From 3edfad01a1bb22b33bd5bafa0ceeb13e27f03e67 Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Tue, 18 Jul 2023 07:41:56 +0200 Subject: [PATCH] fuzz: extend fuzzing coverage (#2052) Added/merged some traces. Improved Socks identification --- .gitignore | 1 + fuzz/Makefile.am | 19 +++++++++- fuzz/dictionary.dict | 2 +- fuzz/fuzz_dga.c | 2 + fuzz/fuzz_ds_cmsketch.cpp | 35 ++++++++++++++++++ fuzz/fuzz_serialization.cpp | 2 +- src/lib/ndpi_analyze.c | 1 + src/lib/protocols/socks45.c | 3 +- tests/cfgs/default/pcap/edonkey.pcap | Bin 0 -> 2312 bytes tests/cfgs/default/pcap/rdp2.pcap | Bin 7632 -> 12852 bytes tests/cfgs/default/pcap/rdp3.pcap | Bin 5148 -> 0 bytes tests/cfgs/default/pcap/rtp.pcapng | Bin 20556 -> 39700 bytes .../{socks-http-example.pcap => socks.pcap} | Bin 9143 -> 12736 bytes .../{rdp3.pcap.out => edonkey.pcap.out} | 10 ++--- tests/cfgs/default/result/rdp2.pcap.out | 15 ++++---- tests/cfgs/default/result/rtp.pcapng.out | 17 +++++---- ...s-http-example.pcap.out => socks.pcap.out} | 20 +++++----- 17 files changed, 92 insertions(+), 35 deletions(-) create mode 100644 fuzz/fuzz_ds_cmsketch.cpp create mode 100644 tests/cfgs/default/pcap/edonkey.pcap delete mode 100644 tests/cfgs/default/pcap/rdp3.pcap rename tests/cfgs/default/pcap/{socks-http-example.pcap => socks.pcap} (52%) rename tests/cfgs/default/result/{rdp3.pcap.out => edonkey.pcap.out} (50%) rename tests/cfgs/default/result/{socks-http-example.pcap.out => socks.pcap.out} (56%) diff --git a/.gitignore b/.gitignore index 73454c1e45b..35ff7eee732 100644 --- a/.gitignore +++ b/.gitignore @@ -73,6 +73,7 @@ /fuzz/fuzz_libinjection /fuzz/fuzz_tls_certificate /fuzz/fuzz_dga +/fuzz/fuzz_ds_cmsketch /fuzz/fuzz_gcrypt_light /fuzz/fuzz_ndpi_reader_payload_analyzer /fuzz/fuzz_ndpi_reader_alloc_fail_seed_corpus.zip diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index d1b51dcc7dc..53c7832d02e 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -2,7 +2,7 @@ bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail #Alghoritms bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5 fuzz_alg_bytestream #Data structures -bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash +bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree fuzz_ds_hash fuzz_ds_cmsketch #Third party bin_PROGRAMS += fuzz_libinjection #Internal crypto @@ -295,7 +295,7 @@ fuzz_ds_ptree_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(fuzz_ds_ptree_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ fuzz_ds_hash_SOURCES = fuzz_ds_hash.cpp fuzz_common_code.c -fuzz_ds_hash_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DENABLE_MEM_ALLOC_FAILURES +fuzz_ds_hash_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) fuzz_ds_hash_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) fuzz_ds_hash_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) fuzz_ds_hash_LDFLAGS = $(LIBS) @@ -309,6 +309,21 @@ fuzz_ds_hash_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ $(fuzz_ds_hash_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ +fuzz_ds_cmsketch_SOURCES = fuzz_ds_cmsketch.cpp fuzz_common_code.c +fuzz_ds_cmsketch_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_ds_cmsketch_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) +fuzz_ds_cmsketch_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) +fuzz_ds_cmsketch_LDFLAGS = $(LIBS) +if HAS_FUZZLDFLAGS +fuzz_ds_cmsketch_CXXFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_ds_cmsketch_CFLAGS += $(LIB_FUZZING_ENGINE) +fuzz_ds_cmsketch_LDFLAGS += $(LIB_FUZZING_ENGINE) +endif +# force usage of CXX for linker +fuzz_ds_cmsketch_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \ + $(fuzz_ds_cmsketch_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@ + fuzz_libinjection_SOURCES = fuzz_libinjection.c fuzz_libinjection_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) fuzz_libinjection_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS) diff --git a/fuzz/dictionary.dict b/fuzz/dictionary.dict index f6c9b420b31..b74b3d13ba5 100644 --- a/fuzz/dictionary.dict +++ b/fuzz/dictionary.dict @@ -7,7 +7,7 @@ #FTP_DATA "RIFF" -"MZ" +"MZ\x00" "OggS" "PK\x03\x04" "\x00\x00\x01\xBA" diff --git a/fuzz/fuzz_dga.c b/fuzz/fuzz_dga.c index d047f531afc..3b09550ff68 100644 --- a/fuzz/fuzz_dga.c +++ b/fuzz/fuzz_dga.c @@ -22,6 +22,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (data[0] % 2 == 0) ndpi_dga_function = ndpi_custom_dga_fn; + else + ndpi_dga_function = NULL; name = ndpi_malloc(size + 1); if (name) { diff --git a/fuzz/fuzz_ds_cmsketch.cpp b/fuzz/fuzz_ds_cmsketch.cpp new file mode 100644 index 00000000000..1181b159337 --- /dev/null +++ b/fuzz/fuzz_ds_cmsketch.cpp @@ -0,0 +1,35 @@ +#include "ndpi_api.h" +#include "fuzz_common_code.h" + +#include +#include "fuzzer/FuzzedDataProvider.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + struct ndpi_cm_sketch *sketch; + u_int16_t i, num_hashes, num_iteration, num_lookup; + + /* Just to have some data */ + if (fuzzed_data.remaining_bytes() < 1024) + return -1; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + num_hashes = fuzzed_data.ConsumeIntegralInRange(0, 8192); + num_iteration = fuzzed_data.ConsumeIntegral(); + num_lookup = fuzzed_data.ConsumeIntegral(); + + sketch = ndpi_cm_sketch_init(num_hashes); + if (sketch) { + for (i = 0; i < num_iteration; i++) { + ndpi_cm_sketch_add(sketch, fuzzed_data.ConsumeIntegral()); + } + for (i = 0; i < num_lookup; i++) { + ndpi_cm_sketch_count(sketch, fuzzed_data.ConsumeIntegral()); + } + ndpi_cm_sketch_destroy(sketch); + } + + return 0; +} diff --git a/fuzz/fuzz_serialization.cpp b/fuzz/fuzz_serialization.cpp index e5d02d4d78f..d097c683cd7 100644 --- a/fuzz/fuzz_serialization.cpp +++ b/fuzz/fuzz_serialization.cpp @@ -19,7 +19,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); - fmt = static_cast(fuzzed_data.ConsumeIntegralInRange(1, 3)); + fmt = static_cast(fuzzed_data.ConsumeIntegralInRange(1, 4)); if (fuzzed_data.ConsumeBool()) rc = ndpi_init_serializer(&serializer, fmt); diff --git a/src/lib/ndpi_analyze.c b/src/lib/ndpi_analyze.c index 62d14fdd462..f7f9784b6a0 100644 --- a/src/lib/ndpi_analyze.c +++ b/src/lib/ndpi_analyze.c @@ -1760,6 +1760,7 @@ struct ndpi_cm_sketch *ndpi_cm_sketch_init(u_int16_t num_hashes) { #endif if(num_hashes < 2) num_hashes = 2; + num_hashes = ndpi_nearest_power_of_two(num_hashes); sketch->num_hashes = num_hashes; sketch->num_hash_buckets = num_hashes * NDPI_COUNT_MIN_SKETCH_NUM_BUCKETS; diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index 6845ecaf263..6cdac93d15c 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -90,7 +90,8 @@ static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct, if(flow->socks5_stage == 0) { NDPI_LOG_DBG2(ndpi_struct, "SOCKS5 