ApplePush: rework detection (#3075)

Current ApplePush dissector only look for IP match and doesn't allow full metadata extraction (see #3074). Since all ApplePush flows are TLS ones, let TLS dissector do its job and handle IP match as usual; with this change, the dissector itself is useless: remove it. Close #3074 Signed-off-by: Chad Monroe <chad@monroe.io> Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>
2026-05-19 16:28:13 +00:00 · 2026-01-19 09:32:19 -08:00 · 2026-01-19 09:32:19 -08:00 · 6755d3309a
commit 6755d3309a
parent fd6c234356
189 changed files with 257 additions and 313 deletions
--- a/src/include/ndpi_private.h
+++ b/src/include/ndpi_private.h
@ -953,7 +953,6 @@ void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_cpha_dissector(struct ndpi_detection_module_struct *ndpi_struct);
-void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_amazon_video_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_whatsapp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
 void init_ajp_dissector(struct ndpi_detection_module_struct *ndpi_struct);
--- a/src/lib/ndpi_content_match.c.inc
+++ b/src/lib/ndpi_content_match.c.inc
@ -309,6 +309,15 @@ static ndpi_network host_protocol_list[] = {
  { 0xBC2A5F00 /* 188.42.95.0/24 */, 24, NDPI_PROTOCOL_VIVOX },
  { 0xBC2A9300 /* 188.42.147.0/24 */, 24, NDPI_PROTOCOL_VIVOX },

+  /* ApplePush: https://support.apple.com/en-us/HT203609
+     TODO: are we able to autogenerate this list?
+   */
+  { 0x11f90000 /* 17.249.0.0/16 */, 16, NDPI_PROTOCOL_APPLE_PUSH },
+  { 0x11fc0000 /* 17.252.0.0/16 */, 16, NDPI_PROTOCOL_APPLE_PUSH },
+  { 0x11399000 /* 17.57.144.0/22 */, 22, NDPI_PROTOCOL_APPLE_PUSH },
+  { 0x11bc8000 /* 17.188.128.0/18 */, 18, NDPI_PROTOCOL_APPLE_PUSH },
+  { 0x11bc1400 /* 17.188.20.0/23 */, 23, NDPI_PROTOCOL_APPLE_PUSH },
+
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_content_match_host_protocol_list.c.inc"
 #endif
@ -319,10 +328,16 @@ static ndpi_network host_protocol_list[] = {

 static ndpi_network6 host_protocol_list_6[] = {

- /* See the ipv4 list for a description */
+ /* See the ipv4 lists for a descriptions */
+
 { "2606:4700:100::", 48, NDPI_PROTOCOL_CLOUDFLARE_WARP },
 { "2606:4700:102::", 48, NDPI_PROTOCOL_CLOUDFLARE_WARP },

+ { "2620:149:a44::", 48, NDPI_PROTOCOL_APPLE_PUSH },
+ { "2403:300:a42::", 48, NDPI_PROTOCOL_APPLE_PUSH },
+ { "2403:300:a51::", 48, NDPI_PROTOCOL_APPLE_PUSH },
+ { "2a01:b740:a42::", 48, NDPI_PROTOCOL_APPLE_PUSH },
+
 /* End */
 { NULL, 0, 0 }
 };
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@ -6973,9 +6973,6 @@ static int dissectors_init(struct ndpi_detection_module_struct *ndpi_str) {
  /* DIAMETER */
  init_diameter_dissector(ndpi_str);

-  /* APPLE_PUSH */
-  init_apple_push_dissector(ndpi_str);
-
  /* EAQ */
  init_eaq_dissector(ndpi_str);

--- a/src/lib/protocols/apple_push.c
+++ b/src/lib/protocols/apple_push.c
@ -1,104 +0,0 @@
-/*
- * apple_push.c
- *
- * Copyright (C) 2018 by ntop.org
- *
- * This file is part of nDPI, an open source deep packet inspection
- * library based on the OpenDPI and PACE technology by ipoque GmbH
- *
- * nDPI is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * nDPI is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include "ndpi_protocol_ids.h"
-
-#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLE_PUSH
-
-#include "ndpi_api.h"
-#include "ndpi_private.h"
-
-static int is_apple_push_addr(const struct ndpi_packet_struct *packet)
-{
-  if(packet->iph) {
-    /* 17.0.0.0/8 */
-    if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000) ||
-       ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000))
-      return 1;
-  } else if(packet->iphv6) {
-    /* 2620:149:a44::/48 */
-    if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x26200149)) &&
-        ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a440000))) ||
-       ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x26200149)) &&
-        ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a440000))))
-      return 1;
-    /* 2403:300:a42::/48 */
-    if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
-        ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))) ||
-       ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
-        ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))))
-      return 1;
-    /* 2403:300:a51::/48 */
-    if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
-        ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a510000))) ||
-       ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x24030300)) &&
-        ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a510000))))
-      return 1;
-    /* 2a01:b740:a42::/48 */
-    if(((packet->iphv6->ip6_src.u6_addr.u6_addr32[0] == ntohl(0x2a0ab740)) &&
-        ((packet->iphv6->ip6_src.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))) ||
-       ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == ntohl(0x2a0ab740)) &&
-        ((packet->iphv6->ip6_dst.u6_addr.u6_addr32[1] & htonl (0xffff0000)) == ntohl(0x0a420000))))
-      return 1;
-
-  }
-  return 0;
-}
