Add Naraka Bladepoint detection support (#2334)

2026-05-01 16:30:17 +00:00 · 2024-03-04 10:30:54 +03:00 · 2024-03-04 10:30:54 +03:00 · 58fdc9fafb
commit 58fdc9fafb
parent 70aae6e998
85 changed files with 186 additions and 78 deletions
--- a/tests/cfgs/default/pcap/naraka_bladepoint.pcapng
+++ b/tests/cfgs/default/pcap/naraka_bladepoint.pcapng
--- a/tests/cfgs/default/result/1kxun.pcap.out
+++ b/tests/cfgs/default/result/1kxun.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	120	(1.21 pkts/flow)
 Confidence Unknown          : 14 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 177 (flows)
-Num dissector calls: 4993 (25.35 diss/flow)
+Num dissector calls: 5007 (25.42 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/60/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/4in4tunnel.pcap.out
+++ b/tests/cfgs/default/result/4in4tunnel.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	5	(5.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 192 (192.00 diss/flow)
+Num dissector calls: 193 (193.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/6in6tunnel.pcap.out
+++ b/tests/cfgs/default/result/6in6tunnel.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 147 (147.00 diss/flow)
+Num dissector calls: 148 (148.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/EAQ.pcap.out
+++ b/tests/cfgs/default/result/EAQ.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	12	(6.00 pkts/flow)
 DPI Packets (UDP):	116	(4.00 pkts/flow)
 Confidence DPI              : 31 (flows)
-Num dissector calls: 4952 (159.74 diss/flow)
+Num dissector calls: 4981 (160.68 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	7	(1.40 pkts/flow)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 156 (31.20 diss/flow)
+Num dissector calls: 157 (31.40 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
+++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	10	(2.00 pkts/flow)
 Confidence Match by port    : 8 (flows)
 Confidence DPI              : 11 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 1216 (60.80 diss/flow)
+Num dissector calls: 1218 (60.90 diss/flow)
 LRU cache ookla:      0/2/0 (insert/search/found)
 LRU cache bittorrent: 0/27/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out
+++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 61 (flows)
-Num dissector calls: 869 (12.59 diss/flow)
+Num dissector calls: 870 (12.61 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/collectd.pcap.out
+++ b/tests/cfgs/default/result/collectd.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	3
 DPI Packets (UDP):	13	(1.62 pkts/flow)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 467 (58.38 diss/flow)
+Num dissector calls: 470 (58.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out
+++ b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out
@ -1,7 +1,7 @@
 DPI Packets (UDP):	7	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by custom rule: 6 (flows)
-Num dissector calls: 131 (18.71 diss/flow)
+Num dissector calls: 132 (18.86 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
+++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
@ -27,6 +27,6 @@ CustomProtocolC	3	222	1

 Acceptable                       8 592           3            

-	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.408/TLS.CustomProtocolA][IP: 408/CustomProtocolA][Encrypted][Confidence: Match by custom rule][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.409/TLS.CustomProtocolA][IP: 409/CustomProtocolA][Encrypted][Confidence: Match by custom rule][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 800/CustomProtocolC][IP: 800/CustomProtocolC][ClearText][Confidence: Match by custom rule][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 409/CustomProtocolB][IP: 409/CustomProtocolB][ClearText][Confidence: Match by custom rule][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 410/CustomProtocolB][IP: 410/CustomProtocolB][ClearText][Confidence: Match by custom rule][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out
+++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 135 (135.00 diss/flow)
+Num dissector calls: 136 (136.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/discord.pcap.out
+++ b/tests/cfgs/default/result/discord.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	5	(5.00 pkts/flow)
 DPI Packets (UDP):	60	(1.82 pkts/flow)
 Confidence DPI              : 34 (flows)
-Num dissector calls: 4615 (135.74 diss/flow)
+Num dissector calls: 4642 (136.53 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/discord_mid_flow.pcap.out
+++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	3	(3.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 166 (166.00 diss/flow)
+Num dissector calls: 167 (167.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	256	(1.04 pkts/flow)
 Confidence DPI              : 245 (flows)
-Num dissector calls: 20350 (83.06 diss/flow)
+Num dissector calls: 20361 (83.11 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/513/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out
+++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	6	(2.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 444 (148.00 diss/flow)
+Num dissector calls: 447 (149.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out
+++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 148 (148.00 diss/flow)
+Num dissector calls: 149 (149.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/epicgames.pcapng.out
+++ b/tests/cfgs/default/result/epicgames.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	12	(3.00 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 674 (168.50 diss/flow)