stage 0: \n"); - if((payload_len == 3) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00)) { + if(((payload_len == 3) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00)) || + ((payload_len == 4) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x02) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x01))) { NDPI_LOG_DBG2(ndpi_struct, "Possible SOCKS5 request detected, we will look further for the response\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ diff --git a/tests/cfgs/default/pcap/edonkey.pcap b/tests/cfgs/default/pcap/edonkey.pcap new file mode 100644 index 0000000000000000000000000000000000000000..ce091773cb6826ba8738cb75e3e8c84d7bc538cb GIT binary patch literal 2312 zcmca|c+)~A1{MYw`2U}Qff2~@p8d@0u|5NX9gq#e$bf^vm4U%Pw9tW}giU<&N&bzG z+Yem(z;;Wv{t@fpZ6K8eO#lDiuVi3gVqsmt$jHJ3GHs1LKGQ6{9T;laUflqh1Ts;! zp6%9UiHKI9iQ5Z={{P<$G#6;v7MN)|y^IVtK$}1q8GzlUAzBJ{+jca!Z3mjz79jBd z|AQ(9hE=OT804}!iy0X<0Sy6RWB@j6iD)_4EK96rN&NpWd4z%CaXC;Qqky#2+2|>J z*DDWkZ4dpYnm@hPGyQRwF9%SLiIIVkpCQ`W!!I^EEVZc8*(J6jjhT@_5afQKWGELy zMUFyJX=YA}nITa89nZ^75g`3@k@q5RApJ|kN!SEP|7JMAzyPHGO#$i)6F&YqlMtX!L{ss_iTity zPj2rR3O-?NWWkd^#BD(NL$qYD<_}O@ENf@MQ(AbKgX7{0YFtEef%AvJ|K|JOV0kJ5 zXcikMzIcuQ#{i61=2fU>MGU&UmIL&Oh71#)Qlsn#$R}^s4|boF0exbj%8Ms{+fqS3 zxqA%NC(!s61jg@ISo~H1%?dSR#uF+X8KAT>+aA>{X#7e7%To8jQI>*ya%l>_R4-ox z%D225Q1k5( zsL22VQ-GKeh()0E|Njv7#0@M7GOR#BAh>gwm7!^ayu>dS1_lrg3Ssa!(g%_o%zkq) zxH7Q3nP$zv&>*O}_rQv(tw79l^*OIC%Z;i}|ABzPL4tAj|FCwJ3oI9wO>j7PztUrS z|AHRhaFUjEtKdMdz`^fox*~+JTrCJkgG$Yx&K ztIt8Uf^1`O5McF9uS^5k$^fxrGt1-x0q%O3J$JxzGGNB%?4zT z?r&t@G0ZI6%ph`*@e54N46@;#e!3Qc!Tts= z#{S+;o_ZdRK`yR-o__9n&i=lW_ed!Ofm{v>DH~v1fB-0d&H#NN3FLz?x(`^mr`dvh zpfv~C2h88A1Q|pQq%fp1eAt{Q@QS$}WFE-e8(>o*=6XG|kk|p_gD|?e46CNufkWmG zvbhY?$~G{H97tnGV|YM(umD5FilShVj|Mp#1IFi(YGj~iV4`QBT@KTpl3G?= cl9-f}s>uKZbAXr;h()0E#05N?B}8Rp0ntb(cmMzZ diff --git a/tests/cfgs/default/pcap/rdp3.pcap b/tests/cfgs/default/pcap/rdp3.pcap deleted file mode 100644 index fe792156662746a21ad99bafc311ffbf87ba4db4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5148 zcmca|c+)~A1{MYcU}0bcazZZdNNC#3&hQH;1;Rlg4E{#?KyriGZw>}m29`I|tQi;@ z1U2^_SW&eVh?%ZF=e1?IQT6FR5HL7MFz)^z*3NQ)<-)QF4hQd7dTj4s(Bqq&jIamJ zVq^qaI0{BXU^E0qLtxN_0H`GF$mc{Z34vuGq&$R_gvpaYC1Fe&s1yX1hP<{{pMy$5 zPzlK3Ai(OIUYQ0e2^mI9xCE;~5CWhTWi$M<6Ee&!+sq(xknsy+%7YYO+fs~~iJ<}5;;Uh1O4xBR#N-=;-WI9TwJMyUdl%<~ zUwi$2_F;o!S9Zqhd9xW9_zrL#;5;C5K$yXlL7#yOsLd5=ZgE)f(12+Q`P^U6br#J({e@37qKwjxF zXJU{9Hf=!|-775I(`-Rr(VBzo73S|%f(#-DQW#PhJ^&3H1*0J_8Un*R1j2v?#iKC~_c;A&ud|;3)7w{)iW6VNd}Ub|4J&2Wl%; wEO|1>AFK|~CS8fv~g_rC9UpLO5+zh|vk$>f|hnRCv}p8eauJufQ2`JE7Xgs?Ee z6bu3#-mfRe`v7tO=KzB$^5k6rWrSTsRG4ze*|4CPuu$dTc;!=JXHP_&K4JFHGe&00 zXJZJ4gpeS@=@b9_$=FO86CQmk3=aY<$5LnfUVxS!)OE-rgQ;!;;_%yIR` z=NHI#7!CTgz=zI-04hyQg*ck@J>gqyx{QrnMlqutJfQS>=bg(o<#ONb1P#)l53WSz z$upL?15>j<5(6gZdn|z2mGVrw7xH5sIX7_k4DlW&I{?LoKSW*5e9GN)zpCD?}npVC$CW>~a_14X9QSA}13EP9S zZ@M17A29}1ckr#f?xXU9D)@!odk7Xf6D_v>;NbO#q4;+1LF(iKmAaWg;@e5HF>)1m zKa@!;s1gP4!-Eljl+#eSg$zVb~TblgS`zAsN07kNrN+L}+jNVu*m}q_c;s2wtLf7!(XzZShvT3bW7u zRVmOg62xxMOK`8y8F?%)I^=v)%T@b`M9Jc!bmThuA)M?UlEL30dm>TVWJDX638~D3 zmnt?HLm{`1oIGbO-A@#{C)F!kBLl^4v+4^>O0_fm2IwmJH{q z<1|2aeIkqbp0?U%Dq<>QqE`ro)D$(+rGk*D%A*Sn2C+7xt*1=saVdKx}`n>(bY9H@#RHeMyj(;B!;?RMry*wDGSG%aNV%P;(n(dw*bSMt-%_c9SyD27A3+J@%Pv!`Qd8mv5z)4H_4*6ZKKItfU`I z!mf+;i6vSvzH^aZuc=6XO=toO4y z*bzFU=k7k9o~qo)tV!