Add FLUTE protocol dissector (#2351)

* Add FLUTE protocol dissector * Add flute.c to MSVC project
2026-05-02 00:40:17 +00:00 · 2024-03-19 11:11:04 +03:00 · 2024-03-19 11:11:04 +03:00 · e6474d835f
commit e6474d835f
parent 15f61e7abe
85 changed files with 202 additions and 78 deletions
--- a/tests/cfgs/default/pcap/flute.pcapng
+++ b/tests/cfgs/default/pcap/flute.pcapng
--- a/tests/cfgs/default/result/1kxun.pcap.out
+++ b/tests/cfgs/default/result/1kxun.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	120	(1.21 pkts/flow)
 Confidence Unknown          : 14 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 177 (flows)
-Num dissector calls: 5024 (25.50 diss/flow)
+Num dissector calls: 5038 (25.57 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/60/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/4in4tunnel.pcap.out
+++ b/tests/cfgs/default/result/4in4tunnel.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	5	(5.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 194 (194.00 diss/flow)
+Num dissector calls: 195 (195.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/6in6tunnel.pcap.out
+++ b/tests/cfgs/default/result/6in6tunnel.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 149 (149.00 diss/flow)
+Num dissector calls: 150 (150.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/EAQ.pcap.out
+++ b/tests/cfgs/default/result/EAQ.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	12	(6.00 pkts/flow)
 DPI Packets (UDP):	116	(4.00 pkts/flow)
 Confidence DPI              : 31 (flows)
-Num dissector calls: 5010 (161.61 diss/flow)
+Num dissector calls: 5039 (162.55 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	7	(1.40 pkts/flow)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 158 (31.60 diss/flow)
+Num dissector calls: 159 (31.80 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
+++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	10	(2.00 pkts/flow)
 Confidence Match by port    : 8 (flows)
 Confidence DPI              : 11 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 1224 (61.20 diss/flow)
+Num dissector calls: 1226 (61.30 diss/flow)
 LRU cache ookla:      0/2/0 (insert/search/found)
 LRU cache bittorrent: 0/27/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out
+++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 61 (flows)
-Num dissector calls: 872 (12.64 diss/flow)
+Num dissector calls: 873 (12.65 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/collectd.pcap.out
+++ b/tests/cfgs/default/result/collectd.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	3
 DPI Packets (UDP):	13	(1.62 pkts/flow)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 473 (59.12 diss/flow)
+Num dissector calls: 476 (59.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out
+++ b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out
@ -1,7 +1,7 @@
 DPI Packets (UDP):	7	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by custom rule: 6 (flows)
-Num dissector calls: 133 (19.00 diss/flow)
+Num dissector calls: 134 (19.14 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
+++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
@ -27,6 +27,6 @@ CustomProtocolC	3	222	1

 Acceptable                       8 592           3            

-	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.412/TLS.CustomProtocolA][IP: 412/CustomProtocolA][Encrypted][Confidence: Match by custom rule][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.413/TLS.CustomProtocolA][IP: 413/CustomProtocolA][Encrypted][Confidence: Match by custom rule][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 800/CustomProtocolC][IP: 800/CustomProtocolC][ClearText][Confidence: Match by custom rule][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 413/CustomProtocolB][IP: 413/CustomProtocolB][ClearText][Confidence: Match by custom rule][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 414/CustomProtocolB][IP: 414/CustomProtocolB][ClearText][Confidence: Match by custom rule][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out
+++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 137 (137.00 diss/flow)
+Num dissector calls: 138 (138.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/discord.pcap.out
+++ b/tests/cfgs/default/result/discord.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	5	(5.00 pkts/flow)
 DPI Packets (UDP):	60	(1.82 pkts/flow)
 Confidence DPI              : 34 (flows)
-Num dissector calls: 4669 (137.32 diss/flow)
+Num dissector calls: 4696 (138.12 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/discord_mid_flow.pcap.out
+++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	3	(3.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 168 (168.00 diss/flow)
+Num dissector calls: 169 (169.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	256	(1.04 pkts/flow)
 Confidence DPI              : 245 (flows)
-Num dissector calls: 20372 (83.15 diss/flow)
+Num dissector calls: 20383 (83.20 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/513/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out
+++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	6	(2.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 450 (150.00 diss/flow)
+Num dissector calls: 453 (151.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out
+++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 150 (150.00 diss/flow)
+Num dissector calls: 151 (151.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/epicgames.pcapng.out
+++ b/tests/cfgs/default/result/epicgames.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	12	(3.00 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 682 (170.50 diss/flow)
