vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-02 17:00:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
nDPI/tests/result/aimini-http.pcap.out
Ivan Nardi a7c2734b38
Remove classification "by-ip" from protocol stack (#1743) 
Basically:
* "classification by-ip" (i.e. `flow->guessed_protocol_id_by_ip` is
NEVER returned in the protocol stack (i.e.
`flow->detected_protocol_stack[]`);
* if the application is interested into such information, it can access
`ndpi_protocol->protocol_by_ip` itself.

There are mainly 4 points in the code that set the "classification
by-ip" in the protocol stack:  the generic `ndpi_set_detected_protocol()`/
`ndpi_detection_giveup()` functions and the HTTP/STUN  dissectors.

In the unit tests output, a print about `ndpi_protocol->protocol_by_ip`
has been added for each flow: the huge diff of this commit is mainly due
to that.

Strictly speaking, this change is NOT an API/ABI breakage, but there are
important differences in the classification results. For examples:
* TLS flows without the initial handshake (or without a matching
SNI/certificate) are simply classified as `TLS`;
* similar for HTTP or QUIC flows;
* DNS flows without a matching request domain are simply classified as
`DNS`; we don't have `DNS/Google` anymore just because the server is
8.8.8.8 (that was an outrageous behaviour...);
* flows previusoly classified only "by-ip" are now classified as
`NDPI_PROTOCOL_UNKNOWN`.

See #1425 for other examples of why adding the "classification by-ip" in
the protocol stack is a bad idea.

Please, note that IPV6 is not supported :(  (long standing issue in nDPI) i.e.
`ndpi_protocol->protocol_by_ip` wil be always `NDPI_PROTOCOL_UNKNOWN` for
IPv6 flows.

Define `NDPI_CONFIDENCE_MATCH_BY_IP` has been removed.

Close #1687
2022-09-20 22:24:47 +02:00

27 lines
3.7 KiB
Text
Raw Blame History

Guessed flow protos: 0
DPI Packets (TCP): 36 (9.00 pkts/flow)
Confidence DPI : 4 (flows)
Num dissector calls: 76 (19.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
Automa host: 4/0 (search/found)
Automa domain: 4/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 16/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia protocols: 16/0 (search/found)
Aimini 133 86722 4
1 TCP 10.101.0.2:28501 <-> 10.102.0.2:80 [proto: 7.99/HTTP.Aimini][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][38 pkts/36756 bytes <-> 34 pkts/28010 bytes][Goodput ratio: 94/93][0.00 sec][Hostname/SNI: www.aimini.net][bytes ratio: 0.135 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 967/824 1514/1514 664/699][URL: www.aimini.net/member/signup/][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17][PLAIN TEXT (GET /member/signup/ HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,4,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,83,0,0]
2 TCP 10.101.0.2:28503 <-> 10.102.0.2:80 [proto: 7.99/HTTP.Aimini][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][12 pkts/1920 bytes <-> 18 pkts/13384 bytes][Goodput ratio: 63/92][0.00 sec][Hostname/SNI: www.aimini.net][bytes ratio: -0.749 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 160/744 658/1514 223/696][URL: www.aimini.net/search/?q=pictures&sca=][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17][PLAIN TEXT (GET /search/)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,67,0,0]
3 TCP 10.101.0.2:28502 <-> 10.102.0.2:80 [proto: 7.99/HTTP.Aimini][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][10 pkts/2690 bytes <-> 8 pkts/1544 bytes][Goodput ratio: 78/70][0.00 sec][Hostname/SNI: www.aimini.com][bytes ratio: 0.271 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 269/193 585/339 255/132][URL: www.aimini.com/webcounter/w.php?___hm=.net_SignUp_&_lh_=http://www.aimini.net/member/signup/&__Refer_=http://www.aimini.net/][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17][PLAIN TEXT (GET /webcounter/w.php)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 TCP 10.101.0.2:28504 <-> 10.102.0.2:80 [proto: 7.99/HTTP.Aimini][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Download/7][8 pkts/1556 bytes <-> 5 pkts/862 bytes][Goodput ratio: 70/66][0.00 sec][Hostname/SNI: www.aimini.com][bytes ratio: 0.287 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 0/0 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 194/172 596/339 232/136][URL: www.aimini.com/webcounter/w.php?___hm=.net_Search_&_lh_=http://www.aimini.net/search/?q=pictures&sca=&__Refer_=http://www.aimini.net/][StatusCode: 200][User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110420 Firefox/3.6.17][PLAIN TEXT (GET /webcounter/w.php)][Plen Bins: 0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Reference in a new issue View git blame Copy permalink