Remove classification "by-ip" from protocol stack (#1743)

Basically: * "classification by-ip" (i.e. `flow->guessed_protocol_id_by_ip` is NEVER returned in the protocol stack (i.e. `flow->detected_protocol_stack[]`); * if the application is interested into such information, it can access `ndpi_protocol->protocol_by_ip` itself. There are mainly 4 points in the code that set the "classification by-ip" in the protocol stack: the generic `ndpi_set_detected_protocol()`/ `ndpi_detection_giveup()` functions and the HTTP/STUN dissectors. In the unit tests output, a print about `ndpi_protocol->protocol_by_ip` has been added for each flow: the huge diff of this commit is mainly due to that. Strictly speaking, this change is NOT an API/ABI breakage, but there are important differences in the classification results. For examples: * TLS flows without the initial handshake (or without a matching SNI/certificate) are simply classified as `TLS`; * similar for HTTP or QUIC flows; * DNS flows without a matching request domain are simply classified as `DNS`; we don't have `DNS/Google` anymore just because the server is 8.8.8.8 (that was an outrageous behaviour...); * flows previusoly classified only "by-ip" are now classified as `NDPI_PROTOCOL_UNKNOWN`. See #1425 for other examples of why adding the "classification by-ip" in the protocol stack is a bad idea. Please, note that IPV6 is not supported :( (long standing issue in nDPI) i.e. `ndpi_protocol->protocol_by_ip` wil be always `NDPI_PROTOCOL_UNKNOWN` for IPv6 flows. Define `NDPI_CONFIDENCE_MATCH_BY_IP` has been removed. Close #1687
2026-05-03 01:10:17 +00:00 · 2022-09-20 22:24:47 +02:00 · 2022-09-20 22:24:47 +02:00 · a7c2734b38
commit a7c2734b38
parent 174cd739db
379 changed files with 9022 additions and 9061 deletions
--- a/tests/result/softether.pcap.out
+++ b/tests/result/softether.pcap.out
@ -22,7 +22,7 @@ Patricia protocols:   10/0 (search/found)

 Softether	177	21287	4

-	1	UDP 192.168.2.100:51381 <-> 130.158.6.113:5004 [proto: 290/Softether][Encrypted][Confidence: DPI][cat: VPN/2][60 pkts/6549 bytes <-> 53 pkts/6612 bytes][Goodput ratio: 62/66][15284492.00 sec][Client IP: 90.186.132.133][Client Port: 51381][Hostname: vpn][FQDN: moishele.softether.net][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6779570/3173141 3621430369/3621456266 535184640/578624000][Pkt Len c2s/s2c min/avg/max/stddev: 43/69 109/125 522/370 160/114][PLAIN TEXT (90.186.132.133)][Plen Bins: 84,0,0,1,0,0,0,0,1,0,7,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 192.168.2.100:51381 <-> 130.158.6.105:5004 [proto: 290/Softether][Encrypted][Confidence: DPI][cat: VPN/2][16 pkts/2201 bytes <-> 14 pkts/2116 bytes][Goodput ratio: 69/72][238448.62 sec][Client IP: 84.59.132.100][Client Port: 51381][Hostname: vpn][FQDN: moishele.softether.net][bytes ratio: 0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18338798/21672040 238159482/238187129 63456764/68468080][Pkt Len c2s/s2c min/avg/max/stddev: 43/69 138/151 522/368 183/130][PLAIN TEXT (opcode)][Plen Bins: 74,0,0,3,0,0,0,0,3,0,10,0,0,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	UDP 192.168.2.100:51381 <-> 130.158.6.112:5004 [proto: 290/Softether][Encrypted][Confidence: DPI][cat: VPN/2][16 pkts/1167 bytes <-> 14 pkts/1250 bytes][Goodput ratio: 42/53][117087.70 sec][Client IP: 2.207.60.163][Client Port: 51381][bytes ratio: -0.034 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5948/21107 9003169/10639145 116754845/116778948 31105232/33564352][Pkt Len c2s/s2c min/avg/max/stddev: 43/68 73/89 522/366 116/77][PLAIN TEXT (2.207.60.163)][Plen Bins: 93,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	TCP 192.168.2.100:37504 <-> 130.158.75.45:80 [proto: 7.290/HTTP.Softether][ClearText][Confidence: DPI][cat: VPN/2][3 pkts/1318 bytes <-> 1 pkts/74 bytes][Goodput ratio: 84/0][0.26 sec][Hostname/SNI: x0.x0.dev.open.servers.ddns.softether-network.net][URL: x0.x0.dev.open.servers.ddns.softether-network.net/ddns/ddns.aspx?v=9291257684825389030][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0][PLAIN TEXT (POST /ddns/ddns.asp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 192.168.2.100:51381 <-> 130.158.6.113:5004 [proto: 290/Softether][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][60 pkts/6549 bytes <-> 53 pkts/6612 bytes][Goodput ratio: 62/66][15284492.00 sec][Client IP: 90.186.132.133][Client Port: 51381][Hostname: vpn][FQDN: moishele.softether.net][bytes ratio: -0.005 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 6779570/3173141 3621430369/3621456266 535184640/578624000][Pkt Len c2s/s2c min/avg/max/stddev: 43/69 109/125 522/370 160/114][PLAIN TEXT (90.186.132.133)][Plen Bins: 84,0,0,1,0,0,0,0,1,0,7,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 192.168.2.100:51381 <-> 130.158.6.105:5004 [proto: 290/Softether][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][16 pkts/2201 bytes <-> 14 pkts/2116 bytes][Goodput ratio: 69/72][238448.62 sec][Client IP: 84.59.132.100][Client Port: 51381][Hostname: vpn][FQDN: moishele.softether.net][bytes ratio: 0.020 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 18338798/21672040 238159482/238187129 63456764/68468080][Pkt Len c2s/s2c min/avg/max/stddev: 43/69 138/151 522/368 183/130][PLAIN TEXT (opcode)][Plen Bins: 74,0,0,3,0,0,0,0,3,0,10,0,0,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	UDP 192.168.2.100:51381 <-> 130.158.6.112:5004 [proto: 290/Softether][IP: 0/Unknown][Encrypted][Confidence: DPI][cat: VPN/2][16 pkts/1167 bytes <-> 14 pkts/1250 bytes][Goodput ratio: 42/53][117087.70 sec][Client IP: 2.207.60.163][Client Port: 51381][bytes ratio: -0.034 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 5948/21107 9003169/10639145 116754845/116778948 31105232/33564352][Pkt Len c2s/s2c min/avg/max/stddev: 43/68 73/89 522/366 116/77][PLAIN TEXT (2.207.60.163)][Plen Bins: 93,0,0,0,0,0,0,0,0,0,3,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 192.168.2.100:37504 <-> 130.158.75.45:80 [proto: 7.290/HTTP.Softether][IP: 0/Unknown][ClearText][Confidence: DPI][cat: VPN/2][3 pkts/1318 bytes <-> 1 pkts/74 bytes][Goodput ratio: 84/0][0.26 sec][Hostname/SNI: x0.x0.dev.open.servers.ddns.softether-network.net][URL: x0.x0.dev.open.servers.ddns.softether-network.net/ddns/ddns.aspx?v=9291257684825389030][StatusCode: 0][Req Content-Type: application/x-www-form-urlencoded][User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0][PLAIN TEXT (POST /ddns/ddns.asp)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0]