Fix function checking if a packet is multicast

2026-05-20 01:01:32 +00:00 · 2025-03-04 19:20:50 +01:00 · 2025-03-04 19:20:50 +01:00 · 086d41c22e
commit 086d41c22e
parent fbb7b8c578
8 changed files with 19 additions and 19 deletions
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@ -7124,7 +7124,7 @@ static u_int8_t ndpi_is_multi_or_broadcast(struct ndpi_packet_struct *packet) {
    /* IPv4 */
    u_int32_t daddr = ntohl(packet->iph->daddr);

-    if(((daddr & 0xE0000000) == 0xE0000000 /* multicast */)
+    if(((daddr & 0xF0000000) == 0xE0000000 /* multicast 224.0.0.0/4 */)
       || ((daddr & 0x000000FF) == 0x000000FF /* last byte is 0xFF, not super correct, but a good approximation */)
       || ((daddr & 0x000000FF) == 0x00000000 /* last byte is 0x00, not super correct, but a good approximation */)
       || (daddr == 0xFFFFFFFF))
--- a/tests/cfgs/default/result/dns_invert_query.pcapng.out
+++ b/tests/cfgs/default/result/dns_invert_query.pcapng.out
@ -11,9 +11,9 @@ LRU cache fpc_dns:    0/0/0 (insert/search/found)
 Automa host:          1/0 (search/found)
 Automa domain:        1/0 (search/found)
 Automa tls cert:      0/0 (search/found)
-Automa risk mask:     0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
 Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        1/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@ -19,7 +19,7 @@ Automa domain:        230/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     124/0 (search/found)
 Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   372/0 (search/found)
+Patricia risk mask:   374/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        13/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
@ -152,7 +152,7 @@ Unrated                         33 4066          33
 	109	UDP 192.168.1.1:53 -> 192.168.1.2:2807 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][0.0.0.0][DNS Id: 0xb31c][Risk: ** Malformed Packet **** Non-Printable/Invalid Chars Detected **** Unidirectional Traffic **][Risk Score: 120][Risk Info: No client to server traffic / Invalid chars detected in domain name / Invalid DNS Query Lenght][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	110	UDP 192.168.1.1:53 -> 192.168.5.2:2784 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.aspa][0.0.0.0][DNS Id: 0x9de5][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	111	UDP 192.168.1.1:53 -> 192.168.119.2:2799 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x1c14][DNS Ptr: localhost][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	112	UDP 192.168.1.1:53 -> 240.168.1.2:2792 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][0.0.0.0][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	112	UDP 192.168.1.1:53 -> 240.168.1.2:2792 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][0.0.0.0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	113	UDP 192.168.130.1:53 -> 192.168.1.2:2741 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x33c0][DNS Ptr: localhost][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	114	UDP 192.168.233.1:53 -> 192.168.1.2:2811 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0x7802][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	115	UDP 253.168.1.1:53 -> 192.168.1.2:2735 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/105 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][< 1 sec][Hostname/SNI: 1.0.0.127.in-addr.arpa][0.0.0.0][DNS Id: 0xf3db][DNS Ptr: localhost][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/lagofast.pcap.out
+++ b/tests/cfgs/default/result/lagofast.pcap.out
@ -14,7 +14,7 @@ Automa domain:        13/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     12/0 (search/found)
 Automa common alpns:  13/13 (search/found)
-Patricia risk mask:   48/0 (search/found)
+Patricia risk mask:   54/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        24/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
@ -40,7 +40,7 @@ JA Host Stats:
 	8	 99.189.94.53             	 1      


