Add Ether-S-I/O protocol dissector (#2174)

2026-05-02 00:40:17 +00:00 · 2023-11-27 21:04:05 +03:00 · 2023-11-27 21:04:05 +03:00 · ebb1bc2f34
commit ebb1bc2f34
parent 84427b0754
79 changed files with 197 additions and 79 deletions
--- a/tests/cfgs/default/pcap/ethersio.pcap
+++ b/tests/cfgs/default/pcap/ethersio.pcap
--- a/tests/cfgs/default/result/1kxun.pcap.out
+++ b/tests/cfgs/default/result/1kxun.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	120	(1.21 pkts/flow)
 Confidence Unknown          : 14 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 177 (flows)
-Num dissector calls: 4573 (23.21 diss/flow)
+Num dissector calls: 4587 (23.28 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/60/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/4in4tunnel.pcap.out
+++ b/tests/cfgs/default/result/4in4tunnel.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (UDP):	5	(5.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 184 (184.00 diss/flow)
+Num dissector calls: 185 (185.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/6in6tunnel.pcap.out
+++ b/tests/cfgs/default/result/6in6tunnel.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 134 (134.00 diss/flow)
+Num dissector calls: 135 (135.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/EAQ.pcap.out
+++ b/tests/cfgs/default/result/EAQ.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	12	(6.00 pkts/flow)
 DPI Packets (UDP):	116	(4.00 pkts/flow)
 Confidence DPI              : 31 (flows)
-Num dissector calls: 4600 (148.39 diss/flow)
+Num dissector calls: 4629 (149.32 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
+++ b/tests/cfgs/default/result/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	7	(1.40 pkts/flow)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 142 (28.40 diss/flow)
+Num dissector calls: 143 (28.60 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
+++ b/tests/cfgs/default/result/KakaoTalk_talk.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	10	(2.00 pkts/flow)
 Confidence Match by port    : 8 (flows)
 Confidence DPI              : 11 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 1114 (55.70 diss/flow)
+Num dissector calls: 1116 (55.80 diss/flow)
 LRU cache ookla:      0/2/0 (insert/search/found)
 LRU cache bittorrent: 0/27/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/anyconnect-vpn.pcap.out
+++ b/tests/cfgs/default/result/anyconnect-vpn.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 61 (flows)
-Num dissector calls: 849 (12.30 diss/flow)
+Num dissector calls: 850 (12.32 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/collectd.pcap.out
+++ b/tests/cfgs/default/result/collectd.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	3
 DPI Packets (UDP):	13	(1.62 pkts/flow)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 429 (53.62 diss/flow)
+Num dissector calls: 432 (54.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out
+++ b/tests/cfgs/default/result/custom_rules_ipv6.pcapng.out
@ -29,8 +29,8 @@ CustomProtocolF	1	1287	1
 CustomProtocolG	1	318	1
 CustomProtocolH	1	318	1

-	1	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 373/CustomProtocolE][IP: 373/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
-	2	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 374/CustomProtocolF][IP: 374/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
-	3	UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 372/CustomProtocolD][IP: 372/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	UDP [fe80::76ac:b9ff:fe6c:c124]:12717 -> [ff02::1]:64315 [proto: 375/CustomProtocolG][IP: 375/CustomProtocolG][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	UDP [fe80::76ac:b9ff:fe6c:c124]:12718 -> [ff02::1]:26993 [proto: 376/CustomProtocolH][IP: 376/CustomProtocolH][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 374/CustomProtocolE][IP: 374/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+	2	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 375/CustomProtocolF][IP: 375/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+	3	UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 373/CustomProtocolD][IP: 373/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP [fe80::76ac:b9ff:fe6c:c124]:12717 -> [ff02::1]:64315 [proto: 376/CustomProtocolG][IP: 376/CustomProtocolG][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP [fe80::76ac:b9ff:fe6c:c124]:12718 -> [ff02::1]:26993 [proto: 377/CustomProtocolH][IP: 377/CustomProtocolH][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
+++ b/tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out
@ -27,6 +27,6 @@ CustomProtocolA	3	222	1
 CustomProtocolB	2	148	1
 Unknown	3	222	1

-	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.369/TLS.CustomProtocolA][IP: 369/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 371/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 370/CustomProtocolB][IP: 370/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.370/TLS.CustomProtocolA][IP: 370/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 372/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 371/CustomProtocolB][IP: 371/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/dhcp-fuzz.pcapng.out