+Num dissector calls: 678 (169.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Unknown          : 34 (flows)
 Confidence Match by port    : 27 (flows)
 Confidence DPI              : 190 (flows)
-Num dissector calls: 7335 (29.22 diss/flow)
+Num dissector calls: 7373 (29.37 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/189/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out
@ -5,7 +5,7 @@ DPI Packets (other):	7	(1.00 pkts/flow)
 Confidence Unknown          : 19 (flows)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 55 (flows)
-Num dissector calls: 2221 (28.84 diss/flow)
+Num dissector calls: 2237 (29.05 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/66/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/gnutella.pcap.out
+++ b/tests/cfgs/default/result/gnutella.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 389 (flows)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 370 (flows)
-Num dissector calls: 49327 (64.90 diss/flow)
+Num dissector calls: 49636 (65.31 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/1170/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out
+++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out
@ -3,7 +3,7 @@ Guessed flow protos:	2
 DPI Packets (UDP):	7	(2.33 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
-Num dissector calls: 464 (154.67 diss/flow)
+Num dissector calls: 467 (155.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/h323.pcap.out
+++ b/tests/cfgs/default/result/h323.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 137 (68.50 diss/flow)
+Num dissector calls: 138 (69.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/http_ipv6.pcap.out
+++ b/tests/cfgs/default/result/http_ipv6.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	77	(5.92 pkts/flow)
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence Match by port    : 7 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 168 (11.20 diss/flow)
+Num dissector calls: 169 (11.27 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/21/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/imo.pcap.out
+++ b/tests/cfgs/default/result/imo.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	7	(3.50 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 331 (165.50 diss/flow)
+Num dissector calls: 333 (166.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/instagram.pcap.out
+++ b/tests/cfgs/default/result/instagram.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 7 (flows)
 Confidence DPI              : 30 (flows)
-Num dissector calls: 1393 (36.66 diss/flow)
+Num dissector calls: 1394 (36.68 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/iphone.pcap.out
+++ b/tests/cfgs/default/result/iphone.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	55	(1.77 pkts/flow)
 DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 50 (flows)
-Num dissector calls: 363 (7.12 diss/flow)
+Num dissector calls: 364 (7.14 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out
+++ b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out
@ -2,7 +2,7 @@ DPI Packets (UDP):	1	(1.00 pkts/flow)
 DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 132 (66.00 diss/flow)
+Num dissector calls: 133 (66.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/kontiki.pcap.out
+++ b/tests/cfgs/default/result/kontiki.pcap.out
@ -2,7 +2,7 @@ DPI Packets (UDP):	6	(1.50 pkts/flow)
 DPI Packets (other):	4	(1.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 365 (45.62 diss/flow)
+Num dissector calls: 367 (45.88 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out
+++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	13	(13.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 216 (216.00 diss/flow)
+Num dissector calls: 217 (217.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out
+++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out
@ -2,7 +2,7 @@ DPI Packets (TCP):	9	(3.00 pkts/flow)
 DPI Packets (UDP):	30	(3.33 pkts/flow)
 Confidence DPI (cache)      : 4 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 646 (53.83 diss/flow)
+Num dissector calls: 648 (54.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 25/7/2 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/mullvad_wireguard.pcap.out
+++ b/tests/cfgs/default/result/mullvad_wireguard.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	3	(3.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 153 (153.00 diss/flow)
+Num dissector calls: 154 (154.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/mumble.pcapng.out
+++ b/tests/cfgs/default/result/mumble.pcapng.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 305 (101.67 diss/flow)
+Num dissector calls: 307 (102.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/naraka_bladepoint.pcapng.out
+++ b/tests/cfgs/default/result/naraka_bladepoint.pcapng.out
@ -0,0 +1,28 @@
+DPI Packets (UDP):	1	(1.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 136 (136.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   1/1 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+NarakaBladepoint	5	753	1
+
+Fun                              5 753           1            
+
+	1	UDP 192.168.88.231:58951 <-> 34.141.75.90:28203 [proto: 402/NarakaBladepoint][IP: 284/GoogleCloud][ClearText][Confidence: DPI][DPI packets: 1][cat: Game/8][3 pkts/339 bytes <-> 2 pkts/414 bytes][Goodput ratio: 63/80][0.07 sec][PLAIN TEXT (9251381)][Plen Bins: 0,40,20,20,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/nintendo.pcap.out
+++ b/tests/cfgs/default/result/nintendo.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 15 (flows)
 Confidence Match by IP      : 5 (flows)
-Num dissector calls: 1339 (63.76 diss/flow)
