Added health category

src/include/ndpi_typedefs.h

@@ -1117,7 +1117,7 @@ typedef enum {
 
   /* Gambling websites */
   NDPI_PROTOCOL_CATEGORY_GAMBLING = 107,
-
+  NDPI_PROTOCOL_CATEGORY_HEALTH,
   /*
     IMPORTANT
 

src/lib/ndpi_main.c

@@ -2236,11 +2236,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
 			  ndpi_build_default_ports(ports_a, 4059, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 4059, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HL7,
-			  "HL7", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
+			  "HL7", NDPI_PROTOCOL_CATEGORY_HEALTH,
 			  ndpi_build_default_ports(ports_a, 2575, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DICOM,
-			  "DICOM", NDPI_PROTOCOL_CATEGORY_IOT_SCADA,
+			  "DICOM", NDPI_PROTOCOL_CATEGORY_HEALTH,
 			  ndpi_build_default_ports(ports_a, 104, 0, 0, 0, 0) /* TCP */,
 			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
   ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CEPH,
@@ -3213,7 +3213,7 @@ void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi
 /* ****************************************** */
 
 /* Keep it in order and in sync with ndpi_protocol_category_t in ndpi_typedefs.h */
-static const char *categories[] = {
+static const char *categories[NDPI_PROTOCOL_NUM_CATEGORIES] = {
   "Unspecified",
   "Media",
   "VPN",
@@ -3321,7 +3321,8 @@ static const char *categories[] = {
   "Allowed_Site",
   "Antimalware",
   "Crypto_Currency",
-  "Gambling"
+  "Gambling",
+  "Health"
 };
 
 #if !defined(NDPI_CFFI_PREPROCESSING) && defined(__linux__)

tests/cfgs/default/result/dicom.pcap.out

@@ -24,7 +24,7 @@ DICOM	6	34720	4
 
 Acceptable                       6 34720         4            
 
-	1	TCP 127.0.0.1:49541 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/16621 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver      testclient     )][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
-	2	TCP 127.0.0.1:52180 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][2 pkts/16621 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver      testclient     )][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
-	3	TCP 127.0.0.1:49531 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/739 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver      testclient     )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	TCP 127.0.0.1:52228 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: IoT-Scada/31][1 pkts/739 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (remote    bogus)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 127.0.0.1:49541 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][2 pkts/16621 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver      testclient     )][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
+	2	TCP 127.0.0.1:52180 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][2 pkts/16621 bytes -> 0 pkts/0 bytes][Goodput ratio: 99/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver      testclient     )][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50]
+	3	TCP 127.0.0.1:49531 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][1 pkts/739 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (testserver      testclient     )][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 127.0.0.1:52228 -> 127.0.0.1:104 [proto: 438/DICOM][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 438/DICOM, Confidence: DPI][DPI packets: 1][cat: Health/108][1 pkts/739 bytes -> 0 pkts/0 bytes][Goodput ratio: 92/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][PLAIN TEXT (remote    bogus)][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

tests/cfgs/default/result/hl7.pcap.out

@@ -24,6 +24,6 @@ HL7	47	7319	3
 
 Acceptable                      47 7319          3            
 
-	1	TCP 10.0.0.155:49242 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: IoT-Scada/31][15 pkts/2331 bytes <-> 12 pkts/1188 bytes][Goodput ratio: 61/42][0.04 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 31/11 9/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 155/99 531/222 188/71][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SENDING)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	TCP 10.0.0.155:49252 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][6 pkts/2133 bytes <-> 5 pkts/404 bytes][Goodput ratio: 83/30][0.03 sec][bytes ratio: 0.682 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 6/8 20/15 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 356/81 1514/176 530/48][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
-	3	TCP 10.0.0.155:49250 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: IoT-Scada/31][5 pkts/913 bytes <-> 4 pkts/350 bytes][Goodput ratio: 67/35][0.02 sec][bytes ratio: 0.446 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 4/9 17/14 7/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 183/88 667/176 242/51][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 10.0.0.155:49242 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Health/108][15 pkts/2331 bytes <-> 12 pkts/1188 bytes][Goodput ratio: 61/42][0.04 sec][bytes ratio: 0.325 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 3/3 31/11 9/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 155/99 531/222 188/71][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SENDING)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 10.0.0.155:49252 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Health/108][6 pkts/2133 bytes <-> 5 pkts/404 bytes][Goodput ratio: 83/30][0.03 sec][bytes ratio: 0.682 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 6/8 20/15 8/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 356/81 1514/176 530/48][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,33,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0]
+	3	TCP 10.0.0.155:49250 <-> 10.0.0.126:6661 [proto: 380/HL7][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 4][cat: Health/108][5 pkts/913 bytes <-> 4 pkts/350 bytes][Goodput ratio: 67/35][0.02 sec][bytes ratio: 0.446 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/4 4/9 17/14 7/5][Pkt Len c2s/s2c min/avg/max/stddev: 60/54 183/88 667/176 242/51][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][Risk Info: Expected on port 2575][TCP Fingerprint: 2_128_8192_6bb88f5575fd/Unknown][PLAIN TEXT (SendingApp)][Plen Bins: 0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]