-
-
-static void ndpi_check_apple_push(struct ndpi_detection_module_struct *ndpi_struct,
-				  struct ndpi_flow_struct *flow) {
-  struct ndpi_packet_struct *packet = &ndpi_struct->packet;
-
-  /* https://support.apple.com/en-us/HT203609 */
-  if(is_apple_push_addr(packet)) {
-    u_int16_t apple_push_port       = ntohs(5223);
-    u_int16_t notification_apn_port = ntohs(2197);
-	
-    if((packet->tcp->source == apple_push_port) || (packet->tcp->dest == apple_push_port) ||
-       (packet->tcp->source == notification_apn_port) || (packet->tcp->dest == notification_apn_port)) {
-      NDPI_LOG_INFO(ndpi_struct, "found apple_push\n");
-      ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
-      return;
-    }
-  }
-
-  NDPI_EXCLUDE_DISSECTOR(ndpi_struct, flow);
-}
-
-static void ndpi_search_apple_push(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-  NDPI_LOG_DBG(ndpi_struct, "search apple_push\n");
-
-  ndpi_check_apple_push(ndpi_struct, flow);
-}
-
-
-void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct)
-{
-  ndpi_register_dissector("APPLE_PUSH", ndpi_struct,
-                     ndpi_search_apple_push,
-                     NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
-                     1, NDPI_PROTOCOL_APPLE_PUSH);
-}
-
--- a/tests/cfgs/caches_cfg/result/ookla.pcap.out
+++ b/tests/cfgs/caches_cfg/result/ookla.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	40	(6.67 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 578 (96.33 diss/flow)
+Num dissector calls: 575 (95.83 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/caches_cfg/result/teams.pcap.out
+++ b/tests/cfgs/caches_cfg/result/teams.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 80 (flows)
-Num dissector calls: 525 (6.33 diss/flow)
+Num dissector calls: 524 (6.31 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache stun:       30/0/0 (insert/search/found)
--- a/tests/cfgs/caches_global/result/bittorrent.pcap.out
+++ b/tests/cfgs/caches_global/result/bittorrent.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	24	(1.00 pkts/flow)
 Confidence DPI              : 24 (flows)
-Num dissector calls: 1696 (70.67 diss/flow)
+Num dissector calls: 1674 (69.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 120/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/caches_global/result/ookla.pcap.out
+++ b/tests/cfgs/caches_global/result/ookla.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	40	(6.67 pkts/flow)
 Confidence DPI (partial cache): 1 (flows)
 Confidence DPI              : 4 (flows)
 Confidence DPI (aggressive) : 1 (flows)
-Num dissector calls: 578 (96.33 diss/flow)
+Num dissector calls: 575 (95.83 diss/flow)
 LRU cache ookla:      4/2/2 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/caches_global/result/teams.pcap.out
+++ b/tests/cfgs/caches_global/result/teams.pcap.out
@ -7,7 +7,7 @@ Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
 Confidence DPI (partial)    : 4 (flows)
 Confidence DPI              : 76 (flows)
-Num dissector calls: 525 (6.33 diss/flow)
+Num dissector calls: 524 (6.31 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache stun:       30/0/0 (insert/search/found)
--- a/tests/cfgs/classification_only/result/bittorrent.pcap.out
+++ b/tests/cfgs/classification_only/result/bittorrent.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	24	(1.00 pkts/flow)
 Confidence DPI              : 24 (flows)
-Num dissector calls: 1696 (70.67 diss/flow)
+Num dissector calls: 1674 (69.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 120/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/classification_only/result/bittorrent_tcp_miss.pcapng.out
+++ b/tests/cfgs/classification_only/result/bittorrent_tcp_miss.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	10	(10.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 229 (229.00 diss/flow)
+Num dissector calls: 228 (228.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 5/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/classification_only/result/ookla.pcap.out
+++ b/tests/cfgs/classification_only/result/ookla.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	38	(6.33 pkts/flow)
 Confidence DPI (partial cache): 1 (flows)
 Confidence DPI              : 4 (flows)
 Confidence DPI (aggressive) : 1 (flows)
-Num dissector calls: 578 (96.33 diss/flow)
+Num dissector calls: 575 (95.83 diss/flow)
 LRU cache ookla:      4/2/2 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/classification_only/result/teams.pcap.out
+++ b/tests/cfgs/classification_only/result/teams.pcap.out
@ -7,7 +7,7 @@ Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
 Confidence DPI (partial)    : 6 (flows)
 Confidence DPI              : 74 (flows)
-Num dissector calls: 525 (6.33 diss/flow)
+Num dissector calls: 524 (6.31 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache stun:       24/0/0 (insert/search/found)
--- a/tests/cfgs/default/pcap/apple_push.pcap
+++ b/tests/cfgs/default/pcap/apple_push.pcap
--- a/tests/cfgs/default/result/1kxun.pcap.out
+++ b/tests/cfgs/default/result/1kxun.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	120	(1.21 pkts/flow)