+Num dissector calls: 1344 (64.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/18/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out
+++ b/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	4	(4.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 165 (165.00 diss/flow)
+Num dissector calls: 166 (166.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/openvpn.pcap.out
+++ b/tests/cfgs/default/result/openvpn.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	24	(8.00 pkts/flow)
 DPI Packets (UDP):	15	(3.00 pkts/flow)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 1323 (165.38 diss/flow)
+Num dissector calls: 1328 (166.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/openvpn_nohmac.pcapng.out
+++ b/tests/cfgs/default/result/openvpn_nohmac.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 136 (136.00 diss/flow)
+Num dissector calls: 137 (137.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out
@ -2,7 +2,7 @@ DPI Packets (TCP):	8	(1.33 pkts/flow)
 DPI Packets (UDP):	9	(2.25 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence DPI              : 9 (flows)
-Num dissector calls: 796 (79.60 diss/flow)
+Num dissector calls: 799 (79.90 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	38	(6.33 pkts/flow)
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 7 (flows)
-Num dissector calls: 994 (124.25 diss/flow)
+Num dissector calls: 996 (124.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 149 (149.00 diss/flow)
+Num dissector calls: 150 (150.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/pps.pcap.out
+++ b/tests/cfgs/default/result/pps.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	136	(3.09 pkts/flow)
 Confidence Unknown          : 29 (flows)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 76 (flows)
-Num dissector calls: 6085 (56.87 diss/flow)
+Num dissector calls: 6114 (57.14 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/93/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/protonvpn.pcap.out
+++ b/tests/cfgs/default/result/protonvpn.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	12	(6.00 pkts/flow)
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 149 (49.67 diss/flow)
+Num dissector calls: 150 (50.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/quic.pcap.out
+++ b/tests/cfgs/default/result/quic.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (UDP):	12	(1.20 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 9 (flows)
-Num dissector calls: 232 (23.20 diss/flow)
+Num dissector calls: 233 (23.30 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/quic_0RTT.pcap.out
+++ b/tests/cfgs/default/result/quic_0RTT.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 210 (105.00 diss/flow)
+Num dissector calls: 211 (105.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/raknet.pcap.out
+++ b/tests/cfgs/default/result/raknet.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	24	(2.00 pkts/flow)
 Confidence DPI              : 12 (flows)
-Num dissector calls: 1523 (126.92 diss/flow)
+Num dissector calls: 1529 (127.42 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/rdp2.pcap.out
+++ b/tests/cfgs/default/result/rdp2.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	8	(2.67 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 442 (147.33 diss/flow)
+Num dissector calls: 445 (148.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/rtp.pcapng.out
+++ b/tests/cfgs/default/result/rtp.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	9	(3.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 470 (156.67 diss/flow)
+Num dissector calls: 473 (157.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/rx.pcap.out
+++ b/tests/cfgs/default/result/rx.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	10	(2.00 pkts/flow)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 740 (148.00 diss/flow)
+Num dissector calls: 745 (149.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/sflow.pcap.out
+++ b/tests/cfgs/default/result/sflow.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 136 (136.00 diss/flow)
+Num dissector calls: 137 (137.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/sip.pcap.out
+++ b/tests/cfgs/default/result/sip.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	6	(1.50 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 209 (52.25 diss/flow)
+Num dissector calls: 210 (52.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/sip_hello.pcapng.out
+++ b/tests/cfgs/default/result/sip_hello.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	9	(9.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 201 (201.00 diss/flow)
+Num dissector calls: 202 (202.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/skinny.pcap.out
+++ b/tests/cfgs/default/result/skinny.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	2	(1.00 pkts/flow)
 DPI Packets (UDP):	15	(3.00 pkts/flow)
 Confidence DPI              : 7 (flows)
-Num dissector calls: 762 (108.86 diss/flow)
+Num dissector calls: 767 (109.57 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/softether.pcap.out
+++ b/tests/cfgs/default/result/softether.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	4	(4.00 pkts/flow)
 DPI Packets (UDP):	31	(10.33 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 413 (103.25 diss/flow)
+Num dissector calls: 415 (103.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/starcraft_battle.pcap.out
+++ b/tests/cfgs/default/result/starcraft_battle.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Match by port    : 12 (flows)
 Confidence DPI              : 39 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 1667 (32.06 diss/flow)
