Add OpenFlow protocol dissector (#2222)

Author: 0xA50C1A1

doc/protocols.rst

@@ -368,3 +368,12 @@ References: `Protocol Specs: <https://www.ivifoundation.org/downloads/Protocol%2
 Encrypted UDP based FTP with multicast.
 
 References: `Protocol Specs: <https://uftp-multicast.sourceforge.net/protocol.txt>`_.
+
+
+.. _Proto 374:
+
+`NDPI_PROTOCOL_OPENFLOW`
+======================
+OpenFlow protocol is a network protocol closely associated with Software-Defined Networking (SDN).
+
+References: `Protocol Specs: <https://opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf>`_.

src/include/ndpi_protocol_ids.h

@@ -402,6 +402,7 @@ typedef enum {
   NDPI_PROTOCOL_PROFINET_IO           = 371,
   NDPI_PROTOCOL_HISLIP                = 372,
   NDPI_PROTOCOL_UFTP                  = 373,
+  NDPI_PROTOCOL_OPENFLOW              = 374,
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_protocol_ids.h"

src/lib/ndpi_main.c

@@ -2198,6 +2198,10 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp
         "UFTP", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT,
         ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */,
         ndpi_build_default_ports(ports_b, 1044, 0, 0, 0, 0) /* UDP */);
+  ndpi_set_proto_defaults(ndpi_str, 1 /* cleartext */, 0 /* nw proto */, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPENFLOW,
+			  "OpenFlow", NDPI_PROTOCOL_CATEGORY_NETWORK,
+			  ndpi_build_default_ports(ports_a, 6653, 0, 0, 0, 0) /* TCP */,
+			  ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */);
 
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main.c"
@@ -5695,6 +5699,9 @@ static int ndpi_callback_init(struct ndpi_detection_module_struct *ndpi_str) {
   /* UFTP */
   init_uftp_dissector(ndpi_str, &a);
 
+  /* OpenFlow */
+  init_openflow_dissector(ndpi_str, &a);
+
 #ifdef CUSTOM_NDPI_PROTOCOLS
 #include "../../../nDPI-custom/custom_ndpi_main_init.c"
 #endif

src/lib/ndpi_private.h

@@ -637,6 +637,7 @@ void init_ethersbus_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 void init_profinet_io_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_hislip_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 void init_uftp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
+void init_openflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id);
 
 #endif
 

src/lib/protocols/openflow.c

@@ -0,0 +1,70 @@
+/*
+ * openflow.c
+ *
+ * Copyright (C) 2023 - ntop.org
+ * Copyright (C) 2023 - V.G <[email protected]>
+ *
+ * This file is part of nDPI, an open source deep packet inspection
+ * library based on the OpenDPI and PACE technology by ipoque GmbH
+ *
+ * nDPI is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * nDPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with nDPI.  If not, see <http://www.gnu.org/licenses/>.
+ * 
+ */
+
+#include "ndpi_protocol_ids.h"
+
+#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENFLOW
+
+#include "ndpi_api.h"
+#include "ndpi_private.h"
+
+static void ndpi_int_openflow_add_connection(struct ndpi_detection_module_struct *ndpi_struct,
+                                             struct ndpi_flow_struct *flow)
+{
+  NDPI_LOG_INFO(ndpi_struct, "found OpenFlow\n");
+  ndpi_set_detected_protocol(ndpi_struct, flow,
+                             NDPI_PROTOCOL_OPENFLOW, NDPI_PROTOCOL_UNKNOWN,
+                             NDPI_CONFIDENCE_DPI);
+}
+
+static void ndpi_search_openflow(struct ndpi_detection_module_struct *ndpi_struct,
+                                 struct ndpi_flow_struct *flow)
+{
+  struct ndpi_packet_struct const * const packet = &ndpi_struct->packet;
+
+  NDPI_LOG_DBG(ndpi_struct, "search OpenFlow\n");
+
+  if (packet->payload_packet_len >= 8 &&
+      packet->payload[0] == 0x06 && packet->payload[1] < 36 &&
+      packet->payload_packet_len == ntohs(get_u_int16_t(packet->payload, 2)))
+  {
+    ndpi_int_openflow_add_connection(ndpi_struct, flow);
+    return;
+  }
+
+  NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
+}
+
+void init_openflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id)
+{
+  ndpi_set_bitmask_protocol_detection("OpenFlow", ndpi_struct, *id,
+              NDPI_PROTOCOL_OPENFLOW,
+              ndpi_search_openflow,
+              NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION,
+              SAVE_DETECTION_BITMASK_AS_UNKNOWN,
+              ADD_TO_DETECTION_BITMASK);
+
+  *id += 1;
+}
+