 Confidence Unknown          : 9 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 182 (flows)
-Num dissector calls: 4512 (22.90 diss/flow)
+Num dissector calls: 4509 (22.89 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/45/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/443-chrome.pcap.out
+++ b/tests/cfgs/default/result/443-chrome.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 161 (161.00 diss/flow)
+Num dissector calls: 160 (160.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/443-opvn.pcap.out
+++ b/tests/cfgs/default/result/443-opvn.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 162 (162.00 diss/flow)
+Num dissector calls: 161 (161.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/KakaoTalk_chat.pcap.out
+++ b/tests/cfgs/default/result/KakaoTalk_chat.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	36	(2.00 pkts/flow)
 DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Match by port    : 5 (flows)
 Confidence DPI              : 33 (flows)
-Num dissector calls: 531 (13.97 diss/flow)
+Num dissector calls: 529 (13.92 diss/flow)
 LRU cache ookla:      0/1/0 (insert/search/found)
 LRU cache bittorrent: 0/15/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
+++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	17	(3.40 pkts/flow)
 Confidence Match by port    : 8 (flows)
 Confidence DPI              : 11 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 1242 (62.10 diss/flow)
+Num dissector calls: 1238 (61.90 diss/flow)
 LRU cache ookla:      0/2/0 (insert/search/found)
 LRU cache bittorrent: 0/27/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/Oscar.pcap.out
+++ b/tests/cfgs/default/result/Oscar.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (TCP):	19	(19.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 245 (245.00 diss/flow)
+Num dissector calls: 244 (244.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/alexa-app.pcapng.out
+++ b/tests/cfgs/default/result/alexa-app.pcapng.out
@ -6,7 +6,7 @@ DPI Packets (other):	6	(1.00 pkts/flow)
 Confidence Match by port    : 14 (flows)
 Confidence DPI              : 144 (flows)
 Confidence Match by custom rule: 2 (flows)
-Num dissector calls: 537 (3.36 diss/flow)
+Num dissector calls: 536 (3.35 diss/flow)
 LRU cache ookla:      0/5/0 (insert/search/found)
 LRU cache bittorrent: 0/42/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/alicloud.pcap.out
+++ b/tests/cfgs/default/result/alicloud.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	60	(4.00 pkts/flow)
 Confidence DPI              : 15 (flows)
-Num dissector calls: 1545 (103.00 diss/flow)
+Num dissector calls: 1530 (102.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/amqp.pcap.out
+++ b/tests/cfgs/default/result/amqp.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	9	(3.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 373 (124.33 diss/flow)
+Num dissector calls: 370 (123.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out
+++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 61 (flows)
-Num dissector calls: 812 (11.77 diss/flow)
+Num dissector calls: 811 (11.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
@ -96,7 +96,7 @@ JA Host Stats:
 	29	UDP 10.0.0.227:59582 <-> 75.75.75.75:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/92 bytes <-> 1 pkts/323 bytes][Goodput ratio: 54/87][0.02 sec][Hostname/SNI: 1-courier.sandbox.push.apple.com][17.188.138.71][DNS Id: 0x1090][PLAIN TEXT (courier)][Plen Bins: 0,50,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	30	TCP 10.0.0.227:56871 <-> 8.37.103.196:443 [proto: 91/TLS][Stack: TLS][IP: 0/Unknown][Encrypted][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Web/5][Breed: Safe][1 pkts/66 bytes <-> 5 pkts/330 bytes][Goodput ratio: 0/0][20.32 sec][bytes ratio: -0.667 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 66/66 66/66 0/0][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	31	TCP 10.0.0.227:56916 -> 10.0.0.151:8009 [proto: 139/AJP][Stack: AJP][IP: 0/Unknown][ClearText][Confidence: Match by port][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Web/5][Breed: Acceptable][5 pkts/390 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][5.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][TCP Fingerprint: 2_64_65535_15db81ff8b0d/Unknown][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	32	TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 91/TLS][Stack: TLS][IP: 140/Apple][Encrypted][Confidence: DPI][FPC: 140/Apple, Confidence: IP address][DPI packets: 2][cat: Web/5][Breed: Safe][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0/28][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	32	TCP 10.0.0.227:56886 <-> 17.57.144.116:5223 [proto: 91/TLS][Stack: TLS][IP: 238/ApplePush][Encrypted][Confidence: DPI][FPC: 238/ApplePush, Confidence: IP address][DPI packets: 2][cat: Web/5][Breed: Safe][3 pkts/174 bytes <-> 2 pkts/185 bytes][Goodput ratio: 0/28][0.02 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	33	UDP 10.0.0.151:1900 -> 10.0.0.227:61328 [proto: 