+Num dissector calls: 686 (171.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/flute.pcapng.out
+++ b/tests/cfgs/default/result/flute.pcapng.out
@ -0,0 +1,28 @@
+DPI Packets (UDP):	1	(1.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 138 (138.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+FLUTE	4	1347	1
+
+Acceptable                       4 1347          1            
+
+	1	UDP 192.168.88.231:40717 -> 238.1.1.95:40085 [proto: 406/FLUTE][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/1347 bytes -> 0 pkts/0 bytes][Goodput ratio: 87/0][4.99 sec][PLAIN TEXT (xml version)][Plen Bins: 25,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Unknown          : 34 (flows)
 Confidence Match by port    : 27 (flows)
 Confidence DPI              : 190 (flows)
-Num dissector calls: 7423 (29.57 diss/flow)
+Num dissector calls: 7461 (29.73 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/189/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out
@ -5,7 +5,7 @@ DPI Packets (other):	7	(1.00 pkts/flow)
 Confidence Unknown          : 19 (flows)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 55 (flows)
-Num dissector calls: 2253 (29.26 diss/flow)
+Num dissector calls: 2269 (29.47 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/66/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/gnutella.pcap.out
+++ b/tests/cfgs/default/result/gnutella.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 389 (flows)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 370 (flows)
-Num dissector calls: 49945 (65.72 diss/flow)
+Num dissector calls: 50254 (66.12 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/1170/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out
+++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out
@ -3,7 +3,7 @@ Guessed flow protos:	2
 DPI Packets (UDP):	7	(2.33 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
-Num dissector calls: 470 (156.67 diss/flow)
+Num dissector calls: 473 (157.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/h323.pcap.out
+++ b/tests/cfgs/default/result/h323.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 139 (69.50 diss/flow)
+Num dissector calls: 140 (70.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/http_ipv6.pcap.out
+++ b/tests/cfgs/default/result/http_ipv6.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	77	(5.92 pkts/flow)
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence Match by port    : 7 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 170 (11.33 diss/flow)
+Num dissector calls: 171 (11.40 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/21/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/imo.pcap.out
+++ b/tests/cfgs/default/result/imo.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	7	(3.50 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 335 (167.50 diss/flow)
+Num dissector calls: 337 (168.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/instagram.pcap.out
+++ b/tests/cfgs/default/result/instagram.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 7 (flows)
 Confidence DPI              : 30 (flows)
-Num dissector calls: 1399 (36.82 diss/flow)
+Num dissector calls: 1400 (36.84 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/iphone.pcap.out
+++ b/tests/cfgs/default/result/iphone.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	55	(1.77 pkts/flow)
 DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 50 (flows)
-Num dissector calls: 365 (7.16 diss/flow)
+Num dissector calls: 366 (7.18 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out
+++ b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out
@ -2,7 +2,7 @@ DPI Packets (UDP):	1	(1.00 pkts/flow)
 DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 134 (67.00 diss/flow)
+Num dissector calls: 135 (67.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/kontiki.pcap.out
+++ b/tests/cfgs/default/result/kontiki.pcap.out
@ -2,7 +2,7 @@ DPI Packets (UDP):	6	(1.50 pkts/flow)
 DPI Packets (other):	4	(1.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 369 (46.12 diss/flow)
+Num dissector calls: 371 (46.38 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out
+++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	13	(13.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 218 (218.00 diss/flow)
+Num dissector calls: 219 (219.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out
+++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out
@ -2,7 +2,7 @@ DPI Packets (TCP):	9	(3.00 pkts/flow)
 DPI Packets (UDP):	30	(3.33 pkts/flow)
 Confidence DPI (cache)      : 4 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 650 (54.17 diss/flow)
+Num dissector calls: 652 (54.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 25/7/2 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/mullvad_wireguard.pcap.out
+++ b/tests/cfgs/default/result/mullvad_wireguard.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	3	(3.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 155 (155.00 diss/flow)
+Num dissector calls: 156 (156.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/mumble.pcapng.out
+++ b/tests/cfgs/default/result/mumble.pcapng.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 309 (103.00 diss/flow)
+Num dissector calls: 311 (103.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/nintendo.pcap.out
+++ b/tests/cfgs/default/result/nintendo.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 15 (flows)
 Confidence Match by IP      : 5 (flows)
-Num dissector calls: 1349 (64.24 diss/flow)
+Num dissector calls: 1354 (64.48 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/18/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out