+Num dissector calls: 1672 (32.15 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/39/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/synscan.pcap.out
+++ b/tests/cfgs/default/result/synscan.pcap.out
@ -142,7 +142,7 @@ Unrated                       1852 107424        1848
 	46	TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	47	TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	48	TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	49	TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 402/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	49	TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 403/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	50	TCP 172.16.0.8:36050 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	51	TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	52	TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@ -213,7 +213,7 @@ Unrated                       1852 107424        1848
 	117	TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	118	TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	119	TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	120	TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 402/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	120	TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 403/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	121	TCP 172.16.0.8:36051 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	122	TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	123	TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/teams.pcap.out
+++ b/tests/cfgs/default/result/teams.pcap.out
@ -7,7 +7,7 @@ Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 1 (flows)
 Confidence DPI (partial)    : 5 (flows)
 Confidence DPI              : 76 (flows)
-Num dissector calls: 537 (6.47 diss/flow)
+Num dissector calls: 538 (6.48 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/teamspeak3.pcap.out
+++ b/tests/cfgs/default/result/teamspeak3.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 217 (108.50 diss/flow)
+Num dissector calls: 218 (109.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/teamviewer.pcap.out
+++ b/tests/cfgs/default/result/teamviewer.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	4	(4.00 pkts/flow)
 DPI Packets (UDP):	4	(4.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 177 (88.50 diss/flow)
+Num dissector calls: 178 (89.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/telegram.pcap.out
+++ b/tests/cfgs/default/result/telegram.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (UDP):	82	(1.71 pkts/flow)
 Confidence Unknown          : 3 (flows)
 Confidence DPI              : 45 (flows)
-Num dissector calls: 1583 (32.98 diss/flow)
+Num dissector calls: 1586 (33.04 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/tftp.pcap.out
+++ b/tests/cfgs/default/result/tftp.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	2
 DPI Packets (UDP):	15	(1.67 pkts/flow)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 7 (flows)
-Num dissector calls: 661 (73.44 diss/flow)
+Num dissector calls: 665 (73.89 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/toca-boca.pcap.out
+++ b/tests/cfgs/default/result/toca-boca.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	4
 DPI Packets (UDP):	21	(1.00 pkts/flow)
 Confidence Match by port    : 4 (flows)
 Confidence DPI              : 17 (flows)
-Num dissector calls: 557 (26.52 diss/flow)
+Num dissector calls: 561 (26.71 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/viber.pcap.out
+++ b/tests/cfgs/default/result/viber.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	27	(1.93 pkts/flow)
 DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Match by port    : 4 (flows)
 Confidence DPI              : 25 (flows)
-Num dissector calls: 467 (16.10 diss/flow)
+Num dissector calls: 468 (16.14 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/webex.pcap.out
+++ b/tests/cfgs/default/result/webex.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	14	(7.00 pkts/flow)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 53 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 287 (5.04 diss/flow)
+Num dissector calls: 288 (5.05 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/weibo.pcap.out
+++ b/tests/cfgs/default/result/weibo.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	100	(3.33 pkts/flow)
 DPI Packets (UDP):	43	(3.07 pkts/flow)
 Confidence Match by port    : 21 (flows)
 Confidence DPI              : 23 (flows)
-Num dissector calls: 571 (12.98 diss/flow)
+Num dissector calls: 573 (13.02 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/63/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/wireguard.pcap.out
+++ b/tests/cfgs/default/result/wireguard.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	6	(3.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 305 (152.50 diss/flow)
+Num dissector calls: 307 (153.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/zoom.pcap.out
+++ b/tests/cfgs/default/result/zoom.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	40	(2.22 pkts/flow)
 DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 32 (flows)
-Num dissector calls: 1049 (30.85 diss/flow)
+Num dissector calls: 1050 (30.88 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       7/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/zoom_p2p.pcapng.out
+++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out
@ -4,7 +4,7 @@ DPI Packets (UDP):	52	(5.20 pkts/flow)
 DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence DPI (partial cache): 4 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 858 (71.50 diss/flow)
+Num dissector calls: 862 (71.83 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)