12/SSDP][Stack: SSDP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 12/SSDP, Confidence: DPI][DPI packets: 1][cat: System/18][Breed: Acceptable][1 pkts/353 bytes -> 0 pkts/0 bytes][Goodput ratio: 88/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (HTTP/1.1 200 OK)][Plen Bins: 0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	34	TCP 10.0.0.227:56910 <-> 35.201.124.9:443 [proto: 91/TLS][Stack: TLS][IP: 284/GoogleCloud][Encrypted][Confidence: DPI][FPC: 91/TLS, Confidence: DPI][DPI packets: 3][cat: Web/5][Breed: Safe][2 pkts/170 bytes <-> 2 pkts/164 bytes][Goodput ratio: 22/19][0.05 sec][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	35	UDP 10.0.0.227:62427 <-> 75.75.75.75:53 [proto: 5/DNS][Stack: DNS][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 5/DNS, Confidence: DPI][DPI packets: 2][cat: Network/14][Breed: Acceptable][1 pkts/84 bytes <-> 1 pkts/242 bytes][Goodput ratio: 49/82][0.02 sec][Hostname/SNI: detectportal.firefox.com][184.25.56.82][DNS Id: 0xed16][PLAIN TEXT (detectportal)][Plen Bins: 0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/apple_push.pcap.out
+++ b/tests/cfgs/default/result/apple_push.pcap.out
@ -0,0 +1,41 @@
+DPI Packets (TCP):	8	(8.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 161 (161.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/1/0 (insert/search/found)
+Automa host:          1/1 (search/found)
+Automa domain:        1/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     1/0 (search/found)
+Automa common alpns:  2/2 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   1/1 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+Hash malicious ja4:        1/0 (search/found)
+Hash malicious sha1:       0/0 (search/found)
+Hash TCP fingerprints:     1/1 (search/found)
+Hash public domain suffix: 0/0 (search/found)
+Hash ja4 custom protos:    1/0 (search/found)
+Hash fp custom protos:     1/0 (search/found)
+Hash url custom protos:    0/0 (search/found)
+
+ApplePush	18	8562	1
+
+Safe                            18 8562          1            
+
+Cloud                           18 8562          1            
+
+JA Host Stats: 
+		 IP Address                  	 # JA4C     
+	1	 192.168.1.119            	 1      
+
+
+	1	TCP 192.168.1.119:55576 <-> 17.57.144.120:5223 [proto: 91.238/TLS.ApplePush][Stack: TLS.ApplePush][IP: 238/ApplePush][Encrypted][Confidence: DPI][FPC: 238/ApplePush, Confidence: IP address][DPI packets: 8][cat: Cloud/13][Breed: Safe][11 pkts/6260 bytes <-> 7 pkts/2302 bytes][Goodput ratio: 88/80][0.06 sec][Hostname/SNI: courier.push.apple.com][(Advertised) ALPNs: apns-security-v3;apns-pack-v1][TLS Supported Versions: GREASE;TLSv1.3][bytes ratio: 0.462 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/3 14/13 6/5][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 569/329 1514/1266 644/427][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 443][nDPI Fingerprint: f041b4353f50221998e9259656bac032][TCP Fingerprint: 194_64_65535_d29295416479/macOS][TLSv1.2][JA4: t13d0310a3_55b375c5d22e_8c1ace4dc65b][Safari][Plen Bins: 0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,11,0,0,0,0,0,0,11,22,0,0]
--- a/tests/cfgs/default/result/atg.pcap.out
+++ b/tests/cfgs/default/result/atg.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	5	(2.50 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 304 (152.00 diss/flow)
+Num dissector calls: 302 (151.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/avast.pcap.out
+++ b/tests/cfgs/default/result/avast.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	40	(4.00 pkts/flow)
 Confidence DPI              : 10 (flows)
-Num dissector calls: 1040 (104.00 diss/flow)
+Num dissector calls: 1030 (103.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/bfcp.pcapng.out
+++ b/tests/cfgs/default/result/bfcp.pcapng.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	4	(4.00 pkts/flow)
 DPI Packets (UDP):	2	(1.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 420 (140.00 diss/flow)
+Num dissector calls: 419 (139.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/bittorrent.pcap.out
+++ b/tests/cfgs/default/result/bittorrent.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	24	(1.00 pkts/flow)
 Confidence DPI              : 24 (flows)
-Num dissector calls: 1696 (70.67 diss/flow)
+Num dissector calls: 1674 (69.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 120/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out
+++ b/tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	10	(10.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 229 (229.00 diss/flow)
+Num dissector calls: 228 (228.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 5/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/blizzard.pcap.out
+++ b/tests/cfgs/default/result/blizzard.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	22	(4.40 pkts/flow)
 DPI Packets (UDP):	4	(1.00 pkts/flow)
 Confidence DPI              : 9 (flows)
-Num dissector calls: 173 (19.22 diss/flow)
+Num dissector calls: 172 (19.11 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/cassandra.pcap.out