+++ b/tests/cfgs/default/result/openvpn-tlscrypt.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	4	(4.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 167 (167.00 diss/flow)
+Num dissector calls: 168 (168.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/openvpn.pcap.out
+++ b/tests/cfgs/default/result/openvpn.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	24	(8.00 pkts/flow)
 DPI Packets (UDP):	15	(3.00 pkts/flow)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 1336 (167.00 diss/flow)
+Num dissector calls: 1341 (167.62 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/openvpn_nohmac.pcapng.out
+++ b/tests/cfgs/default/result/openvpn_nohmac.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 138 (138.00 diss/flow)
+Num dissector calls: 139 (139.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out
@ -2,7 +2,7 @@ DPI Packets (TCP):	8	(1.33 pkts/flow)
 DPI Packets (UDP):	9	(2.25 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence DPI              : 9 (flows)
-Num dissector calls: 804 (80.40 diss/flow)
+Num dissector calls: 807 (80.70 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	38	(6.33 pkts/flow)
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 7 (flows)
-Num dissector calls: 1002 (125.25 diss/flow)
+Num dissector calls: 1004 (125.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 151 (151.00 diss/flow)
+Num dissector calls: 152 (152.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/pps.pcap.out
+++ b/tests/cfgs/default/result/pps.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	136	(3.09 pkts/flow)
 Confidence Unknown          : 29 (flows)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 76 (flows)
-Num dissector calls: 6143 (57.41 diss/flow)
+Num dissector calls: 6172 (57.68 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/93/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/protonvpn.pcap.out
+++ b/tests/cfgs/default/result/protonvpn.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	12	(6.00 pkts/flow)
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 151 (50.33 diss/flow)
+Num dissector calls: 152 (50.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/quic.pcap.out
+++ b/tests/cfgs/default/result/quic.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (UDP):	12	(1.20 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 9 (flows)
-Num dissector calls: 234 (23.40 diss/flow)
+Num dissector calls: 235 (23.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/quic_0RTT.pcap.out
+++ b/tests/cfgs/default/result/quic_0RTT.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 212 (106.00 diss/flow)
+Num dissector calls: 213 (106.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/raknet.pcap.out
+++ b/tests/cfgs/default/result/raknet.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	24	(2.00 pkts/flow)
 Confidence DPI              : 12 (flows)
-Num dissector calls: 1535 (127.92 diss/flow)
+Num dissector calls: 1541 (128.42 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/rdp2.pcap.out
+++ b/tests/cfgs/default/result/rdp2.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	8	(2.67 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 448 (149.33 diss/flow)
+Num dissector calls: 451 (150.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/rtp.pcapng.out
+++ b/tests/cfgs/default/result/rtp.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	9	(3.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 476 (158.67 diss/flow)
+Num dissector calls: 479 (159.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/rx.pcap.out
+++ b/tests/cfgs/default/result/rx.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	10	(2.00 pkts/flow)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 750 (150.00 diss/flow)
+Num dissector calls: 755 (151.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/sflow.pcap.out
+++ b/tests/cfgs/default/result/sflow.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 138 (138.00 diss/flow)
+Num dissector calls: 139 (139.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/sip.pcap.out
+++ b/tests/cfgs/default/result/sip.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	6	(1.50 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 211 (52.75 diss/flow)
+Num dissector calls: 212 (53.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/sip_hello.pcapng.out
+++ b/tests/cfgs/default/result/sip_hello.pcapng.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	9	(9.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 203 (203.00 diss/flow)
+Num dissector calls: 204 (204.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/skinny.pcap.out
+++ b/tests/cfgs/default/result/skinny.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	2	(1.00 pkts/flow)
 DPI Packets (UDP):	15	(3.00 pkts/flow)
 Confidence DPI              : 7 (flows)
-Num dissector calls: 772 (110.29 diss/flow)
+Num dissector calls: 777 (111.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/softether.pcap.out
+++ b/tests/cfgs/default/result/softether.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	4	(4.00 pkts/flow)
 DPI Packets (UDP):	31	(10.33 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 417 (104.25 diss/flow)
+Num dissector calls: 419 (104.75 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/starcraft_battle.pcap.out
+++ b/tests/cfgs/default/result/starcraft_battle.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Match by port    : 12 (flows)
 Confidence DPI              : 39 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 1680 (32.31 diss/flow)
+Num dissector calls: 1685 (32.40 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/39/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/synscan.pcap.out
+++ b/tests/cfgs/default/result/synscan.pcap.out