|VAK8>n4nBN(Qn@V50YWCMy5# z^;zE7ECZWk98w*aYnRa;ZymgRnT8@$mPMvS{Q>zXWw8(p;TQ)wGRMBB6URayJ{~yw z@cRjzn@Ld3fnR)H-%o1iOV#_(wTpDjUq(kJZC6*Prj1dW#LmcWT(}eW%tb0UmsaNa zT*vLzYQT~;4T=p^LfkV3rYfv&Hw-OhV)(r2|8u3__)3qwcu}9OMh}A;#a?LGO z+$Wwf)gs-GhwsIE+^Oqbw3x*5Ki;O!Y)kK>vpO?<{qH(b2mzFSy@XK*5a=(+hx1_i z1r!7V{=)0Ou%DyTyLN;3!(Zj!u^(FEUiyErADT9-PO1Wn{~h}~G?n!H^~19;<=*|6 zPSMnj$A9dgQ)UK-1SnPOci*OKFQHrX(E}@1hd=a3)$j5#2834C#Yo$h zqT9R1ZW1t7?7O3lrtbHYu25~cmHwgDC|G&fPk&lkzx_G+PmL`#Igw}lgZfG_;YOg? z#JLM4UmXS^jU-Lkg47_Q+eHd&(|WgJ)R~95TA#%16gR2Va#w@aizCS%{}Vsar`E>~shqCK4#hi0D800un+CVAn&7WrY6CnI!`LC941a$AB zuEJXOHst^+?ufkjG2NdpMZ6w7mSiQ1c>M-aUD3VE+3-tME8aeH1}`BG*&53xuaBu- z^$OXDv^3p`m4Wr%w`Sxi8`!TuH4Q|;DiflzXS_b2FH#nEJ1FPU<*W&(^Q}L9`uMACyn-tM+vhDt z?Mc6&_f<$kJ2YIzd=Vc^ze4ai3=P`0k|C_Ls72R=E4XUDv0=D=lV#u!aA%_Fs%bus z)*xRPyG1|esqJUjmgB^efD5>mMbUxc~luh=3^tii0D9gf`f&$;~9oc=qVJB+6P zH#%4L*OcbX|Np?}BtU}O&41%_XL)>%di*50tD zp3iA~RzHn%Ju7W3Hi}_fN&Y8~l=&b|7%}hYHbNsVixPI2c%Q z)dCHyB-{%WA;k~g&A&szi^A{*2WhM>rLxSYw#!Piym&@J@Eeyur@z>KS1Lkf*?y*M zBTF-xgEtE_?jI4JyT;$UsXZ{aV~UHsVAvtnr~_Q$XY;8I%pD=t1SCJ{5~`C#tQO$H z=Sabt=8RwFD^+(WMQqRZmIZNNEn0U+@uB{@g(5RixN38Y41Nuirr*%qa=rTSD-oaF zNJi(AnG9onIhw`xk8(ZEZ`^$SdiSPh_MX@%7a_r5*Nwg(T-{#rtqtASfOjswPNi*c z{D5l@i#_H7%f(mP7hzQnR-3d>&z>*qDjm|Q<8Ha;+IUo*MkaMY9#CnOXXhz7&su%( zZ}yY~80Q&ZaBS1AZBQR#XzK|HfL?>Tw3EPM*DH(0pHE)Sy;7_+F4?Swd^l}^FtSs` zP+LMkm+JZNZU$Bx0U}7|Q2azSV=TfU5iq9WU1)z~<-m;=r&~VR3qrcS8sUKkmJE8$eAs@X%(tG(`Q~Zmk<>jeriJl-iAV@$G zwyH*B`&1D8p4%%#DOj+M3Cqn(j1`9p1_z9Qt$yuvdf}U2D;Mx+7FjEhTN-{#h2W2R zV`?S+@M-ht+w`zWM2o(0L8l?R7caSDpAH@c(8yz>lUY6tP?UIu0kNw@FCv2v?m+!*En^g84eAk& z<}@c`sszEosP&1RB<)8LkHB7eQZ~+ab}#d{A6F(_hYt9ch({j`VpmNpetAd>hc(^y z!JjpXxNt3BJ`ei#q%Sg^GMuEJ|dydVH5=QiPek78{t zPpH1sZw;@drK&EoM38e2Ww(oG;xLGotWfUPWsNK8dlQcH&s~LT) ze>)xcc-*)2(?K)eYbRjYa)|wQr)+Ti{ClVHy7QK$!(>1gui9{2u;H1VYmaVry^7Ge>R=)1zaeDEBJ5=&c(~19-A>6#?ulo^8?Z-Z_T8+F`aT2) z69P}#>7_G)bte@hvn;pm-1EDJR4Mo_`dd*Lacl|ZJ+ri@qDetf^AV2274th8Z_He2 z6FYaCK7mp>(INnjJsK~(^Nj209kbc%0x01hYQ;%hHqaen3y3O%1hR;&!wIdEFUn{V$b zM9GZotiN(a=a2)9<6gLz)@_;gTh+y{!YX5M@Gx2^@kYUdOmvk6S~$C->tB4%lJ74v z_fI+}s!U%~|=6libOVmV89`Qva;XbZBkLbhLbDx&(zC=&`;<(?8NRVf(z zLhrmVYzdyZLo5*arK0iAPijpGRU&fCv>{Pa``rKDZ^xB|Z)ZSH?_V)773!C2(so<5JxS7HF-{X&CcdTnZqTO5x zJ)cvX?vsp7VC|IWM{R(=g9YsmJo?msBhk&<=-}0mJs&pVT7NXjDpv%l6?ALP>o{<% zfHZK9)pP;Phi{j)R1N_OZs@3pW@HN394?qWq~bH`Z*MN{`^1Q4+2bfzkA$zw9ToBx z-^l)%eVVEOV;nFsTi!XkUz=Z#qbv0V5&bMYRH*z%ZZN&KJ**nrwsNi1Z(DbyF!I-q zswy!Taf`+da~Yv)<7?v?i!_1ygFCw$TH=7zBw3pVoVwn&ZsU=-y>a(n)FxU!rC+po zYOt19^)`+iB^y?pG#=g7+ZQ!T;C^NsMKRnU&Xm|aXqN;W^h0k(rn>R(JX<*ea+O7GRmcWtN$JH6NQ9-p2B)Syo-0ES&4TI&jEd z;6c44fe?TC(xL!K0rM$Y?dy@YAQvUz%0@sW!Ar&2StcoN8Vm<}Ioy~PKZ+~55T8Oj zwO;3QV4?ifsG@!iv%brnnj6P$@c(eO&UzF-14jIQI6Tzy0-n~bcj|VqS$&$~Zc+Zj zWH*7)1%mUQD1sL9Q;LtVg`+d-3609m4{(x63PDZ?rT&&?z3I|*zT^ot38w(3DNpoQ z9zJ{ZBVQhlStkpnA7Gv3CTk03cABYVeu&wqk6V5p5aw1CXQqpK{i*aM`E5n(hPakX zskKu(QdgkCPVFb5M|y;^&VE3Bv(4@)%A1K+I@r{;rM#K+ZL*O8c4E+tfYx^>uJ48U zoMhf|g*)!MXm?nEdO5F1<4X(BRx{odkKE8TwP4?E|_5*NYmsaN616-Pag$NbRZyDD)_@(A%TB!PL>l!0|um`2Ve|yv5T$Qjw zsBM4_67u>gKKaOG`p}^>@uX|_^23P6NcpobH|_Q=FpFR%m}E=+BqqSjOE?Z$kCIg} z0fGJkkbftUdleb~jYL-bFOd8TNB&0>lma1S^8dymFZ_c;a<(SCM|bH*rdSS<$~raq zfOko{1K%?TTpN=?=7I7`o*=(x#FC!Kn`DwDoPYl5TxhFHA?bQ^{82d(_xi<^%VN%Gd{F#iCD9VUZ_gCqpm+~(c?eFQ&x@sdE()jiacq?8Z5wOav zx}&#WF6iKOQ>o}Gb^Sdn--jz|PcUDJ0oa4rGUneXcDm6HJA^}1s{*BR+7ZX#`Ut(D z!aJ=I-mShxaFv6{ak*~z9T35|xAqOMQN*qXX*Y^O53pJs;d}}Y*ZH+@PG;dPVas*= zC)T{RNnJShIZH}Tn&TT|0T4a8VQ3~EXpm^-D?