+++ b/tests/cfgs/default/result/cassandra.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	16	(5.33 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 325 (108.33 diss/flow)
+Num dissector calls: 323 (107.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/cloudflare-warp.pcap.out
+++ b/tests/cfgs/default/result/cloudflare-warp.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 6 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 350 (38.89 diss/flow)
+Num dissector calls: 349 (38.78 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/coap_mqtt.pcap.out
+++ b/tests/cfgs/default/result/coap_mqtt.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	7	(1.75 pkts/flow)
 DPI Packets (UDP):	12	(1.00 pkts/flow)
 Confidence DPI              : 16 (flows)
-Num dissector calls: 280 (17.50 diss/flow)
+Num dissector calls: 276 (17.25 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/codm.pcap.out
+++ b/tests/cfgs/default/result/codm.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	7	(7.00 pkts/flow)
 DPI Packets (UDP):	5	(2.50 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 486 (162.00 diss/flow)
+Num dissector calls: 485 (161.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/custom_categories.pcapng.out
+++ b/tests/cfgs/default/result/custom_categories.pcapng.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	27	(13.50 pkts/flow)
 DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 322 (107.33 diss/flow)
+Num dissector calls: 320 (106.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dingtalk.pcap.out
+++ b/tests/cfgs/default/result/dingtalk.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	11	(5.50 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 317 (158.50 diss/flow)
+Num dissector calls: 315 (157.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dlms.pcap.out
+++ b/tests/cfgs/default/result/dlms.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	4	(4.00 pkts/flow)
 DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 250 (125.00 diss/flow)
+Num dissector calls: 249 (124.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dofus.pcap.out
+++ b/tests/cfgs/default/result/dofus.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	32	(6.40 pkts/flow)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 413 (82.60 diss/flow)
+Num dissector calls: 411 (82.20 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/drda_db2.pcap.out
+++ b/tests/cfgs/default/result/drda_db2.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	4	(4.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 70 (70.00 diss/flow)
+Num dissector calls: 69 (69.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/elasticsearch.pcap.out
+++ b/tests/cfgs/default/result/elasticsearch.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	16	(2.29 pkts/flow)
 Confidence DPI              : 7 (flows)
-Num dissector calls: 763 (109.00 diss/flow)
+Num dissector calls: 756 (108.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/elf.pcap.out
+++ b/tests/cfgs/default/result/elf.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	10	(10.00 pkts/flow)
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
-Num dissector calls: 348 (174.00 diss/flow)
+Num dissector calls: 347 (173.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/emotet.pcap.out
+++ b/tests/cfgs/default/result/emotet.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	48	(8.00 pkts/flow)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 223 (37.17 diss/flow)
+Num dissector calls: 222 (37.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/false_positives.pcapng.out
+++ b/tests/cfgs/default/result/false_positives.pcapng.out
@ -2,7 +2,7 @@ DPI Packets (TCP):	16	(5.33 pkts/flow)
 DPI Packets (UDP):	66	(7.33 pkts/flow)
 Confidence Unknown          : 4 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 1750 (145.83 diss/flow)
+Num dissector calls: 1749 (145.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/false_positives2.pcapng.out
+++ b/tests/cfgs/default/result/false_positives2.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	61	(20.33 pkts/flow)
 Confidence Unknown          : 3 (flows)
-Num dissector calls: 703 (234.33 diss/flow)
+Num dissector calls: 700 (233.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/fastcgi.pcap.out
+++ b/tests/cfgs/default/result/fastcgi.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 177 (177.00 diss/flow)
+Num dissector calls: 176 (176.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/fix.pcap.out
+++ b/tests/cfgs/default/result/fix.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	12	(1.00 pkts/flow)
 Confidence DPI              : 12 (flows)
-Num dissector calls: 888 (74.00 diss/flow)
+Num dissector calls: 876 (73.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/fix2.pcap.out
+++ b/tests/cfgs/default/result/fix2.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	8	(4.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 146 (73.00 diss/flow)
+Num dissector calls: 144 (72.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ftp-start-tls.pcap.out