-	1	TCP 49.118.157.237:443 -> 251.114.223.28:44636 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][TLSv1.3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
+	1	TCP 49.118.157.237:443 -> 251.114.223.28:44636 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
 	2	TCP 136.238.7.95:443 -> 231.209.192.237:44640 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][TLSv1.3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
 	3	TCP 226.143.37.182:443 -> 70.254.111.101:37898 [proto: 91/TLS][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1506 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0]
 	4	TCP 24.105.33.150:443 -> 5.163.124.163:47280 [proto: 91/TLS][IP: 213/Starcraft][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1494 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][TLSv1.3][JA3S: f4febc55ea12b31ae17cfb7e614afda8][Cipher: TLS_AES_128_GCM_SHA256][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0]
@ -56,7 +56,7 @@ JA Host Stats:
 	14	UDP 0.40.128.100:59607 -> 172.119.18.180:2672 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	15	UDP 23.147.144.74:59607 -> 63.29.27.84:6198 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	16	UDP 25.125.160.55:59607 -> 55.148.149.242:1855 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	17	UDP 38.210.140.253:59607 -> 248.126.41.103:8190 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	17	UDP 38.210.140.253:59607 -> 248.126.41.103:8190 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	18	UDP 46.18.153.127:59607 -> 228.2.57.157:10510 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	19	UDP 50.138.250.44:59607 -> 87.176.151.245:4477 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	20	UDP 50.245.97.76:59607 -> 104.30.90.163:7864 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@ -64,7 +64,7 @@ JA Host Stats:
 	22	UDP 77.134.62.224:59607 -> 43.83.218.54:1189 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	23	UDP 149.210.152.94:59607 -> 10.63.255.254:8190 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	24	UDP 196.228.157.219:59607 -> 206.16.55.103:4750 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	25	UDP 212.123.54.116:59607 -> 245.4.176.194:6808 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	25	UDP 212.123.54.116:59607 -> 245.4.176.194:6808 [proto: 444/LagoFast][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 444/LagoFast, Confidence: DPI][DPI packets: 1][cat: VPN/2][1 pkts/96 bytes -> 0 pkts/0 bytes][Goodput ratio: 56/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	26	UDP 251.113.201.83:53 -> 202.196.158.89:49790 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/95 bytes -> 0 pkts/0 bytes][Goodput ratio: 55/0][< 1 sec][Hostname/SNI: gabooster.6fast.com][47.251.168.225][DNS Id: 0x425b][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][PLAIN TEXT (gabooster)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	27	UDP 40.105.164.193:43932 -> 99.193.243.15:53 [proto: 5/DNS][IP: 21/Outlook][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Hostname/SNI: report.lagofast.com][0.0.0.0][DNS Id: 0x3c8e][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (report)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	28	UDP 157.117.212.161:7725 -> 124.69.119.132:53 [proto: 5/DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/79 bytes -> 0 pkts/0 bytes][Goodput ratio: 46/0][< 1 sec][Hostname/SNI: static.lagofast.com][0.0.0.0][DNS Id: 0x9237][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (static)][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out
+++ b/tests/cfgs/default/result/quic-fuzz-overflow.pcapng.out
@ -13,7 +13,7 @@ Automa domain:        0/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     0/0 (search/found)
 Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        1/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
@ -24,4 +24,4 @@ QUIC	1	1280	1