tests/cfgs/caches_cfg/result/ookla.pcap.out

@@ -3,7 +3,7 @@ Guessed flow protos:	1
 DPI Packets (TCP):	40	(6.67 pkts/flow)
 Confidence Match by port    : 1 (flows)
 Confidence DPI              : 5 (flows)
-Num dissector calls: 533 (88.83 diss/flow)
+Num dissector calls: 536 (89.33 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/caches_cfg/result/teams.pcap.out

@@ -6,7 +6,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 80 (flows)
-Num dissector calls: 523 (6.30 diss/flow)
+Num dissector calls: 524 (6.31 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/pcap/openflow.pcap

@@ -5,7 +5,7 @@ DPI Packets (UDP):	120	(1.21 pkts/flow)
 Confidence Unknown          : 14 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 177 (flows)
-Num dissector calls: 4660 (23.65 diss/flow)
+Num dissector calls: 4663 (23.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/60/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/1kxun.pcap.out

@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 131 (131.00 diss/flow)
+Num dissector calls: 132 (132.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/443-chrome.pcap.out

@@ -1,6 +1,6 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 132 (132.00 diss/flow)
+Num dissector calls: 133 (133.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/443-opvn.pcap.out

@@ -5,7 +5,7 @@ DPI Packets (UDP):	36	(2.00 pkts/flow)
 DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Match by port    : 5 (flows)
 Confidence DPI              : 33 (flows)
-Num dissector calls: 561 (14.76 diss/flow)
+Num dissector calls: 563 (14.82 diss/flow)
 LRU cache ookla:      0/1/0 (insert/search/found)
 LRU cache bittorrent: 0/15/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/KakaoTalk_chat.pcap.out

@@ -5,7 +5,7 @@ DPI Packets (UDP):	10	(2.00 pkts/flow)
 Confidence Match by port    : 8 (flows)
 Confidence DPI              : 11 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 1151 (57.55 diss/flow)
+Num dissector calls: 1155 (57.75 diss/flow)
 LRU cache ookla:      0/2/0 (insert/search/found)
 LRU cache bittorrent: 0/27/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/KakaoTalk_talk.pcap.out

@@ -2,7 +2,7 @@ Guessed flow protos:	1
 
 DPI Packets (TCP):	21	(21.00 pkts/flow)
 Confidence Match by port    : 1 (flows)
-Num dissector calls: 261 (261.00 diss/flow)
+Num dissector calls: 262 (262.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/Oscar.pcap.out

@@ -5,7 +5,7 @@ DPI Packets (UDP):	64	(1.94 pkts/flow)
 DPI Packets (other):	6	(1.00 pkts/flow)
 Confidence Match by port    : 14 (flows)
 Confidence DPI              : 146 (flows)
-Num dissector calls: 507 (3.17 diss/flow)
+Num dissector calls: 508 (3.17 diss/flow)
 LRU cache ookla:      0/5/0 (insert/search/found)
 LRU cache bittorrent: 0/42/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/alexa-app.pcapng.out