+++ b/tests/cfgs/default/result/ftp-start-tls.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	17	(17.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 182 (182.00 diss/flow)
+Num dissector calls: 181 (181.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ftp.pcap.out
+++ b/tests/cfgs/default/result/ftp.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	37	(12.33 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 531 (177.00 diss/flow)
+Num dissector calls: 529 (176.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ftp_failed.pcap.out
+++ b/tests/cfgs/default/result/ftp_failed.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	8	(8.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 179 (179.00 diss/flow)
+Num dissector calls: 178 (178.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Unknown          : 25 (flows)
 Confidence Match by port    : 32 (flows)
 Confidence DPI              : 189 (flows)
-Num dissector calls: 8723 (35.46 diss/flow)
+Num dissector calls: 8710 (35.41 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/174/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out
@ -6,7 +6,7 @@ Confidence Unknown          : 3 (flows)
 Confidence Match by port    : 22 (flows)
 Confidence DPI              : 13 (flows)
 Confidence Match by custom rule: 1 (flows)
-Num dissector calls: 975 (25.00 diss/flow)
+Num dissector calls: 970 (24.87 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/75/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2021-10-13.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 158 (158.00 diss/flow)
+Num dissector calls: 157 (157.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/gaijin_mobile_mixed.pcap.out
+++ b/tests/cfgs/default/result/gaijin_mobile_mixed.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	13	(6.50 pkts/flow)
 DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 164 (54.67 diss/flow)
+Num dissector calls: 163 (54.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/genshin-impact.pcap.out
+++ b/tests/cfgs/default/result/genshin-impact.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	12	(4.00 pkts/flow)
 DPI Packets (UDP):	3	(1.00 pkts/flow)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 435 (72.50 diss/flow)
+Num dissector calls: 432 (72.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/google_ssl.pcap.out
+++ b/tests/cfgs/default/result/google_ssl.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (TCP):	22	(22.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 230 (230.00 diss/flow)
+Num dissector calls: 229 (229.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/haproxy.pcap.out
+++ b/tests/cfgs/default/result/haproxy.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 115 (115.00 diss/flow)
+Num dissector calls: 114 (114.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/hl7.pcap.out
+++ b/tests/cfgs/default/result/hl7.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	18	(6.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 396 (132.00 diss/flow)
+Num dissector calls: 393 (131.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/hpvirtgrp.pcap.out
+++ b/tests/cfgs/default/result/hpvirtgrp.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	37	(4.11 pkts/flow)
 Confidence DPI              : 9 (flows)
-Num dissector calls: 837 (93.00 diss/flow)
+Num dissector calls: 828 (92.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/http2.pcapng.out
+++ b/tests/cfgs/default/result/http2.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 114 (114.00 diss/flow)
+Num dissector calls: 113 (113.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out
+++ b/tests/cfgs/default/result/http_guessed_host_and_guessed.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 161 (161.00 diss/flow)
+Num dissector calls: 160 (160.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/imap-starttls.pcap.out
+++ b/tests/cfgs/default/result/imap-starttls.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	19	(19.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 221 (221.00 diss/flow)
+Num dissector calls: 220 (220.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/imap.pcap.out
+++ b/tests/cfgs/default/result/imap.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	11	(11.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 221 (221.00 diss/flow)
+Num dissector calls: 220 (220.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/instagram.pcap.out
+++ b/tests/cfgs/default/result/instagram.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 7 (flows)
 Confidence DPI              : 30 (flows)
-Num dissector calls: 1278 (33.63 diss/flow)
+Num dissector calls: 1274 (33.53 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/irc.pcap.out
+++ b/tests/cfgs/default/result/irc.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	7	(7.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 186 (186.00 diss/flow)
+Num dissector calls: 185 (185.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/iso9506-1-mms.pcap.out
