Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IPv6: add support for IPv6 risk tree #2118

Merged
merged 1 commit into from
Oct 27, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
6 changes: 6 additions & 0 deletions example/ndpiReader.c
Original file line number Diff line number Diff line change
Expand Up @@ -3898,6 +3898,9 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
printf("\tPatricia risk: %llu/%llu (search/found)\n",
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_RISK].n_search,
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_RISK].n_found);
printf("\tPatricia risk IPv6: %llu/%llu (search/found)\n",
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_RISK6].n_search,
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_RISK6].n_found);
printf("\tPatricia protocols: %llu/%llu (search/found)\n",
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_PROTOCOLS].n_search,
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_PROTOCOLS].n_found);
Expand Down Expand Up @@ -3997,6 +4000,9 @@ static void printResults(u_int64_t processing_time_usec, u_int64_t setup_time_us
fprintf(results_file, "Patricia risk: %llu/%llu (search/found)\n",
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_RISK].n_search,
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_RISK].n_found);
fprintf(results_file, "Patricia risk IPv6: %llu/%llu (search/found)\n",
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_RISK6].n_search,
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_RISK6].n_found);
fprintf(results_file, "Patricia protocols: %llu/%llu (search/found)\n",
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_PROTOCOLS].n_search,
(long long unsigned int)cumulative_stats.patricia_stats[NDPI_PTREE_PROTOCOLS].n_found);
Expand Down
2 changes: 2 additions & 0 deletions src/include/ndpi_typedefs.h
Original file line number Diff line number Diff line change
Expand Up @@ -693,6 +693,7 @@ typedef enum {
typedef enum {
NDPI_PTREE_RISK_MASK = 0,
NDPI_PTREE_RISK,
NDPI_PTREE_RISK6,
NDPI_PTREE_PROTOCOLS,
NDPI_PTREE_PROTOCOLS6,

Expand Down Expand Up @@ -1311,6 +1312,7 @@ struct ndpi_detection_module_struct {
/* Patricia trees */
ndpi_patricia_tree_t *ip_risk_mask_ptree;
ndpi_patricia_tree_t *ip_risk_ptree;
ndpi_patricia_tree_t *ip_risk_ptree6;
ndpi_patricia_tree_t *protocols_ptree; /* IP-based protocol detection */
ndpi_patricia_tree_t *protocols_ptree6;

Expand Down
1,015 changes: 509 additions & 506 deletions src/lib/inc_generated/ndpi_crawlers_match.c.inc

Large diffs are not rendered by default.

92 changes: 63 additions & 29 deletions src/lib/ndpi_main.c
Original file line number Diff line number Diff line change
Expand Up @@ -2289,6 +2289,10 @@ int ndpi_get_patricia_stats(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_patricia_get_stats(ndpi_struct->ip_risk_ptree, stats);
return 0;

case NDPI_PTREE_RISK6:
ndpi_patricia_get_stats(ndpi_struct->ip_risk_ptree6, stats);
return 0;

case NDPI_PTREE_PROTOCOLS:
ndpi_patricia_get_stats(ndpi_struct->protocols_ptree, stats);
return 0;
Expand Down Expand Up @@ -2542,6 +2546,23 @@ ndpi_risk_enum ndpi_network_risk_ptree_match(struct ndpi_detection_module_struct

/* ******************************************* */

ndpi_risk_enum ndpi_network_risk_ptree_match6(struct ndpi_detection_module_struct *ndpi_str,
struct in6_addr *pin) {
ndpi_prefix_t prefix;
ndpi_patricia_node_t *node;

