Remove classification "by-ip" from protocol stack (#1743)

Basically: * "classification by-ip" (i.e. `flow->guessed_protocol_id_by_ip` is NEVER returned in the protocol stack (i.e. `flow->detected_protocol_stack[]`); * if the application is interested into such information, it can access `ndpi_protocol->protocol_by_ip` itself. There are mainly 4 points in the code that set the "classification by-ip" in the protocol stack: the generic `ndpi_set_detected_protocol()`/ `ndpi_detection_giveup()` functions and the HTTP/STUN dissectors. In the unit tests output, a print about `ndpi_protocol->protocol_by_ip` has been added for each flow: the huge diff of this commit is mainly due to that. Strictly speaking, this change is NOT an API/ABI breakage, but there are important differences in the classification results. For examples: * TLS flows without the initial handshake (or without a matching SNI/certificate) are simply classified as `TLS`; * similar for HTTP or QUIC flows; * DNS flows without a matching request domain are simply classified as `DNS`; we don't have `DNS/Google` anymore just because the server is 8.8.8.8 (that was an outrageous behaviour...); * flows previusoly classified only "by-ip" are now classified as `NDPI_PROTOCOL_UNKNOWN`. See #1425 for other examples of why adding the "classification by-ip" in the protocol stack is a bad idea. Please, note that IPV6 is not supported :( (long standing issue in nDPI) i.e. `ndpi_protocol->protocol_by_ip` wil be always `NDPI_PROTOCOL_UNKNOWN` for IPv6 flows. Define `NDPI_CONFIDENCE_MATCH_BY_IP` has been removed. Close #1687
2026-05-03 01:10:17 +00:00 · 2022-09-20 22:24:47 +02:00 · 2022-09-20 22:24:47 +02:00 · a7c2734b38
commit a7c2734b38
parent 174cd739db
379 changed files with 9022 additions and 9061 deletions
--- a/tests/result/targusdataspeed_false_positives.pcap.out
+++ b/tests/result/targusdataspeed_false_positives.pcap.out
@ -21,5 +21,5 @@ Patricia protocols:   8/0 (search/found)

 BitTorrent	4	939	2

-	1	UDP 10.0.2.15:23994 <-> 89.64.45.227:5201 [proto: 37/BitTorrent][ClearText][Confidence: DPI][cat: Download/7][1 pkts/140 bytes <-> 1 pkts/345 bytes][Goodput ratio: 70/88][0.72 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][PLAIN TEXT (target20)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	UDP 10.0.2.15:23994 <-> 79.164.55.123:5001 [proto: 37/BitTorrent][ClearText][Confidence: DPI][cat: Download/7][1 pkts/140 bytes <-> 1 pkts/314 bytes][Goodput ratio: 70/86][0.07 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][PLAIN TEXT (target20)][Plen Bins: 0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP 10.0.2.15:23994 <-> 89.64.45.227:5201 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][1 pkts/140 bytes <-> 1 pkts/345 bytes][Goodput ratio: 70/88][0.72 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][PLAIN TEXT (target20)][Plen Bins: 0,0,0,50,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	UDP 10.0.2.15:23994 <-> 79.164.55.123:5001 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][1 pkts/140 bytes <-> 1 pkts/314 bytes][Goodput ratio: 70/86][0.07 sec][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 6771,51413][PLAIN TEXT (target20)][Plen Bins: 0,0,0,50,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]