+++ b/tests/cfgs/default/result/iso9506-1-mms.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	7	(7.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 197 (197.00 diss/flow)
+Num dissector calls: 196 (196.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ja4.pcapng.out
+++ b/tests/cfgs/default/result/ja4.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	48	(8.00 pkts/flow)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 972 (162.00 diss/flow)
+Num dissector calls: 966 (161.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/jabber.pcap.out
+++ b/tests/cfgs/default/result/jabber.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	74	(6.17 pkts/flow)
 Confidence DPI              : 12 (flows)
-Num dissector calls: 1711 (142.58 diss/flow)
+Num dissector calls: 1702 (141.83 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/json.pcapng.out
+++ b/tests/cfgs/default/result/json.pcapng.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	132	(4.40 pkts/flow)
 DPI Packets (UDP):	4	(1.00 pkts/flow)
 Confidence DPI              : 34 (flows)
-Num dissector calls: 5118 (150.53 diss/flow)
+Num dissector calls: 5090 (149.71 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/jsonrpc.pcap.out
+++ b/tests/cfgs/default/result/jsonrpc.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	10	(5.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 145 (72.50 diss/flow)
+Num dissector calls: 144 (72.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/kafka.pcapng.out
+++ b/tests/cfgs/default/result/kafka.pcapng.out
@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	16	(1.78 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 221 (24.56 diss/flow)
+Num dissector calls: 220 (24.44 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/kerberos.pcap.out
+++ b/tests/cfgs/default/result/kerberos.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	77	(2.14 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 23 (flows)
 Confidence DPI              : 11 (flows)
-Num dissector calls: 4610 (128.06 diss/flow)
+Num dissector calls: 4585 (127.36 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/75/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/kismet.pcap.out
+++ b/tests/cfgs/default/result/kismet.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	4	(4.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 106 (106.00 diss/flow)
+Num dissector calls: 105 (105.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/lisp_registration.pcap.out
+++ b/tests/cfgs/default/result/lisp_registration.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	8	(4.00 pkts/flow)
 DPI Packets (UDP):	2	(1.00 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 164 (41.00 diss/flow)
+Num dissector calls: 162 (40.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out
+++ b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	54	(7.71 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 341 (48.71 diss/flow)
+Num dissector calls: 340 (48.57 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/lustre.pcapng.out
+++ b/tests/cfgs/default/result/lustre.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	5	(2.50 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 308 (154.00 diss/flow)
+Num dissector calls: 306 (153.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/melsec.pcapng.out
+++ b/tests/cfgs/default/result/melsec.pcapng.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 DPI Packets (UDP):	2	(1.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 481 (160.33 diss/flow)
+Num dissector calls: 480 (160.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/memcached.cap.out
+++ b/tests/cfgs/default/result/memcached.cap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 162 (162.00 diss/flow)
+Num dissector calls: 161 (161.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/monero.pcap.out
+++ b/tests/cfgs/default/result/monero.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	16	(4.00 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 500 (125.00 diss/flow)
+Num dissector calls: 496 (124.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/mongo_false_positive.pcapng.out
+++ b/tests/cfgs/default/result/mongo_false_positive.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (TCP):	13	(13.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 257 (257.00 diss/flow)
+Num dissector calls: 256 (256.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/mongodb.pcap.out
+++ b/tests/cfgs/default/result/mongodb.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	27	(3.38 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 96 (12.00 diss/flow)
+Num dissector calls: 95 (11.88 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/msgpack.pcap.out
+++ b/tests/cfgs/default/result/msgpack.pcap.out
@ -2,7 +2,7 @@ DPI Packets (TCP):	19	(4.75 pkts/flow)
 DPI Packets (UDP):	12	(1.71 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence DPI              : 10 (flows)
-Num dissector calls: 1660 (150.91 diss/flow)
+Num dissector calls: 1657 (150.64 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/mssql_tds.pcap.out