^h)DGoZ%3&;UlAww#?s*N^)+KtDV zdIh2>D()bUO#2 z2`c1Q164EmDFOv-x5~G6NjC}-?L8MQ)u9lvMzb3HBQD5kM>B%iw@9D;^VAk+TNvy% zsV87b1Qz)DO8uT~)!uL{0grj(*jQ4J7w9g#`S33NQ2%C8gA+qQrd3t40C;Xj+VRHt zMbF(0qJ;rqu8Kmb+;(I3<4mT?25p{y8I^q|o-fey1gCrUC*>!l=5EXR18lu7KR%Qr zn9tKebQ;RYejBbJ9AFttZ$GXs3Q=lMP+G6U{L*%>HiSI&{=@P#JmT#)d((B_j)1iH zk>gpQ_tEj$tdc+g7l#3_Bn8cIYA~5)7^Ld&%g~YSFZ-NxyQfjpe-3}^I7%>BQV+kC zT$h!}*o{%oe97!&##~AJ>M71n0$$qABp#y`I)8Z({3mnag`bP!@}>1_20Zo#`&32m zVSc;(0Hd6_E}FyfeXGEaqZ09KpH-yI*22XLp7rtPh&b$aZPx5v<-uv8j@;CjEk zQ396NZrd>Y`6_}DECV}m_{EMr=Ma98aN~ELNh8o*g+)^}ri=QOz?;~3Sq{VFrDtvDs5CVhDUEXQJAr;#j)@(w50S!DW~PgkmzE z&{$Vx*7M9q+eDy8A<4OAC}tbjuVLQJHJE-Ac%f;B+=8_fJE~E%k2BqlXp%c8Xlf$r z{xL#C6pi&7XmM1ZaDcIIY+f+7*~c8NB#20zy7blIQ|{f>j&B*1`a?%pv%*028KH$> z37X90rkKp+$sT`ni}E=jIkrd0RRO+l4XmxHh`5MjAdU^IpQ`r#8B2Izq6!vKeQ*na z=EHp6({;@KJUmFVV2TdDy(rL!==b$N6k^j?oYJKi?L!(Ned5B(K8DrorZj<{ZAVC$ zmXaenUed}ruO3~f_Tw9iT9FHdx!JxJqm1It9>4owG(t`RAH3s*)4gCrzj2CSegsE{y}&Zc|I#NY?Woq|4|Q|{D+1z(TxtUtB`+{{}pQNID`JQo)! z-D&tP%I;BHH(t#_ULZo0;&3|zGdtHr(KF4BbVBvv(*|9;nxnm(7^dM0k~nMwCOr+p zLF`AZAFqmf63CZMe45*H32Fv8zA9<;c&%cPn|1Z0D67i}wcH=n@WM>cYRjQyjI_?> z%~9PgZHI}|TLv>>IS$bX;1UdVma53NSN}l4p6z>IXJ4H<_@E9Mvm2HgKB&D`U?w*# zj`NKO&baK9a;u-^ep8dx3iUU|C}mN$5L9fBXdwrdIl%lGwkoC=bS3L*u{WHQGe2;^B1Lx+QkyxBshv`^&$j81;=A^w3Sb?;=% zR{>vdU!-f#59OYZYGT#jKZYzwXf4j^()M6TUQn_NV#B$b=+)O05iEqdYLJ1;hPbo3 z#9w_1N0Af7QyLH2ek(&xw*Ygl_3Z^ZHcQC!evd}JobbPIr7jS#qd{AGE~FquIL#)= zs{eG_Pnl2pn^wlaA~EaSQe4lSaQ&|d?;2BMYNok2#2l~f;pbb=Z9nVsv{_vSR&tcH^o;70*=zl5s8(dCyNeE1o=eM8IrUcQfmg zrpZo+XM6-F$G4`m%{I5)X#uW}nr2+PWL+k_UI^l()Ws7lW`TQyQ;u0}+x6zIMNus! z{DN3Dyx3%>R16{o_xtApe7`dkrm&-PGErA-xLXu4tv-S!-6onqh_w;5oonvZDja_l zBOv#Z7-D@4vQqs-D2L4nbW|yEjGsiV+d-Li!`!s}o=l-$^DY z@>F)~w8|?W>ssWB#-g3=c%Y@sMDkInFCXi6>S1Y`Lh0nAAO3KxAidSQ0Vhe*x?*xl zUB~?S!3z^ccyI5Su_3wImH-6Z*7O7J8yMlz%zSuAQ(E|Vb%ise(b9R)w0A-~^yn3y zAl51<7#WAuX3=dvF}l4Op~_w+3X0~cN>Tt^5|~T z%h4;~%x!`Xr`FWS;zm2VMc42kvn80DpLOr(u8KQSOWBKQBn4#yPrZu}n1am;!Dm?i znarslY6|J3fL3&~Sa>=jdf2&U9)>mFg=(Zg_ zV`@qVtnIqEti2USTyXgixW1tEw@j)G>>GR!2Oni{N=rcsW_{)m|Kru%fag%7_|{V% z!R%f^QNai46*{;q=)p`OF%>PzZwnW)_L`ekyaq9@#D-;O#JGnTtcdYR*B2UCRIUG__<4RQaldLLOG6CzE~mTwJmmsiR0L zogWz|O9f7!!9*WIs*p*36L|AOt_oq{xn&Zt;e^NQX(gCS^@S3>C=ru0H#JsLuR?7g zPEwruk%IOqN8$7f$7aw8Z!?lq4m(toO6s4p%$a}5y?m)ot-Qg*w32*TF1H+&H88&) z2tXt5^p{Wi-MC<LyEm14<438*)sv9vYU;fBz3vo zpZL#!?J}3$+T_2tUAxF*($WEqoW?}Vt~do`!3NeK6J6Y#X$#_ZnNoN3nxELg(Z_52 zdxJ%MeN8Y{0+-LKXdnz{rP|VVYdmf$68gjG?I1 zp+TfgJc=1sVquD+$J2Z406o;q>zrwxV7%UKuw>h+rq!eBTbA$EHUWqR!t<6)_gIl-V2)&TU$T{X(wd#sx;C>UHTjQ@A`1b&2W+(H% z1TcVm_5Zz-|A}BwAOr^cw+MzJ0tGj~sbr1_|6mKzR4JHEFdtyCE@m?58z?H7Eo&CP zUcGMdp$}Pn*`kEIlgk05>WQL1_GKLSv&nl&O91q4$=bI3sq!~DQ*qDdIqt3mU@v_? zT6A}EhR~k-XCjL*aA@g4wlEw@M`Po0DI5XIfo)R-(brefPN9a9R4?=gLTCe}4`Z-Tb#I?>p5v%88 z(C6XMb`>gI!~#Oa683^gUnOu>EeK}fy^<+UK%eFZ$d>&4&;@TPkSoF5+Pn-%D$C)n6hZi?UzPw8-MaKjjn*C|CF_Ty_!R7~f z&C(T#hM)=|0&pA!qC?*KKPCO+5#si43K$l~#H<3`F8JoVpu#=s2|p{W(!@Y2XNb8P zqMQH?T`#b^20C4tMb25QZ}c>Om;VJQXkuq``wM2qTf*vF=NIF@6Y&4&<6Qf(s~Q5! z@iFqu95}QeileUIgG;OQn2Xu;Hr9@!@qqxO(S=rsn2GY@l4$c})IP{LSZ%|zLy@y~f+iRz~UyV#eztAmuOTIxn8| zmxjUx@D+qDpL4&#d66BvcWvlyP_b21C`chd2vmUu*M3XZ@bl|26=PV+<}d^R1<_tl z$EKv@U>AzO)y7Kh;F2uOT(rTO!w)(`#CgunU>2J>8}I+Lbo=Qhz55#747G#ZmI%k< z2i}Dy3E_9}@7(xSec%gvP;+oXd%d@@^EG(6<6FO@^8m{flWmnp><`49p#2nmaJs1d z-M7r}h2HtU<_t|a#0!pRT?BaVUA>FrffnVB3I);fvQ%c8I+(6~5JcVrHRYH|g9&^R z3_+&1sd8sZVELnylnQ#dH81MUPZAQaU<_=3zAL&7tlUhSmYV4=h$O8-Vt7)!c(T!