+++ b/tests/cfgs/default/result/dhcp-fuzz.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (UDP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 119 (119.00 diss/flow)
+Num dissector calls: 120 (120.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/discord.pcap.out
+++ b/tests/cfgs/default/result/discord.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	5	(5.00 pkts/flow)
 DPI Packets (UDP):	60	(1.82 pkts/flow)
 Confidence DPI              : 34 (flows)
-Num dissector calls: 4243 (124.79 diss/flow)
+Num dissector calls: 4270 (125.59 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/discord_mid_flow.pcap.out
+++ b/tests/cfgs/default/result/discord_mid_flow.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	3	(3.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 154 (154.00 diss/flow)
+Num dissector calls: 155 (155.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/tests/cfgs/default/result/dnscrypt-v1-and-resolver-pings.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	256	(1.04 pkts/flow)
 Confidence DPI              : 245 (flows)
-Num dissector calls: 20434 (83.40 diss/flow)
+Num dissector calls: 20445 (83.45 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/513/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dnscrypt-v2.pcap.out
+++ b/tests/cfgs/default/result/dnscrypt-v2.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	6	(2.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 402 (134.00 diss/flow)
+Num dissector calls: 405 (135.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out
+++ b/tests/cfgs/default/result/dnscrypt_skype_false_positive.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 135 (135.00 diss/flow)
+Num dissector calls: 136 (136.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/epicgames.pcapng.out
+++ b/tests/cfgs/default/result/epicgames.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	12	(3.00 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 626 (156.50 diss/flow)
+Num dissector calls: 630 (157.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ethersio.pcap.out
+++ b/tests/cfgs/default/result/ethersio.pcap.out
@ -0,0 +1,28 @@
+Guessed flow protos:	0
+
+DPI Packets (UDP):	1	(1.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 1 (1.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 0/0/0 (insert/search/found)
+LRU cache zoom:       0/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache stun_zoom:  0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   2/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+EtherSIO	36	3226	1
+
+	1	UDP 172.23.2.27:1024 -> 172.23.2.15:6060 [proto: 363/EtherSIO][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][36 pkts/3226 bytes -> 0 pkts/0 bytes][Goodput ratio: 53/0][3.39 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 94/0 100/0 111/0 6/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 90/0 91/0 6/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 5,94,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Unknown          : 34 (flows)
 Confidence Match by port    : 27 (flows)
 Confidence DPI              : 190 (flows)
-Num dissector calls: 6497 (25.88 diss/flow)
+Num dissector calls: 6535 (26.04 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/189/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out
+++ b/tests/cfgs/default/result/fuzz-2020-02-16-11740.pcap.out
@ -5,7 +5,7 @@ DPI Packets (other):	7	(1.00 pkts/flow)
 Confidence Unknown          : 19 (flows)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 55 (flows)
-Num dissector calls: 1965 (25.52 diss/flow)
+Num dissector calls: 1981 (25.73 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/66/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/gnutella.pcap.out
+++ b/tests/cfgs/default/result/gnutella.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 389 (flows)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 370 (flows)
-Num dissector calls: 44997 (59.21 diss/flow)
+Num dissector calls: 45306 (59.61 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/1170/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/gtp_false_positive.pcapng.out
+++ b/tests/cfgs/default/result/gtp_false_positive.pcapng.out
@ -3,7 +3,7 @@ Guessed flow protos:	3
 DPI Packets (UDP):	7	(2.33 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
-Num dissector calls: 426 (142.00 diss/flow)
+Num dissector calls: 429 (143.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/h323.pcap.out
+++ b/tests/cfgs/default/result/h323.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 121 (60.50 diss/flow)
+Num dissector calls: 122 (61.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/http_ipv6.pcap.out
+++ b/tests/cfgs/default/result/http_ipv6.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	77	(5.92 pkts/flow)
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence Match by port    : 7 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 157 (10.47 diss/flow)
+Num dissector calls: 158 (10.53 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/21/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/imo.pcap.out
