22170 bytes][Goodput ratio: 26/76][0.77 sec][bytes ratio: -0.527 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 8/8 183/183 21/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/64 73/229 315/315 36/105][PLAIN TEXT (PU 311 10)][Plen Bins: 57,1,5,2,0,1,0,4,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.63.100:7718 <-> 192.168.63.253:502 [proto: 44.364/Modbus.UMAS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: IoT-Scada/31][94 pkts/6876 bytes <-> 97 pkts/22170 bytes][Goodput ratio: 26/76][0.77 sec][bytes ratio: -0.527 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/1 8/8 183/183 21/20][Pkt Len c2s/s2c min/avg/max/stddev: 54/64 73/229 315/315 36/105][PLAIN TEXT (PU 311 10)][Plen Bins: 57,1,5,2,0,1,0,4,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]