- z@3%(<=9s@3sn9LwP_(F#mVJezRA%bpZNJY+f#dvMkp|{HaVfx3wT2lc{JI6POM}VL zq^TsLg1ozQ5ZO@hT^vak4l?asakYd)YoJK(?=A~c1;*dbBS7rejn3m`aA=n@6{KVZ z22w|p%rPHyhFR8K?{<7Smss!M z1Pd^IO#*}l@g5-WxyjP#3ZVAo{dyp6MEiY4(Q!2a&=B`2j=X00=XpWL2X_!Fv9QU6 zT~7sn)|h@>M_DmA3g&eFvbew!^{Uc4=tDin1bmxli{#X;;_PBx)Mn4a=userZ{`j%+zHuGuxyXl&c-77m*Gmg?Qa^qAFm^QMYrU1D*uqtdUU#54?mODyx)lJV zmgt`!4po+N&DE(B;`ipDMd%cB@mR>|U8YkPwLpXTBJw3+?#u6^w*6|b;xz$xg0O_mG zcWu{zy6^PK8#i6N=V>^R&HMIa6q2x>=W>7uFnard@6WMyOKbMkn+^)@uU*XoYV3bc zG!41782EN;e1~vo*A8xt%!QD;Drpw96>?eK% z0A)n>5ztaAT68);@erKH=RT<2`A!hZVvv5o`NE+gj-v}w_tHIv8n*pDd#FFi-SCCXU%)P_Kre{?YyGC=^5aV3;i=V>2i3 zST!$8(j~;7W<7}K?$)0olNLExML>%-=PY5Rq(2`rMUjuU^$opdM;1R-oM?C! zQdifYAVrtmOo%yZLFI^Oqp>?ci7GlbE)+7oo*(M396-TYdsKs(Y++O2;X5hBEU?Of7xGJTOZe66-T$6$+Wbo6W8j4CWXNn3J0 zI{Gjv9IImN4@2ArG(0qJ;5f&)LeEEUW3^cR(hF#jUMgI`0?rF`GdB4_Vk+s5bhb)P zOq_<^6?>*ja^iya5)dOv?I^8Lq8-J7A;$so`9j1-9A zWkUTn=7C$W{;ckg)igpZ^!qo9E&0Zls_-{*3u2wxVY=&6^f3N+eA+?15bY^xJ&S3` zstgnRp%Tzn2!DCZtT|$<{J82ZH0*${vRJcB#zvEP)BPG&hf9sh!EFr((~6iFlZRfg zWAX^DbvD|h?S`s~%Sy+QdrGxTJ-}z(!c**a_3me6qRhtW=E*oe@yF+t_tJ6UCd!&t zYs#)t)AbKm-VP-0AfN6ltY`|Bm{NysJT&y4;^`m1c+&ixFN^v6V&!N~Qnn+cN&y|h zy@#U+DF2^LNYBs5-sM9Vp`XrMre1fBF+x(dvv~T|m7t5)AUuj1m24Enp2F|t zf&hJlThs&^ygT)%d-9wdT}qaAduu_^<(+J?_@6AttDV_x++jxj&n&g!Zqg?*ScC<< zKeclrs@W_&OaEI-o+=vKP!#G}>8U5DKDOi=tNn0mS&AyZ8GmdT-=mm(GZz+cX+#Dp z$7h83gulwa`dkP^@7Tn#QpN0rTtqIAfOhojxm8=;AQ5(pu>+D-^=HNF?&|I<2@%G{ zsiYqjLFV?`J3b3qfA9Fhfj?*IOwo<5D0F_;va~H-W(gwvMRlL^D$vo) z%{x=w9(^}E-*=13MW|i-c6!tWs{E7;YbH&&KJZ`?g6R)ZcU-7;A3wD)BfC>?0T7l? zr>yA>tY|w*Z(MChtV93;zK$iF7R)Gp4KxyzNb*L}Pxil`_qq9M7n%t{azB&{l{Cc*_oZsI1(8$_e} zNB5SXe4-Sr zP?QAloB+2w6x~1OpxA~8{R9uKU|{F%&a^8XX#A}cH@Hhn;<+@P4$~ymkPu0Kl~}c2 z*iieY_2|Z8=A9o~06A>kj5NbN=JvjQ-X{=gx3{Ys-w5rbLCl}s6_SM&xh+nHRL+3oe*y11UK&qecm_+>3k<`uAHcY*v8$J? z_Tu)YW{O>Mbjf#~d2XbFO?X5OVAqpnWZ>3omx1NwZ`H?d-N8gq>c+*lSg$*}3w>!n}ekYuChDcxEoq;To&w4#(*qxaXbqF42&Yy0a?3gsu;F$=qcBLf>0GQLeb zc9Ro(E`Bxh3h0{%MY(F~WcJ>yCL9J|tG_I94`SH7~aT zFWp%b-Y9irEQ>6rx*IjoAAFh6BS*0}fgx8>ecOg%!^laeGpxpygLZD$u9FIAD;6&^ zw=HG5hI)dIcQpb=mM=JNv1%vpczS7Z;)&L-*j$BPR-)xO8zW-mYdn7;jNi+O5&vK$gc)4XzoAS*iC*BeUMyIg4#RQrQ$8Aqay)F%^-0mg!a zQ1jv>-=4b$rA2C5Z%5y@$1vs#vRXOLIun^HwY}jH=zH#tUk7GRoB{?vF7{w)LST(#HoL<~ zhG*IO0;F55vosZW87#pUON{3V`o?|6YNsSaG~0`d&4yE^mbNUp2zZE!t1}`pkW1SlgNR1yPH%=DcyINoiMPDLFLvxYvgv}Bq z5W4#gj`*D2w(W1=Z$JoD@4l*&YAQW5HFuhPiSmbr!5?QuZnnNZ-8 z9nng6(K8LgmEdbz>h`m6DO7nW=#`u>Zs{u<~$^9^-Z38CDRhZ&28MiBp~Q3 zUp&k1L$1n1XAUG`_G5^v)8CMXzei_&eb1X*XNFhe#kQDJG4X+EWq-os zrH)YUl%Rfp6b5o);nxS|9Ja-|e@=~kG*E88;DSI6H#Me)Rg!&eKE%nSiX1bfB%v7l zwR4`rX3~1=nVhjVheu-G?+Fhe23*j8d$(w9}?gV`hh=&a#J-bEKVZJ=cxft7_#+76#{j`*@{P~UCa zamMuNx21r42Da-8T>);pkn@5AEH3x)Ed4H-?`6#}6?czlavM>m3b}|IA(luVtG%J_ zJzo1&tx%m6h&=GF0HZ7{Y84X84*J_(MiY)o^F428OU<0kOeGDvfGARsz9GdK&-klZTcsXMY{NA z_kv09yjOD_we+*iCOS-9>S|^#1;h8Xpv43!dSV5gGZOB4$z?&$f%0hTu(27G*275C z$3?3DuB&i{D#9WqWZt@7fqxaFOgOw*_!&P|h~A7L>k83d&N~0(yO4*oG$nayoc!s2 z9e`DMbFb$L-sO)MQ!u|{WZHCBcZ+8R(OtSfa9t+ZJJ4iijT6|eh8XaLk6iL=n7b3pB1u!U}vvOBpx;rcenQN`&fP>bHBc~o3v^D&10eGYj1df!G)6A z3RKB;Sw;kJOVRJsqYTjwyXu7y8+*k9zuN+I?bh0v5KnqyiO^H(~l&M4TsXC zQ%qgXtq+~*=YOEQClW0SJ+Q3}Cc8KsWrFFU@0#n=U=6=^?n&SCUgH6Rv~s^Yg321< zRz=7c30V~$Rd9QD_RfbJxIUK`rz@p#;9MV9Us|(l;B0vcK8+P_>CBvV&oZRma{!