/* Make sure all in network byte order otherwise compares wont work */
ndpi_fill_prefix_v6(&prefix, pin, 128, ((ndpi_patricia_tree_t *) ndpi_str->ip_risk_ptree6)->maxbits);
node = ndpi_patricia_search_best(ndpi_str->ip_risk_ptree6, &prefix);

if(node)
return((ndpi_risk_enum)node->value.u.uv16[0].user_value);

return(NDPI_NO_RISK);
}

/* ******************************************* */

static ndpi_patricia_node_t* add_to_ptree(ndpi_patricia_tree_t *tree, int family, void *addr, int bits) {
ndpi_prefix_t prefix;
ndpi_patricia_node_t *node;
Expand Down Expand Up @@ -3105,18 +3126,24 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
ndpi_str->ip_risk_mask_ptree = ndpi_patricia_new(32 /* IPv4 */);

if(!(prefs & ndpi_dont_init_risk_ptree)) {
/* TODO: ipv6 ip_risk_ptree */
/* To disable warnings */
(void)ndpi_anonymous_subscriber_icloud_private_relay_protocol_list_6;
(void)ndpi_http_crawler_bot_protocol_list_6;
(void)ndpi_anonymous_subscriber_protonvpn_protocol_list_6;
if((ndpi_str->ip_risk_ptree = ndpi_patricia_new(32 /* IPv4 */)) != NULL) {
if(!(prefs & ndpi_dont_load_icloud_private_relay_list))
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->ip_risk_ptree, ndpi_anonymous_subscriber_icloud_private_relay_protocol_list);
if(!(prefs & ndpi_dont_load_protonvpn_exit_nodes_list))
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->ip_risk_ptree, ndpi_anonymous_subscriber_protonvpn_protocol_list);
if(!(prefs & ndpi_dont_load_crawlers_list))
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->ip_risk_ptree, ndpi_http_crawler_bot_protocol_list);

if((ndpi_str->ip_risk_ptree = ndpi_patricia_new(32 /* IPv4 */)) == NULL ||
(ndpi_str->ip_risk_ptree6 = ndpi_patricia_new(128 /* IPv6 */)) == NULL) {
NDPI_LOG_ERR(ndpi_str, "[NDPI] Error allocating tree\n");
ndpi_exit_detection_module(ndpi_str);
return NULL;
}
if(!(prefs & ndpi_dont_load_icloud_private_relay_list)) {
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->ip_risk_ptree, ndpi_anonymous_subscriber_icloud_private_relay_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->ip_risk_ptree6, ndpi_anonymous_subscriber_icloud_private_relay_protocol_list_6);
}
if(!(prefs & ndpi_dont_load_protonvpn_exit_nodes_list)) {
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->ip_risk_ptree, ndpi_anonymous_subscriber_protonvpn_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->ip_risk_ptree6, ndpi_anonymous_subscriber_protonvpn_protocol_list_6);
}
if(!(prefs & ndpi_dont_load_crawlers_list)) {
ndpi_init_ptree_ipv4(ndpi_str, ndpi_str->ip_risk_ptree, ndpi_http_crawler_bot_protocol_list);
ndpi_init_ptree_ipv6(ndpi_str, ndpi_str->ip_risk_ptree6, ndpi_http_crawler_bot_protocol_list_6);
}
}

Expand Down Expand Up @@ -3716,6 +3743,9 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_str) {
if(ndpi_str->ip_risk_ptree)
ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->ip_risk_ptree, NULL);

if(ndpi_str->ip_risk_ptree6)
ndpi_patricia_destroy((ndpi_patricia_tree_t *) ndpi_str->ip_risk_ptree6, NULL);

if(ndpi_str->udpRoot != NULL) ndpi_tdestroy(ndpi_str->udpRoot, ndpi_free);
if(ndpi_str->tcpRoot != NULL) ndpi_tdestroy(ndpi_str->tcpRoot, ndpi_free);

Expand Down Expand Up @@ -7652,25 +7682,29 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio
flow->risk_checked = 1;
}
if(!flow->tree_risk_checked) {
if(ndpi_str->ip_risk_ptree) {
/* TODO: ipv6 */
if(packet->iph &&
ndpi_is_public_ipv4(ntohl(packet->iph->saddr)) &&
ndpi_is_public_ipv4(ntohl(packet->iph->daddr))) {
struct in_addr addr;
ndpi_risk_enum net_risk;

