vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-01 00:19:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fix classification-by-ip in ndpi_detection_giveup (#1981)

Browse source 
Return the "classification-by-ip" as protocol results only if no other
results are available.
In particular, never return something like
"protocol_by_port/protocol_by_ip" (i.e. `NTP/Apple`,
BitTorrent/GoogleCloud`, `Zoom/AWS`) because this kind of classification
is quite confusing, if not plainly wrong.

Notes:
* the information about "classification-by-ip" is always available, so
no information is lost with this change;
* in the unit tests, the previous classifications with confidence
`NDPI_CONFIDENCE_DPI_PARTIAL` were wrong, as noted in #1957
This commit is contained in:
Ivan Nardi 2023-05-17 11:26:25 +02:00 committed by GitHub
parent ace32c9dfe
commit b1bcf1ff60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
34 changed files with 185 additions and 223 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/cfgs/default/result/google_ssl.pcap.out
View file

@ -1,7 +1,7 @@
Guessed flow protos: 1
DPI Packets (TCP): 24 (24.00 pkts/flow)
Confidence DPI (partial) : 1 (flows)
Confidence Match by port : 1 (flows)
Num dissector calls: 181 (181.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/3/0 (insert/search/found)
@ -20,6 +20,6 @@ Patricia risk mask: 2/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia protocols: 1/1 (search/found)
Google 28 9108 1
TLS 28 9108 1
1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91.126/TLS.Google][IP: 126/Google][Encrypted][Confidence: DPI (partial)][DPI packets: 24][cat: Web/5][16 pkts/1512 bytes <-> 12 pkts/7596 bytes][Goodput ratio: 43/91][6.67 sec][bytes ratio: -0.668 (Download)][IAT c2s/s2c min/avg/max/stddev: 76/66 422/544 1185/1213 376/402][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/633 368/1484 87/622][Plen Bins: 8,8,0,8,0,8,0,0,0,25,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]
1 TCP 172.31.3.224:42835 <-> 216.58.212.100:443 [proto: 91/TLS][IP: 126/Google][Encrypted][Confidence: Match by port][DPI packets: 24][cat: Web/5][16 pkts/1512 bytes <-> 12 pkts/7596 bytes][Goodput ratio: 43/91][6.67 sec][bytes ratio: -0.668 (Download)][IAT c2s/s2c min/avg/max/stddev: 76/66 422/544 1185/1213 376/402][Pkt Len c2s/s2c min/avg/max/stddev: 54/60 94/633 368/1484 87/622][Plen Bins: 8,8,0,8,0,8,0,0,0,25,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0]