New protocols for Amazon/AWS sub-classification (#2975)

Add: * Cognito * API Gateway * Kinesis * EC2 * EMR * S3 * Cloudfront * DynamoDB Keep `NDPI_PROTOCOL_AMAZON_AWS` for generic AWS traffic
2026-04-28 23:19:42 +00:00 · 2025-10-02 11:48:25 +02:00 · 2025-10-02 11:48:25 +02:00 · 113170cca4
commit 113170cca4
parent c9dfc946ff
93 changed files with 5121 additions and 826 deletions
--- a/tests/cfgs/default/result/http_invalid_server.pcap.out
+++ b/tests/cfgs/default/result/http_invalid_server.pcap.out
@ -26,4 +26,4 @@ Safe                            12 1301          1

 Network                         12 1301          1            

-	1	TCP 192.168.1.29:51536 <-> 143.204.14.183:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 265/AmazonAWS][ClearText][Confidence: DPI][FPC: 265/AmazonAWS, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][7 pkts/556 bytes <-> 5 pkts/745 bytes][Goodput ratio: 15/55][0.04 sec][Hostname/SNI: ocsp.rootg2.amazontrust.com][bytes ratio: -0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/4 12/12 6/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/149 148/468 28/160][URL: ocsp.rootg2.amazontrust.com/][StatusCode: 200][Content-Type: application/ocsp-response][Server: ¯\_(ツ)_/¯][User-Agent: **][Risk: ** HTTP Susp User-Agent **** HTTP Susp Header **][Risk Score: 200][Risk Info: Suspicious Agent [¯\_(ツ)_/¯] / Suspicious Log4J][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 33,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.29:51536 <-> 143.204.14.183:80 [proto: 7.63/HTTP.OCSP][Stack: HTTP.OCSP][IP: 464/AWS_Cloudfront][ClearText][Confidence: DPI][FPC: 464/AWS_Cloudfront, Confidence: IP address][DPI packets: 6][cat: Network/14][Breed: Safe][7 pkts/556 bytes <-> 5 pkts/745 bytes][Goodput ratio: 15/55][0.04 sec][Hostname/SNI: ocsp.rootg2.amazontrust.com][bytes ratio: -0.145 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 5/4 12/12 6/6][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 79/149 148/468 28/160][URL: ocsp.rootg2.amazontrust.com/][StatusCode: 200][Content-Type: application/ocsp-response][Server: ¯\_(ツ)_/¯][User-Agent: **][Risk: ** HTTP Susp User-Agent **** HTTP Susp Header **][Risk Score: 200][Risk Info: Suspicious Agent [¯\_(ツ)_/¯] / Suspicious Log4J][TCP Fingerprint: 2_64_65535_d29295416479/macOS][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 33,0,33,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]