addr.s_addr = packet->iph->saddr;
net_risk = ndpi_network_risk_ptree_match(ndpi_str, &addr);
if(net_risk == NDPI_NO_RISK) {
addr.s_addr = packet->iph->daddr;
net_risk = ndpi_network_risk_ptree_match(ndpi_str, &addr);
}
ndpi_risk_enum net_risk = NDPI_NO_RISK;

if(net_risk != NDPI_NO_RISK)
ndpi_set_risk(ndpi_str, flow, net_risk, NULL);
}
/* Right now, all the 3 supported risks are only about the *client* ip.
Don't check the server ip, to try avoiding false positives */

if(ndpi_str->ip_risk_ptree &&
packet->iph &&
ndpi_is_public_ipv4(ntohl(packet->iph->saddr)) &&
ndpi_is_public_ipv4(ntohl(packet->iph->daddr))) {
struct in_addr addr;

addr.s_addr = flow->c_address.v4;
net_risk = ndpi_network_risk_ptree_match(ndpi_str, &addr);
} else if(ndpi_str->ip_risk_ptree6 &&
packet->iphv6) { /* TODO: some checks on "local" addresses? */
struct in6_addr addr;

addr = *(struct in6_addr *)&flow->c_address.v6;
net_risk = ndpi_network_risk_ptree_match6(ndpi_str, &addr);
}
if(net_risk != NDPI_NO_RISK)
ndpi_set_risk(ndpi_str, flow, net_risk, NULL);

flow->tree_risk_checked = 1;
}

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/caches_cfg/result/ookla.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 4/4 (search/found)
Patricia risk mask: 2/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 11/1 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
3 changes: 2 additions & 1 deletion tests/cfgs/caches_cfg/result/teams.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ Automa tls cert: 0/0 (search/found)
Automa risk mask: 24/1 (search/found)
Automa common alpns: 67/67 (search/found)
Patricia risk mask: 80/0 (search/found)
Patricia risk: 2/0 (search/found)
Patricia risk: 1/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 121/47 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
3 changes: 2 additions & 1 deletion tests/cfgs/default/result/1kxun.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ Automa tls cert: 0/0 (search/found)
Automa risk mask: 16/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 174/0 (search/found)
Patricia risk: 6/0 (search/found)
Patricia risk: 3/0 (search/found)
Patricia risk IPv6: 25/0 (search/found)
Patricia protocols: 315/59 (search/found)
Patricia protocols IPv6: 50/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/443-chrome.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 2/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 2/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/443-curl.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 2/2 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 2/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/443-firefox.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 2/2 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 2/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/443-git.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 1/1 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 1/1 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/443-opvn.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 2/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/443-safari.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 7/7 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 2/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/4in4tunnel.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 2/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/4in6tunnel.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 2/2 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 2/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
3 changes: 2 additions & 1 deletion tests/cfgs/default/result/6in4tunnel.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ Automa risk mask: 3/0 (search/found)
Automa common alpns: 4/4 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 10/1 (search/found)
Patricia protocols: 0/0 (search/found)
Patricia protocols IPv6: 17/4 (search/found)