+++ b/tests/cfgs/default/result/imo.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	7	(3.50 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 307 (153.50 diss/flow)
+Num dissector calls: 309 (154.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/instagram.pcap.out
+++ b/tests/cfgs/default/result/instagram.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 7 (flows)
 Confidence DPI              : 30 (flows)
-Num dissector calls: 1355 (35.66 diss/flow)
+Num dissector calls: 1356 (35.68 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/iphone.pcap.out
+++ b/tests/cfgs/default/result/iphone.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	55	(1.77 pkts/flow)
 DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 50 (flows)
-Num dissector calls: 348 (6.82 diss/flow)
+Num dissector calls: 349 (6.84 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ipv6_in_gtp.pcap.out
+++ b/tests/cfgs/default/result/ipv6_in_gtp.pcap.out
@ -4,7 +4,7 @@ DPI Packets (UDP):	1	(1.00 pkts/flow)
 DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 116 (58.00 diss/flow)
+Num dissector calls: 117 (58.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/kontiki.pcap.out
+++ b/tests/cfgs/default/result/kontiki.pcap.out
@ -4,7 +4,7 @@ DPI Packets (UDP):	6	(1.50 pkts/flow)
 DPI Packets (other):	4	(1.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 337 (42.12 diss/flow)
+Num dissector calls: 339 (42.38 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/linecall_falsepositve.pcap.out
+++ b/tests/cfgs/default/result/linecall_falsepositve.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (UDP):	13	(13.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 210 (210.00 diss/flow)
+Num dissector calls: 211 (211.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out
+++ b/tests/cfgs/default/result/lru_ipv6_caches.pcapng.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	9	(3.00 pkts/flow)
 DPI Packets (UDP):	36	(4.00 pkts/flow)
 Confidence DPI (cache)      : 6 (flows)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 773 (64.42 diss/flow)
+Num dissector calls: 776 (64.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 25/12/4 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/mullvad_wireguard.pcap.out
+++ b/tests/cfgs/default/result/mullvad_wireguard.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	3	(3.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 139 (139.00 diss/flow)
+Num dissector calls: 140 (140.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/nintendo.pcap.out
+++ b/tests/cfgs/default/result/nintendo.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 15 (flows)
 Confidence Match by IP      : 5 (flows)
-Num dissector calls: 1286 (61.24 diss/flow)
+Num dissector calls: 1291 (61.48 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/18/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/openvpn.pcap.out
+++ b/tests/cfgs/default/result/openvpn.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 DPI Packets (UDP):	5	(2.50 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 419 (139.67 diss/flow)
+Num dissector calls: 421 (140.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_1.pcapng.out
@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	8	(1.33 pkts/flow)
 DPI Packets (UDP):	9	(2.25 pkts/flow)
 Confidence DPI              : 10 (flows)
-Num dissector calls: 711 (71.10 diss/flow)
+Num dissector calls: 714 (71.40 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_2.pcapng.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	18	(6.00 pkts/flow)
 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 651 (130.20 diss/flow)
+Num dissector calls: 653 (130.60 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out
+++ b/tests/cfgs/default/result/ossfuzz_seed_fake_traces_4.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 136 (136.00 diss/flow)
+Num dissector calls: 137 (137.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/pps.pcap.out
+++ b/tests/cfgs/default/result/pps.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	136	(3.09 pkts/flow)
 Confidence Unknown          : 29 (flows)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 76 (flows)
-Num dissector calls: 5649 (52.79 diss/flow)
+Num dissector calls: 5678 (53.07 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/93/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/protonvpn.pcap.out
+++ b/tests/cfgs/default/result/protonvpn.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	12	(6.00 pkts/flow)
 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 135 (45.00 diss/flow)
+Num dissector calls: 136 (45.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/quic.pcap.out
+++ b/tests/cfgs/default/result/quic.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (UDP):	12	(1.20 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 9 (flows)
-Num dissector calls: 221 (22.10 diss/flow)
+Num dissector calls: 222 (22.20 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/quic_0RTT.pcap.out
+++ b/tests/cfgs/default/result/quic_0RTT.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 196 (98.00 diss/flow)
+Num dissector calls: 197 (98.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/radius_false_positive.pcapng.out