 Acceptable                       1 1280          1            

-	1	UDP 255.255.255.255:8224 -> 255.255.255.32:8224 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1280 bytes -> 0 pkts/0 bytes][Goodput ratio: 98/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **][Risk Score: 100][Risk Info: SNI should be present all time: attack ? / Expected on port 443][QUIC ver: Q024][PLAIN TEXT (         )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
+	1	UDP 255.255.255.255:8224 -> 255.255.255.32:8224 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1280 bytes -> 0 pkts/0 bytes][Goodput ratio: 98/0][< 1 sec][Risk: ** Known Proto on Non Std Port **** Missing SNI TLS Extn **** Unidirectional Traffic **][Risk Score: 110][Risk Info: No server to client traffic / SNI should be present all time: attack ? / Expected on port 443][QUIC ver: Q024][PLAIN TEXT (         )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
+++ b/tests/cfgs/default/result/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out
@ -14,7 +14,7 @@ Automa domain:        113/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     0/0 (search/found)
 Automa common alpns:  113/113 (search/found)
-Patricia risk mask:   218/0 (search/found)
+Patricia risk mask:   226/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        103/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
@ -67,14 +67,14 @@ JA Host Stats:
 	19	UDP 52.187.20.175:63507 -> 121.209.126.161:443 [proto: 188.126/QUIC.Google][IP: 276/Azure][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.53 sec][Hostname/SNI: clients2.googleusercontent.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	20	UDP 168.144.64.5:58351 -> 193.68.169.100:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][3 pkts/4176 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.23 sec][Hostname/SNI: www.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	21	UDP 52.187.20.175:58123 -> 118.89.218.46:443 [proto: 188.126/QUIC.Google][IP: 285/Tencent][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][1.11 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
-	22	UDP 168.144.64.5:51053 -> 241.138.147.133:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
+	22	UDP 168.144.64.5:51053 -> 241.138.147.133:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: content-autofill.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	23	UDP 168.144.64.5:53431 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.07 sec][Hostname/SNI: fonts.gstatic.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	24	UDP 168.144.64.5:55376 -> 212.22.246.243:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.33 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][PLAIN TEXT (aUOvTUU)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	25	UDP 168.144.64.5:59827 -> 37.47.218.224:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: www.googleadservices.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	26	UDP 168.144.64.5:62719 -> 31.219.210.96:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: lh4.googleusercontent.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	27	UDP 168.144.64.5:64964 -> 133.202.76.105:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.30 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	28	UDP 192.168.254.11:35124 -> 168.78.153.39:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][2 pkts/2784 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.29 sec][Hostname/SNI: s-img.adskeeper.co.uk][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
-	29	UDP 10.117.78.100:44252 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
+	29	UDP 10.117.78.100:44252 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	30	UDP 10.117.78.100:55273 -> 202.152.155.121:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients4.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	31	UDP 159.117.176.124:51856 -> 16.205.123.234:443 [proto: 188.242/QUIC.WhatsAppFiles][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.242/QUIC.WhatsAppFiles, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: media.fmct2-1.fna.whatsapp.net][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	32	UDP 168.144.64.5:49153 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
@ -91,7 +91,7 @@ JA Host Stats:
 	43	UDP 168.144.64.5:51248 -> 99.42.133.245:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	44	UDP 168.144.64.5:51296 -> 128.248.24.1:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: beacons.gcp.gvt2.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h3_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	45	UDP 168.144.64.5:51456 -> 102.194.207.179:443 [proto: 188.239/QUIC.GoogleServices][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.239/QUIC.GoogleServices, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clientservices.googleapis.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
-	46	UDP 168.144.64.5:52273 -> 244.214.160.219:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
+	46	UDP 168.144.64.5:52273 -> 244.214.160.219:443 [proto: 188.124/QUIC.YouTube][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.124/QUIC.YouTube, Confidence: DPI][DPI packets: 1][cat: Media/1][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: r3---sn-vh5ouxa-hju6.googlevideo.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	47	UDP 168.144.64.5:52387 -> 143.52.137.18:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h3_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	48	UDP 168.144.64.5:52396 -> 153.98.28.78:443 [proto: 188.196/QUIC.DoH_DoT][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.196/QUIC.DoH_DoT, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: dns.google][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0312h3_55b375c5d22e_f3854ce178b3][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	49	UDP 168.144.64.5:52942 -> 93.100.151.221:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: clients2.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
@ -158,4 +158,4 @@ JA Host Stats:
 	110	UDP 192.168.254.11:49689 -> 87.179.155.149:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	111	UDP 192.168.254.11:51075 -> 117.148.117.30:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Advertisement/101][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: pagead2.googlesyndication.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
 	112	UDP 192.168.254.11:54692 -> 171.182.169.23:443 [proto: 188/QUIC][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188/QUIC, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: www.freearabianporn.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
-	113	UDP 192.168.254.11:59048 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
+	113	UDP 192.168.254.11:59048 -> 251.236.18.198:443 [proto: 188.126/QUIC.Google][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 188.126/QUIC.Google, Confidence: DPI][DPI packets: 1][cat: Web/5][1 pkts/1392 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][< 1 sec][Hostname/SNI: accounts.google.com][(Advertised) ALPNs: h3-29][TLS Supported Versions: TLSv1.3][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TLSv1.3][QUIC ver: Draft-29][JA4: q13d0310h3_55b375c5d22e_b064f0e3421d][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0]
--- a/tests/cfgs/default/result/ripe_atlas.pcap.out
+++ b/tests/cfgs/default/result/ripe_atlas.pcap.out
@ -13,7 +13,7 @@ Automa domain:        0/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     0/0 (search/found)
 Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   10/0 (search/found)
+Patricia risk mask:   12/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        6/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
@ -30,4 +30,4 @@ Acceptable                       7 469           7
 	4	UDP 168.139.124.224:11476 -> 19.132.223.32:36467 [proto: 417/RipeAtlas][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (11.111.11.111)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	5	UDP 207.246.88.254:56857 -> 96.78.208.202:29195 [proto: 417/RipeAtlas][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (11.111.11.111)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	6	UDP 250.175.205.18:20715 -> 127.251.0.38:26625 [proto: 417/RipeAtlas][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (LMGLNDD)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	7	UDP 252.216.99.208:15422 -> 255.103.25.63:5081 [proto: 417/RipeAtlas][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][PLAIN TEXT (11.111.11.111)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	UDP 252.216.99.208:15422 -> 255.103.25.63:5081 [proto: 417/RipeAtlas][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 417/RipeAtlas, Confidence: DPI][DPI packets: 1][cat: Network/14][1 pkts/67 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (11.111.11.111)][Plen Bins: 100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/snmp.pcap.out
+++ b/tests/cfgs/default/result/snmp.pcap.out
@ -13,7 +13,7 @@ Automa domain:        0/0 (search/found)
 Automa tls cert:      0/0 (search/found)
 Automa risk mask:     0/0 (search/found)
 Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   26/0 (search/found)
+Patricia risk mask:   34/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        15/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)