+++ b/tests/cfgs/default/result/mssql_tds.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	18	(1.50 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 11 (flows)
-Num dissector calls: 258 (21.50 diss/flow)
+Num dissector calls: 257 (21.42 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/naver.pcap.out
+++ b/tests/cfgs/default/result/naver.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	22	(7.33 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 486 (162.00 diss/flow)
+Num dissector calls: 483 (161.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/nest_log_sink.pcap.out
+++ b/tests/cfgs/default/result/nest_log_sink.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	129	(9.92 pkts/flow)
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 13 (flows)
-Num dissector calls: 2197 (156.93 diss/flow)
+Num dissector calls: 2185 (156.07 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/netbios.pcap.out
+++ b/tests/cfgs/default/result/netbios.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	3	(1.50 pkts/flow)
 DPI Packets (UDP):	14	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 15 (flows)
-Num dissector calls: 176 (11.00 diss/flow)
+Num dissector calls: 175 (10.94 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/nntp.pcap.out
+++ b/tests/cfgs/default/result/nntp.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 168 (168.00 diss/flow)
+Num dissector calls: 167 (167.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/nordvpn.pcap.out
+++ b/tests/cfgs/default/result/nordvpn.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	11	(5.50 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 2 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 600 (150.00 diss/flow)
+Num dissector calls: 599 (149.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ookla.pcap.out
+++ b/tests/cfgs/default/result/ookla.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	40	(6.67 pkts/flow)
 Confidence DPI (partial cache): 1 (flows)
 Confidence DPI              : 4 (flows)
 Confidence DPI (aggressive) : 1 (flows)
-Num dissector calls: 578 (96.33 diss/flow)
+Num dissector calls: 575 (95.83 diss/flow)
 LRU cache ookla:      4/2/2 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/openvpn.pcap.out
+++ b/tests/cfgs/default/result/openvpn.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	24	(8.00 pkts/flow)
 DPI Packets (UDP):	24	(3.43 pkts/flow)
 Confidence DPI              : 10 (flows)
-Num dissector calls: 1795 (179.50 diss/flow)
+Num dissector calls: 1792 (179.20 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out
+++ b/tests/cfgs/default/result/openvpn_nohmac_tcp.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 162 (162.00 diss/flow)
+Num dissector calls: 161 (161.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/openvpn_obfuscated.pcapng.out
+++ b/tests/cfgs/default/result/openvpn_obfuscated.pcapng.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	34	(17.00 pkts/flow)
 DPI Packets (UDP):	9	(9.00 pkts/flow)
 Confidence Match by port    : 2 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 687 (229.00 diss/flow)
+Num dissector calls: 685 (228.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	9	(2.25 pkts/flow)
 Confidence Unknown          : 5 (flows)
 Confidence Match by port    : 4 (flows)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 1679 (167.90 diss/flow)
+Num dissector calls: 1673 (167.30 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/27/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	38	(6.33 pkts/flow)
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 7 (flows)
-Num dissector calls: 1072 (134.00 diss/flow)
+Num dissector calls: 1068 (133.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/paltalk.pcapng.out
+++ b/tests/cfgs/default/result/paltalk.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	17	(4.25 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 326 (81.50 diss/flow)
+Num dissector calls: 324 (81.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/path_of_exile.pcapng.out
+++ b/tests/cfgs/default/result/path_of_exile.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	16	(4.00 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 576 (144.00 diss/flow)
+Num dissector calls: 572 (143.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/pgsql.pcap.out
+++ b/tests/cfgs/default/result/pgsql.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	36	(6.00 pkts/flow)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 972 (162.00 diss/flow)
+Num dissector calls: 966 (161.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/pgsql2.pcapng.out
+++ b/tests/cfgs/default/result/pgsql2.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 165 (165.00 diss/flow)
+Num dissector calls: 164 (164.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/plugin.pcapng.out
+++ b/tests/cfgs/default/result/plugin.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (TCP):	8	(8.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 161 (161.00 diss/flow)
+Num dissector calls: 160 (160.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
--- a/Show more
+++ b/Show more