+++ b/tests/cfgs/default/result/radius_false_positive.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	1

 DPI Packets (UDP):	10	(10.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 202 (202.00 diss/flow)
+Num dissector calls: 203 (203.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/raknet.pcap.out
+++ b/tests/cfgs/default/result/raknet.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	24	(2.00 pkts/flow)
 Confidence DPI              : 12 (flows)
-Num dissector calls: 1461 (121.75 diss/flow)
+Num dissector calls: 1467 (122.25 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/rdp2.pcap.out
+++ b/tests/cfgs/default/result/rdp2.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	8	(2.67 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 397 (132.33 diss/flow)
+Num dissector calls: 400 (133.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/rtp.pcapng.out
+++ b/tests/cfgs/default/result/rtp.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	9	(3.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 432 (144.00 diss/flow)
+Num dissector calls: 435 (145.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/rx.pcap.out
+++ b/tests/cfgs/default/result/rx.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	10	(2.00 pkts/flow)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 667 (133.40 diss/flow)
+Num dissector calls: 672 (134.40 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/sflow.pcap.out
+++ b/tests/cfgs/default/result/sflow.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	2	(2.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 120 (120.00 diss/flow)
+Num dissector calls: 121 (121.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/sip.pcap.out
+++ b/tests/cfgs/default/result/sip.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	6	(1.50 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 195 (48.75 diss/flow)
+Num dissector calls: 196 (49.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/sip_hello.pcapng.out
+++ b/tests/cfgs/default/result/sip_hello.pcapng.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	9	(9.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 200 (200.00 diss/flow)
+Num dissector calls: 201 (201.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/skinny.pcap.out
+++ b/tests/cfgs/default/result/skinny.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	3	(1.00 pkts/flow)
 DPI Packets (UDP):	15	(3.00 pkts/flow)
 DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence DPI              : 9 (flows)
-Num dissector calls: 694 (77.11 diss/flow)
+Num dissector calls: 699 (77.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/skype_udp.pcap.out
+++ b/tests/cfgs/default/result/skype_udp.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	4	(4.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 173 (173.00 diss/flow)
+Num dissector calls: 174 (174.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/softether.pcap.out
+++ b/tests/cfgs/default/result/softether.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	4	(4.00 pkts/flow)
 DPI Packets (UDP):	31	(10.33 pkts/flow)
 Confidence DPI              : 4 (flows)
-Num dissector calls: 386 (96.50 diss/flow)
+Num dissector calls: 388 (97.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/starcraft_battle.pcap.out
+++ b/tests/cfgs/default/result/starcraft_battle.pcap.out
@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Match by port    : 12 (flows)
 Confidence DPI              : 39 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 1515 (29.13 diss/flow)
+Num dissector calls: 1520 (29.23 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/39/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/synscan.pcap.out
+++ b/tests/cfgs/default/result/synscan.pcap.out
@ -129,7 +129,7 @@ iSCSI	2	116	2
 	45	TCP 172.16.0.8:36050 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	46	TCP 172.16.0.8:36050 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	47	TCP 172.16.0.8:36050 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	48	TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 363/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	48	TCP 172.16.0.8:36050 -> 64.13.134.52:3260 [proto: 364/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	49	TCP 172.16.0.8:36050 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	50	TCP 172.16.0.8:36050 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	51	TCP 172.16.0.8:36050 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
@ -194,7 +194,7 @@ iSCSI	2	116	2
 	110	TCP 172.16.0.8:36051 -> 64.13.134.52:2605 [proto: 13/BGP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	111	TCP 172.16.0.8:36051 -> 64.13.134.52:3000 [proto: 26/ntop][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	112	TCP 172.16.0.8:36051 -> 64.13.134.52:3128 [proto: 131/HTTP_Proxy][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Web/5][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	113	TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 363/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	113	TCP 172.16.0.8:36051 -> 64.13.134.52:3260 [proto: 364/iSCSI][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	114	TCP 172.16.0.8:36051 -> 64.13.134.52:3306 [proto: 20/MySQL][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Database/11][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	115	TCP 172.16.0.8:36051 -> 64.13.134.52:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: RemoteAccess/12][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Desktop/File Sharing **** Unidirectional Traffic **][Risk Score: 20][Risk Info: No server to client traffic / Found RDP][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