{? zw9;(cO%CkmWs$sjM&@R?syxNPO=e}sRax6)&>vtJ)I%uIyU5*hfdAsnpM~n*__dL? zE{HNak16*H+6LSkNi0*AmAd$7>i#ku8)@UsUUin)cU4395m|jdCWZOf)lRG?bALIw zf-7XjiJ=o_Eqf$|ZI`qRgskrN15NcW4;;y4F9hZFr^zwMi}ul=R2KHZ0gk6xHE+a{gmjuezO4+*5A5|A;?cpF5RR_x&fMa%moMeH5dokoAIAejH<2gfBEv0CJXvMQOeF z{W!Xnww10QCk!B&?xi>Jh8IsCt~HxJlVGQIi#)w)|EKuHy#vvWbqCP5MPOy|&N(N= zc)?Nz=)r^Oj;Dohe}A{u*vI}k!E`Xb%fs#TCy(cuwCR}G!L1YlaquZrmm*uN$ANWs z>C~Aa*D!CX>kHpslfbKd&Y_<0p_`{wO#Vlv*+JE zzyE3fj-Q+-@>zdwYM*Q$k$S~X!MFWufr;X6oB8YbYk`@N?OSu?)&DC0zQDltyEps? z?AIRY=dCXaf5U#zyGQ*%oaULNB?aHy58;=_9%QY@{J0}Q-~^82yk*?0R)|fHhSSc= zzIQGuk+7;i-)*~%zbM!`zx^Sc9yfFx5}0LU)93dj2Nkn=QJ_m@Z#2}y=v&*^}V2?LWWm| zu|dTna=A{DfF^Sq=$r|KV-ZqH2JrKnfBY!)+i5Sdp9%lkX@!g`50`UUNvBuM+Z=os zy|+K%hsua4iRd15eAq)f*-!{6D;;a(Fp;GlxMG*K9q@fu$>Ky?yf8oPLdBio{VHOx z8TUhZxqD5}-xqc=gwDKzH7J_|&RbU;LZY*89)nao0u<$w0ei@r&JnTV_29Y;#Rsmd zyyUSY%OY_0XWtLYha+E@E3r=LW}~F0-l(YL<<_^&PSoO>ko*vA^>+ywsvJN5Ws3L` zJwua4y6S$|p8pAxRbTVysLs&&$lsU?!-L~@ja9a2N@zpZqaw-@p+W3VMzP?P4=^BoS0ozg;ZqxrZ&(+>lC>{UHx+=IvkM@@pef`XH`t615|T*WEEYT)S0%e1m{ZU!%H zRI?^wj+*35$fETE&O20*`y0E}zQceY$q9(U&_av?RRc$fo|C&wWRh@5$8{q=dH*}v z#H1S1DwoE7L?L!lnJZ~r9eU4da1e4s=kn*u@W|v=kWP5ditGtIy6IQjN2^i;T;BDh zR-npk@Y?B4B+knbef^GmWg|Iobp1+^3E!EbKv}+x1Y6uDO3+*y>-y#h{>|~7W+l~@ z_}9zVF>ChV?et#NPy@aXa|XAVh@&rw-@6x$dxjWOqc6*p%8{&J+&OSsPli=z+MZL% z9`Bd~%-kZK#njfi;PuCPvVA_k4vnoz7z6chyG{BI9B+8C*8u(b^Uj;!{vad5ALA6V zWc&km@kpn7?xk4er+{?CQN$lN!%-_H^fTlYRq|Y;VZNIt=-pyi-V-BuIVVf0oYP_4 z^cg#RywT_6EtMH>UzJmaK4n%1WX^XLy}7X0`P`D!<*!y?)?MzbI#if{-m#BQ-bNCb zNtCn)m7rejP;!==yQyt3d}C^`>S?B?vP|2S?P(YCL8;1U33gb##7*YqR9IQuXZ>9C z>qT$lXkMPffNfOXOU_`B9&%>`OAJn!4)0uKjk3HM(lz3m8RR%5Zo`K8^9=DQ#snip zW6LCDewh6;&b^L!#QppfUaob)y&s@{m{k=2q2U{)prf}RNk$r2PVN?nZ9d&ReKiIX zQUFSh@h@xh8AgE*A9>!#lepS#=B0Am z_(4(ufCxx?&rI%~W%w3-Dg`IJ#5ged#^kJU z4D6RPXWoSSIZKAkRS}*XDa?_)_fQeT4}j3#X8a%pLl6N9a;M~jSa69fDoH>?_S{?E z4t+A6kJrmkkg1@OqC^gAzp*Sy0W@nvz$%dFQcW-rRzaDL%waeQ@e}!7gM0dv31Bd3 z1rGA)5+jpVKm&NZa(W6U`VASu z906522OJ2nFC;(fk}U)|_`$;#l}&rATum*VC8WAUx61O;)rJ=*n-AJ{CC}JXNeBx? z(H?~BSs=LuZ)L73@}zODIt{WZs^_z;#Mh@%CIV6+<`KF*ef+Dj1Tg8>k{a(;q8-U4 zV3e*m!fK?ZB;dOeu!@bj%X=&`6Q&@_r~>HB@u1vk>p4p)b}b)B;1-|6=C{#$D+LKp z*WJeikd-TGe6(Cs88AnzAnk5H#D%`|LStZ0PJ_-+HKk|=2-Bl3x*0NE=r4p~09ol8 zboq)?Za2zBvT<}i@$iQ)bs=To#cRrjzvi#3%S^Jn0-OPhm;ho@{4!=g>gh{j2cZi> ztKkiaJC;(|OO3Nf)@N9$0sBR?L}7GNs8pOfD(2pO<wGVQhZHp z^=_4MniV@>fVXQhP>?n!zCl}pok<8m9UhUHdVkl+FU4v}0Tgtam#1ywN&3b}5aD_L zFyZMkfPa{;GhrzKrt$?=7}|~GUnUU>s_ADfx+Ol{srnGajs#vSpy=%Zu1I!ojp5^E zv%A|PxF97G_12grjk z!#6a`Tsd=db3!P)OCZH_Szy9#&{Bd-1^AA_f?SU`-s*JLKm}Z^l%S$Ejr#0hpR%B1 z+ZJ*(b^^c~%Ghq^G1}nC*w!exi9m&KxWU;FYxR&AA*?UENH@YXBgiddXM3mJ(o>w* zY8}aY!cE3_>d}Z=skxpeazEtkp69LF4`M4B6`c~a1A2#>g+8qDiMpwbhPcE62qTND z@O>O#s35aka?hyKEx6dRsE>o6POGc@!R0|@Y$E!dbbAN21jrH4LYle98zWku^~+RA zS}hgkuD0WtstYdX?pNWd_ou+DaFUC#RWSgi4p>)yn^b*!PE#}NTEojE@FM);IAEx} zioVhLIcydP5n=~vMB^k_?&$zS(v@&MLg2`rFSsVIY2)tb$iDU}K@;!Ve4TVzJYKX# zz@t}-RJ_E%U(lkk8){$HL#6MGB+c6&j2F3-SEUF3S;KIJ7T!4CT2?u-?T$}T%I3G{ zrJo8sf2PvoP2Vs+N4TEQy)#fHRWZjEp{_*R%sBE@d9H}@i|V>zVtM{2+zawS0^fOW zaL_?2NIt(v0W8}k-W2sLtDh->y-oW6`Z&|KBoj4^%c{J15;x2xx1%Ude1nATK`9_G`T zFEf9`^IX6Cxvu-ZALbPxBmSYwl27k1|$>zI2eGPs7(qat&2vnrL#5 zB#@$B;>`2diE2%zR&U!jDQRT$A615+W_;4Q$GqQq2o^F_O|I~x2FJbUj-A!|ytMHF zUt@&uLkxc2uZ)X>l_KV@_CDi;$-rXoZOEG{iV-HukN(7_%TUY|{r}|tvzJ>G^tbG9 z{Y&m=BV-kH0=B4#K8<>mQ2eo)eBiv^#~@OwpMS2}M^l*mgSE;VxuH4l5;8H>_Q0 z5QSE|fCAkCXtlSUb^Ra&6Ku6$=GFnj+^aGd>#+xe20)3#IX~(%DytQ&x1Ei9&Jgvn zb^(cHJmuPC!ao1)$b&-y1rmX-Fm2G9@SKUp3zDIIMjRb3-;ostiSSv|=me&l3W-Mi zoQK1gcpIc{lgyW?LjZ$Qbh+?