Expand All @@ -38,7 +39,7 @@ JA3 Host Stats:
2 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:53234 <-> [2a03:2880:1010:6f03:face:b00c::2]:443 [proto: 91.119/TLS.Facebook][IP: 119/Facebook][Encrypted][Confidence: DPI][DPI packets: 7][cat: SocialNetwork/6][18 pkts/6894 bytes <-> 15 pkts/7032 bytes][Goodput ratio: 72/77][0.53 sec][Hostname/SNI: www.facebook.com][(Advertised) ALPNs: spdy/3.1;h2-14;h2;http/1.1][bytes ratio: -0.010 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 20/23 98/97 33/36][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 383/469 1504/1911 467/576][TLSv1.2][JA3C: eb7cdd4e7dea7a11b3016c3c9acbd2a3][ServerNames: *.facebook.com,facebook.com,*.xz.fbcdn.net,messenger.com,fb.com,*.m.facebook.com,*.fbsbx.com,*.xy.fbcdn.net,*.messenger.com,*.fb.com,*.fbcdn.net,*.xx.fbcdn.net,*.facebook.net][JA3S: 6806b8fe92d7d465715d771eb102ff04][Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3][Subject: C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com][Certificate SHA-1: 93:C6:FD:1A:84:90:BB:F1:B2:3B:49:A0:9B:1F:6F:0B:46:7A:31:41][Validity: 2014-08-28 00:00:00 - 2015-12-31 12:00:00][Cipher: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256][Plen Bins: 5,32,5,0,0,5,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,5,5,0,0,0,0,0,5,0,0,0,0,0,5,0,0,0,0,0,0,0,0,15,0,0,0,5]
3 ICMPV6 [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][23 pkts/3174 bytes <-> 23 pkts/3174 bytes][Goodput ratio: 41/41][22.14 sec][bytes ratio: 0.000 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 1000/992 1001/1001 1001/1012 0/4][Pkt Len c2s/s2c min/avg/max/stddev: 138/138 138/138 138/138 0/0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:41538 <-> [2604:a880:1:20::224:b001]:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][6 pkts/786 bytes <-> 4 pkts/1006 bytes][Goodput ratio: 18/57][0.82 sec][Hostname/SNI: mail.tomasu.net][bytes ratio: -0.123 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/2 164/56 495/110 171/54][Pkt Len c2s/s2c min/avg/max/stddev: 106/106 131/252 248/680 52/247][URL: mail.tomasu.net/][StatusCode: 301][Content-Type: text/html][Server: Apache/2.4.10 (Debian)][User-Agent: Wget/1.16.3 (linux-gnu)][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (ds 0/u6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 -> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1314 bytes -> 0 pkts/0 bytes][Goodput ratio: 94/0][< 1 sec][Risk: ** Crawler/Bot **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic][PLAIN TEXT (ds 0/u6)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
6 UDP [2001:470:1f16:13f::2]:53959 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/133 bytes <-> 1 pkts/273 bytes][Goodput ratio: 38/70][0.09 sec][Hostname/SNI: star.c10r.facebook.com][2a03:2880:1010:6f03:face:b00c::2][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][IP: 119/Facebook][ClearText][Confidence: DPI][DPI packets: 2][cat: Network/14][1 pkts/133 bytes <-> 1 pkts/261 bytes][Goodput ratio: 38/68][0.09 sec][Hostname/SNI: star.c10r.facebook.com][173.252.120.6][PLAIN TEXT (facebook)][Plen Bins: 0,50,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Email/3][1 pkts/152 bytes <-> 1 pkts/106 bytes][Goodput ratio: 30/0][0.01 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/6in6tunnel.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 1/0 (search/found)
Patricia protocols: 0/0 (search/found)
Patricia protocols IPv6: 2/0 (search/found)

Expand Down
3 changes: 2 additions & 1 deletion tests/cfgs/default/result/BGP_Cisco_hdlc_slarp.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 0/0 (search/found)
Patricia risk: 2/0 (search/found)
Patricia risk: 1/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 2/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
3 changes: 2 additions & 1 deletion tests/cfgs/default/result/BGP_redist.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 4/0 (search/found)
Patricia risk: 4/0 (search/found)
Patricia risk: 2/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 4/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/EAQ.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ Automa risk mask: 2/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 46/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 60/2 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 10/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 10/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/IEC104.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 4/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 4/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/KakaoTalk_chat.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ Automa risk mask: 18/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 60/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 63/15 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
1 change: 1 addition & 0 deletions tests/cfgs/default/result/KakaoTalk_talk.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ Automa risk mask: 1/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 30/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 33/11 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
3 changes: 2 additions & 1 deletion tests/cfgs/default/result/NTPv2.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 2/0 (search/found)
Patricia risk: 2/0 (search/found)
Patricia risk: 1/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 2/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
3 changes: 2 additions & 1 deletion tests/cfgs/default/result/NTPv3.pcap.out
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 2/0 (search/found)
Patricia risk: 2/0 (search/found)
Patricia risk: 1/0 (search/found)
Patricia risk IPv6: 0/0 (search/found)
Patricia protocols: 2/0 (search/found)
Patricia protocols IPv6: 0/0 (search/found)

Expand Down
Loading