@ -142,7 +142,7 @@ Unrated                       1852 107424        1848
 	46	TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	47	TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	48	TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	49	TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 406/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	49	TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 407/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	50	TCP 172.16.0.8:36050 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	51	TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	52	TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@ -213,7 +213,7 @@ Unrated                       1852 107424        1848
 	117	TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	118	TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	119	TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	120	TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 406/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	120	TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 407/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by custom rule][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	121	TCP 172.16.0.8:36051 -> 64.13.134.52:3300 [proto: 381/Ceph][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: DataTransfer/4][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	122	TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	123	TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/teams.pcap.out
+++ b/tests/cfgs/default/result/teams.pcap.out
@ -7,7 +7,7 @@ Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 1 (flows)
 Confidence DPI (partial)    : 5 (flows)
 Confidence DPI              : 76 (flows)
-Num dissector calls: 540 (6.51 diss/flow)
+Num dissector calls: 541 (6.52 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/teamspeak3.pcap.out
+++ b/tests/cfgs/default/result/teamspeak3.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 219 (109.50 diss/flow)
+Num dissector calls: 220 (110.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/teamviewer.pcap.out
+++ b/tests/cfgs/default/result/teamviewer.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (TCP):	4	(4.00 pkts/flow)
 DPI Packets (UDP):	4	(4.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 179 (89.50 diss/flow)
+Num dissector calls: 180 (90.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/telegram.pcap.out
+++ b/tests/cfgs/default/result/telegram.pcap.out
@ -1,7 +1,7 @@
 DPI Packets (UDP):	82	(1.71 pkts/flow)
 Confidence Unknown          : 3 (flows)
 Confidence DPI              : 45 (flows)
-Num dissector calls: 1589 (33.10 diss/flow)
+Num dissector calls: 1592 (33.17 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/tftp.pcap.out
+++ b/tests/cfgs/default/result/tftp.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	2
 DPI Packets (UDP):	15	(1.67 pkts/flow)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 7 (flows)
-Num dissector calls: 669 (74.33 diss/flow)
+Num dissector calls: 673 (74.78 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/toca-boca.pcap.out
+++ b/tests/cfgs/default/result/toca-boca.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	4
 DPI Packets (UDP):	21	(1.00 pkts/flow)
 Confidence Match by port    : 4 (flows)
 Confidence DPI              : 17 (flows)
-Num dissector calls: 565 (26.90 diss/flow)
+Num dissector calls: 569 (27.10 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/viber.pcap.out
+++ b/tests/cfgs/default/result/viber.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	27	(1.93 pkts/flow)
 DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Match by port    : 4 (flows)
 Confidence DPI              : 25 (flows)
-Num dissector calls: 470 (16.21 diss/flow)
+Num dissector calls: 471 (16.24 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/webex.pcap.out
+++ b/tests/cfgs/default/result/webex.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	14	(7.00 pkts/flow)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 53 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 289 (5.07 diss/flow)
+Num dissector calls: 290 (5.09 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/weibo.pcap.out
+++ b/tests/cfgs/default/result/weibo.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	100	(3.33 pkts/flow)
 DPI Packets (UDP):	43	(3.07 pkts/flow)
 Confidence Match by port    : 21 (flows)
 Confidence DPI              : 23 (flows)
-Num dissector calls: 575 (13.07 diss/flow)
+Num dissector calls: 577 (13.11 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/63/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/wireguard.pcap.out
+++ b/tests/cfgs/default/result/wireguard.pcap.out
@ -1,6 +1,6 @@
 DPI Packets (UDP):	6	(3.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 309 (154.50 diss/flow)
+Num dissector calls: 311 (155.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/zoom.pcap.out
+++ b/tests/cfgs/default/result/zoom.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	40	(2.22 pkts/flow)
 DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 32 (flows)
-Num dissector calls: 1053 (30.97 diss/flow)
+Num dissector calls: 1054 (31.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       8/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/zoom_p2p.pcapng.out
+++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out
@ -4,7 +4,7 @@ DPI Packets (UDP):	52	(5.20 pkts/flow)
 DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence DPI (partial cache): 4 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 866 (72.17 diss/flow)
+Num dissector calls: 870 (72.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)