vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-04 09:50:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
nDPI/tests/result/vxlan.pcap.out
Ivan Nardi a7c2734b38
Remove classification "by-ip" from protocol stack (#1743) 
Basically:
* "classification by-ip" (i.e. `flow->guessed_protocol_id_by_ip` is
NEVER returned in the protocol stack (i.e.
`flow->detected_protocol_stack[]`);
* if the application is interested into such information, it can access
`ndpi_protocol->protocol_by_ip` itself.

There are mainly 4 points in the code that set the "classification
by-ip" in the protocol stack:  the generic `ndpi_set_detected_protocol()`/
`ndpi_detection_giveup()` functions and the HTTP/STUN  dissectors.

In the unit tests output, a print about `ndpi_protocol->protocol_by_ip`
has been added for each flow: the huge diff of this commit is mainly due
to that.

Strictly speaking, this change is NOT an API/ABI breakage, but there are
important differences in the classification results. For examples:
* TLS flows without the initial handshake (or without a matching
SNI/certificate) are simply classified as `TLS`;
* similar for HTTP or QUIC flows;
* DNS flows without a matching request domain are simply classified as
`DNS`; we don't have `DNS/Google` anymore just because the server is
8.8.8.8 (that was an outrageous behaviour...);
* flows previusoly classified only "by-ip" are now classified as
`NDPI_PROTOCOL_UNKNOWN`.

See #1425 for other examples of why adding the "classification by-ip" in
the protocol stack is a bad idea.

Please, note that IPV6 is not supported :(  (long standing issue in nDPI) i.e.
`ndpi_protocol->protocol_by_ip` wil be always `NDPI_PROTOCOL_UNKNOWN` for
IPv6 flows.

Define `NDPI_CONFIDENCE_MATCH_BY_IP` has been removed.

Close #1687
2022-09-20 22:24:47 +02:00

32 lines
5.1 KiB
Text
Raw Blame History

Guessed flow protos: 0
DPI Packets (UDP): 9 (1.00 pkts/flow)
Confidence DPI : 9 (flows)
Num dissector calls: 9 (1.00 diss/flow)
LRU cache ookla: 0/0/0 (insert/search/found)
LRU cache bittorrent: 0/0/0 (insert/search/found)
LRU cache zoom: 0/0/0 (insert/search/found)
LRU cache stun: 0/0/0 (insert/search/found)
LRU cache tls_cert: 0/0/0 (insert/search/found)
LRU cache mining: 0/0/0 (insert/search/found)
LRU cache msteams: 0/0/0 (insert/search/found)
Automa host: 0/0 (search/found)
Automa domain: 0/0 (search/found)
Automa tls cert: 0/0 (search/found)
Automa risk mask: 0/0 (search/found)
Automa common alpns: 0/0 (search/found)
Patricia risk mask: 18/0 (search/found)
Patricia risk: 0/0 (search/found)
Patricia protocols: 18/0 (search/found)
VXLAN 127 85322 9
1 UDP 192.168.22.5:36286 -> 192.168.22.4:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][56 pkts/71223 bytes -> 0 pkts/0 bytes][Goodput ratio: 96/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/0 113/0 16/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 1272/0 1500/0 477/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (Ev0@ED)][Plen Bins: 0,0,10,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,83,0,0]
2 UDP 192.168.22.5:60230 -> 192.168.22.4:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][13 pkts/5656 bytes -> 0 pkts/0 bytes][Goodput ratio: 89/0][0.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 34/0 233/0 70/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 435/0 1500/0 497/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,55,7,0,0,0,7,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]
3 UDP 192.168.22.4:40646 -> 192.168.22.5:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][35 pkts/4938 bytes -> 0 pkts/0 bytes][Goodput ratio: 67/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 11/0 150/0 30/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 141/0 438/0 66/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (www.facebook.com)][Plen Bins: 0,0,91,0,2,0,0,2,2,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
4 UDP 192.168.22.4:49762 -> 192.168.22.5:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][12 pkts/2011 bytes -> 0 pkts/0 bytes][Goodput ratio: 73/0][0.38 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 15/0 81/0 25/0][Pkt Len c2s/s2c min/avg/max/stddev: 120/0 168/0 434/0 92/0][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (facebook.com)][Plen Bins: 0,0,67,8,8,0,0,8,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
5 UDP 192.168.22.5:50251 -> 192.168.22.4:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/362 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][0.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (facebook)][Plen Bins: 0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
6 UDP 192.168.22.4:60230 -> 192.168.22.5:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][3 pkts/324 bytes -> 0 pkts/0 bytes][Goodput ratio: 57/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
7 UDP 192.168.22.5:43866 -> 192.168.22.4:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/296 bytes -> 0 pkts/0 bytes][Goodput ratio: 69/0][0.03 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (facebook)][Plen Bins: 0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
8 UDP 192.168.22.4:60351 -> 192.168.22.5:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/260 bytes -> 0 pkts/0 bytes][Goodput ratio: 64/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (facebook)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
9 UDP 192.168.22.4:60887 -> 192.168.22.5:4789 [VLAN: 5][proto: 64/VXLAN][IP: 0/Unknown][ClearText][Confidence: DPI][cat: Network/14][2 pkts/252 bytes -> 0 pkts/0 bytes][Goodput ratio: 63/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (facebook)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
Reference in a new issue View git blame Copy permalink