 	116	TCP 172.16.0.8:36051 -> 64.13.134.52:4343 [proto: 170/Whois-DAS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 1][cat: Network/14][1 pkts/58 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
--- a/tests/cfgs/default/result/teams.pcap.out
+++ b/tests/cfgs/default/result/teams.pcap.out
@ -7,7 +7,7 @@ Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
 Confidence DPI (partial)    : 4 (flows)
 Confidence DPI              : 76 (flows)
-Num dissector calls: 512 (6.17 diss/flow)
+Num dissector calls: 513 (6.18 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/teamspeak3.pcap.out
+++ b/tests/cfgs/default/result/teamspeak3.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	4	(2.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 206 (103.00 diss/flow)
+Num dissector calls: 207 (103.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/teamviewer.pcap.out
+++ b/tests/cfgs/default/result/teamviewer.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	0
 DPI Packets (TCP):	4	(4.00 pkts/flow)
 DPI Packets (UDP):	4	(4.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 163 (81.50 diss/flow)
+Num dissector calls: 164 (82.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/telegram.pcap.out
+++ b/tests/cfgs/default/result/telegram.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	5
 DPI Packets (UDP):	81	(1.69 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence DPI              : 46 (flows)
-Num dissector calls: 1465 (30.52 diss/flow)
+Num dissector calls: 1467 (30.56 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/tftp.pcap.out
+++ b/tests/cfgs/default/result/tftp.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	2
 DPI Packets (UDP):	15	(1.67 pkts/flow)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 7 (flows)
-Num dissector calls: 608 (67.56 diss/flow)
+Num dissector calls: 612 (68.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/6/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/toca-boca.pcap.out
+++ b/tests/cfgs/default/result/toca-boca.pcap.out
@ -3,7 +3,7 @@ Guessed flow protos:	4
 DPI Packets (UDP):	21	(1.00 pkts/flow)
 Confidence Match by port    : 4 (flows)
 Confidence DPI              : 17 (flows)
-Num dissector calls: 493 (23.48 diss/flow)
+Num dissector calls: 497 (23.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/viber.pcap.out
+++ b/tests/cfgs/default/result/viber.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	27	(1.93 pkts/flow)
 DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence Match by port    : 4 (flows)
 Confidence DPI              : 25 (flows)
-Num dissector calls: 451 (15.55 diss/flow)
+Num dissector calls: 452 (15.59 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/webex.pcap.out
+++ b/tests/cfgs/default/result/webex.pcap.out
@ -5,7 +5,7 @@ DPI Packets (UDP):	14	(7.00 pkts/flow)
 Confidence Match by port    : 3 (flows)
 Confidence DPI              : 53 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 281 (4.93 diss/flow)
+Num dissector calls: 282 (4.95 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/weibo.pcap.out
+++ b/tests/cfgs/default/result/weibo.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	100	(3.33 pkts/flow)
 DPI Packets (UDP):	43	(3.07 pkts/flow)
 Confidence Match by port    : 21 (flows)
 Confidence DPI              : 23 (flows)
-Num dissector calls: 544 (12.36 diss/flow)
+Num dissector calls: 546 (12.41 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/63/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/wireguard.pcap.out
+++ b/tests/cfgs/default/result/wireguard.pcap.out
@ -2,7 +2,7 @@ Guessed flow protos:	0

 DPI Packets (UDP):	6	(3.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 277 (138.50 diss/flow)
+Num dissector calls: 279 (139.50 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/zoom2.pcap.out
+++ b/tests/cfgs/default/result/zoom2.pcap.out
@ -4,7 +4,7 @@ DPI Packets (TCP):	8	(8.00 pkts/flow)
 DPI Packets (UDP):	15	(5.00 pkts/flow)
 DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 515 (103.00 diss/flow)
+Num dissector calls: 518 (103.60 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       1/0/0 (insert/search/found)
--- a/tests/cfgs/default/result/zoom_p2p.pcapng.out
+++ b/tests/cfgs/default/result/zoom_p2p.pcapng.out
@ -4,7 +4,7 @@ DPI Packets (UDP):	52	(5.20 pkts/flow)
 DPI Packets (other):	2	(1.00 pkts/flow)
 Confidence DPI (partial cache): 4 (flows)
 Confidence DPI              : 8 (flows)
-Num dissector calls: 832 (69.33 diss/flow)
+Num dissector calls: 836 (69.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/12/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)