@@ -1,6 +1,6 @@
 DPI Packets (TCP):	9	(3.00 pkts/flow)
 Confidence DPI              : 3 (flows)
-Num dissector calls: 380 (126.67 diss/flow)
+Num dissector calls: 381 (127.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/amqp.pcap.out

@@ -6,7 +6,7 @@ DPI Packets (other):	10	(1.00 pkts/flow)
 Confidence Unknown          : 2 (flows)
 Confidence Match by port    : 6 (flows)
 Confidence DPI              : 61 (flows)
-Num dissector calls: 855 (12.39 diss/flow)
+Num dissector calls: 856 (12.41 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/24/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/anyconnect-vpn.pcap.out

@@ -1,6 +1,6 @@
 DPI Packets (TCP):	10	(10.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 236 (236.00 diss/flow)
+Num dissector calls: 237 (237.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 5/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/bittorrent_tcp_miss.pcapng.out

@@ -1,6 +1,6 @@
 DPI Packets (TCP):	16	(8.00 pkts/flow)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 316 (158.00 diss/flow)
+Num dissector calls: 318 (159.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/cassandra.pcap.out

@@ -4,7 +4,7 @@ DPI Packets (TCP):	41	(5.12 pkts/flow)
 Confidence Match by port    : 2 (flows)
 Confidence DPI              : 5 (flows)
 Confidence Match by IP      : 1 (flows)
-Num dissector calls: 190 (23.75 diss/flow)
+Num dissector calls: 191 (23.88 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/9/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/cloudflare-warp.pcap.out

@@ -27,8 +27,8 @@ CustomProtocolF	1	1287	1
 CustomProtocolG	1	318	1
 CustomProtocolH	1	318	1
 
-	1	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 384/CustomProtocolE][IP: 384/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
-	2	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 385/CustomProtocolF][IP: 385/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
-	3	UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 383/CustomProtocolD][IP: 383/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	4	UDP [fe80::76ac:b9ff:fe6c:c124]:12717 -> [ff02::1]:64315 [proto: 386/CustomProtocolG][IP: 386/CustomProtocolG][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	5	UDP [fe80::76ac:b9ff:fe6c:c124]:12718 -> [ff02::1]:26993 [proto: 387/CustomProtocolH][IP: 387/CustomProtocolH][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:100 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:1991 [proto: 385/CustomProtocolE][IP: 385/CustomProtocolE][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No client to server traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+	2	UDP [247f:855b:5e16:3caf:3f2c:4134:9592:661b]:36098 -> [21bc:b273:7f68:88d7:77a8:585:3990:927b]:50621 [proto: 386/CustomProtocolF][IP: 386/CustomProtocolF][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/1287 bytes -> 0 pkts/0 bytes][Goodput ratio: 95/0][< 1 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0]
+	3	UDP [3ffe:507::1:200:86ff:fe05:80da]:21554 <-> [3ffe:501:4819::42]:5333 [proto: 384/CustomProtocolD][IP: 384/CustomProtocolD][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/90 bytes <-> 1 pkts/510 bytes][Goodput ratio: 31/88][0.07 sec][PLAIN TEXT (itojun)][Plen Bins: 50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	UDP [fe80::76ac:b9ff:fe6c:c124]:12717 -> [ff02::1]:64315 [proto: 387/CustomProtocolG][IP: 387/CustomProtocolG][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	UDP [fe80::76ac:b9ff:fe6c:c124]:12718 -> [ff02::1]:26993 [proto: 388/CustomProtocolH][IP: 388/CustomProtocolH][ClearText][Confidence: Unknown][DPI packets: 1][1 pkts/318 bytes -> 0 pkts/0 bytes][Goodput ratio: 80/0][< 1 sec][PLAIN TEXT (BZ.qca956)][Plen Bins: 0,0,0,0,0,0,0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

tests/cfgs/default/result/custom_rules_ipv6.pcapng.out

@@ -25,6 +25,6 @@ CustomProtocolA	3	222	1
 CustomProtocolB	2	148	1
 Unknown	3	222	1
 
-	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.380/TLS.CustomProtocolA][IP: 380/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 382/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
-	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 381/CustomProtocolB][IP: 381/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.1.245:56866 -> 3.3.3.3:443 [proto: 91.381/TLS.CustomProtocolA][IP: 381/CustomProtocolA][Encrypted][Confidence: Unknown][DPI packets: 1][cat: Web/5][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.05 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	2	TCP 192.168.1.245:58288 -> 3.3.3.3:446 [proto: 400/CustomProtocolC][IP: 383/Unknown][Encrypted][Confidence: Unknown][DPI packets: 1][3 pkts/222 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][3.04 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.1.245:59682 -> 3.3.3.3:444 [proto: 382/CustomProtocolB][IP: 382/CustomProtocolB][ClearText][Confidence: Unknown][DPI packets: 1][2 pkts/148 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][1.02 sec][Risk: ** Unidirectional Traffic **][Risk Score: 10][Risk Info: No server to client traffic][Plen Bins: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]

tests/cfgs/default/result/custom_rules_same-ip_multiple_ports.pcapng.out

@@ -1,6 +1,6 @@
 DPI Packets (TCP):	5	(5.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 134 (134.00 diss/flow)
+Num dissector calls: 135 (135.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/edonkey.pcap.out

@@ -1,6 +1,6 @@
 DPI Packets (TCP):	48	(8.00 pkts/flow)
 Confidence DPI              : 6 (flows)
-Num dissector calls: 201 (33.50 diss/flow)
+Num dissector calls: 202 (33.67 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/emotet.pcap.out

@@ -1,6 +1,6 @@
 DPI Packets (TCP):	6	(6.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 158 (158.00 diss/flow)
+Num dissector calls: 159 (159.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/fastcgi.pcap.out

@@ -1,6 +1,6 @@
 DPI Packets (TCP):	17	(17.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 160 (160.00 diss/flow)
+Num dissector calls: 161 (161.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/ftp-start-tls.pcap.out

@@ -1,7 +1,7 @@
 DPI Packets (TCP):	39	(13.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
 Confidence DPI              : 2 (flows)
-Num dissector calls: 532 (177.33 diss/flow)
+Num dissector calls: 534 (178.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/ftp.pcap.out

@@ -1,6 +1,6 @@
 DPI Packets (TCP):	8	(8.00 pkts/flow)
 Confidence DPI              : 1 (flows)
-Num dissector calls: 159 (159.00 diss/flow)
+Num dissector calls: 160 (160.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/ftp_failed.pcap.out

@@ -6,7 +6,7 @@ DPI Packets (other):	5	(1.00 pkts/flow)
 Confidence Unknown          : 34 (flows)
 Confidence Match by port    : 27 (flows)
 Confidence DPI              : 190 (flows)
-Num dissector calls: 6750 (26.89 diss/flow)
+Num dissector calls: 6762 (26.94 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/189/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/fuzz-2006-06-26-2594.pcap.out

@@ -5,7 +5,7 @@ DPI Packets (other):	1	(1.00 pkts/flow)
 Confidence Unknown          : 3 (flows)
 Confidence Match by port    : 26 (flows)
 Confidence DPI              : 11 (flows)
-Num dissector calls: 1023 (25.58 diss/flow)
+Num dissector calls: 1029 (25.73 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/87/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)

tests/cfgs/default/result/fuzz-2006-09-29-28586.pcap.out

@@ -1,6 +1,6 @@
 DPI Packets (TCP):	1	(1.00 pkts/flow)
 Confidence Unknown          : 1 (flows)
-Num dissector calls: 130 (130.00 diss/flow)
+Num dissector calls: 131 (131.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/3/0 (insert/search/found)
 LRU cache zoom:       0/0/0 (insert/search/found)