=$80=p7xo<| zmK{h7G$?roJ-wWw!@0M_wA|w!VV^;rh#X*wUJs7>kmTTXpz7ED49>|Tr_-PRgbQCs zi?GdbFZK;(+ZUymU%4r>gR*{&ZFnf#Ht1Q(mbKlpGSEVwXiC5t6=*J>Fu63b zsx^TE+t2D+eM8WR(>kIwLG~OnsS-7~!oT21cQ3SM?{z&~*CKC#et4yp3N+@2e7h5~ zM-|h|?>2Y7q%#Jnb=`&ac0??=<$74&VWnnDcils+WR{&a4f^(?8K4fYYZT^8T01>R z{Vi;(J9|7-rOh>fHw}doj1dLF<}BH#D=T21jS;7gQf9+*`ZsoH%-^QBL9eqs1HywL zg1bJn#NuyIa4H!AAo;hnm+*-Wy*(;M{fc*Nre>^%{_p)?VS|mT!{SdmL?%jdahxup9 zpjpj77yE8alM@laR2No$-amB`cNY5I=obj2tTT_wYXGqSQB7g#@!N|uH%%K9?M0lY zA8{oy#JJOfpWGs$sp_%9<-%(T(w+rN9z8ZiFQ*>`QEiSZO6@c7)b$=KGEn}zgy}e_k5ji?z`Hq>-%Kd4_4p<{hC#Z?P*%joOY&+Wz2(@K4ny&Bm5Htk6ff zrMD{KGOgLt#>d3)ag278%RQ;MbukvB+-1Mg*1{mEJ#A5jlsO6s^dX6$A&)!HTMJ2W z+YTNDdOk@AmQ+Pi%D5C>^H4dIiK>0Rh<`bq3;B6t^`h6bRX5wHK_^y|u*KUW<guvo=ASAwfq86( zu=jhsE$~%{v5HTdqrI+?tP(mPtx1@{ahj|Zk>OK3$H91qqljUrQc?O2ZkaOi6NTJA zF7`ZkEa2?1<;Ddv-dLcD_8>SDjU?Vtp$)k;+~4`QzVbu0qs#r?kvBUe{wqld*#GL+ ZqQTyH8a&V?Vz{{s85B B5rqH% diff --git a/tests/cfgs/default/pcap/socks-http-example.pcap b/tests/cfgs/default/pcap/socks.pcap similarity index 52% rename from tests/cfgs/default/pcap/socks-http-example.pcap rename to tests/cfgs/default/pcap/socks.pcap index 1b82f6032d975f3e6b1b6004e7726bd7d980cbdb..c32adb15c60a8478f14a6370ff8368af0c171cf6 100644 GIT binary patch literal 12736 zcmeHN4{#e-nO`T4T}0e*N=b6LY5byt)``7ZNw)q(mQrwIBq=HwWSGuuN1en+$L^J zPG|GP<8XN#PTuF`<1|fGS>l?x32vOKaVm)!(s`?_QY|5>v)f6p!|Cvn&JkHBIb%N~ zO0!~|#)zmHXL;8>G@o(ZlZ|H6de-f9IN`#3G8xge9nd)r$AaUyw)lHx#n^9w<7sHP zUHfJ;NBFMgFzjRFxDRnnP29VOp4zx{6*t6j&c$c?xqDg;OxeH~v^6bs;x+fvSF3n! zW=%i$R17+s*F~C|n%5Y1t@f`y!dL7w%iQ%JU*2@au%8<1=i)72c@b?R#>8tabbiaH z{{t|z%r%5t`Wo7AezV&Cod^#bj{l)Yoy$Sk$5u1`&c*Mt@!w$?zXlkuM%o82oOyxW z20zdyj@@kg$ZEE`7GGetZ>ej0^WcSVKFe|IFa>pO+nakT|SM`{m?%S)EHyb5v2 zMK-Ver1fdAji$@ClkCWd$<)2R<(uIcTTM(ti{E484q3*XgP8mDDfn9NJ@%}aEM{e@1=>razFHAGiHt{zwXqn%#Sk`KYj>)+y{RA`}0%G4>q^B z$TXNh`#)k)Gkp2QvC#4}aE#6BOVgJZUq)a4@)?US_kk~OfiEx5?c%tRp-Cc;(aFh( z;BvUyY@>>%2S~MZZMIu9s`3M{GU42~GA}2Sq5#Vkmt{Jp%xPrzB(C5-qUHi_II*3K zP-#{X+)kGh{=3L9EZ-R=FW|{G+khm|44BesUKbL2D%mY&GD%qyby-OZdF<)RTYFQ< zzWpJmV`ujcVF%mumkjY^Vmh9M2S9+R3a={Ns$yKwP1AflFYL1&ciF;F zT2f+iIvybLc{$TfVss`c>a@*vlcLPZU^udGXgIWMFqF4!fyr@GUtp~2Xu@lt?HePT--&$vM;uqmF6nW)$*_`5$J%UTiV^JqN$7eeAPA|EA-G;&1E>n<|MgxUfx>~cCUh%}brZLr9~TQe%;R3->Ir!K0hfo2j8FEFjHo9< zLLZ4KDN#;`OwWQoG72HxlTH@eY>}QwfZP-b*(VdSM&N&1(TPZ)n`9K2@r7+xU zfM<%JWiuH?)df+KAZfZLMCG&~rnNb$Ix>YD6Uh)wUvC_TTppL#<0CVQN>YkSiJYEM z9QHQbAS5I}CbJZL@siz2j({&cRlZ;z)Ere|?$2p#g0kd|(R5r-1c=)MnYxX?ZDN9t zsES^iyRg_(N{oi0Nky8)3x-uOMfp7$oZ4D|Obm<X&4E!ph!4b z{LaAstSsTg4~|ZbkA;JyLj!~1V2bJ@iw95Pd@f{{V0z(X(qS^$N%1ITugt2_q{`|u zyx$(S1t)h+jtzxzvX3h{8Vd?WM^G>jKCox-cDQQPWxfQCY?BEJ>6Ef5fFlXu5-Ggh z791d>xccq?+e#5rnZAar#U4&jl?H`@ume06*dSm;=y{tB*Sod8O8JpW4YYEP&c&aw zI_0l^wzqGb-*W81Nc%wGG>^{@-0IctZ*=mn2jLtxYu(^Fm;N4Y-+XUf+Z(`kH@gjf z)U*B7Lqf&2wRU%2cL|?Y>wMMEt78ws^J-J1{hi3WHm+uS{QgyKzs+oW>)PG`w%@y& z?MtWKm2ua^d+9kA6Uh>jO%U(HEZ$vK+nHj=Vc=nr*AEWwhGT5pd(>xt`YPA)!Iizw zGoIJ~tgWBxZ@J-N+sRL#g7))s*ERdUbkXrsy!iN z5YHj21f~fM=T3>^Al}G@gTsFgeb@{n1C`-H(h=`J{|>Pbv)O;{x?{n+Jb-!W*fsvc z&jURM-g>fm%~iJO)LT7>2iUC!24VrRWgBA2fb{`5!dBy3Z_7r+dd=$FCBXA8w3DuD zP6M$m`h-}9ZL2?fe|&Jb%-O8*3w>Wij14zh;%8uNCSB*6e+tnCWPHJYKQdUh0K8G9h9O=yay;I&^9?2u+ zW1>1Ir(JGjpGi4tzHm>5rY9!G1YnO2e}T-yX<)l62AeO@!T53AF!d%?|b*X!#@U@fz7(c*1deZ8GZKr%96wImo5tT!#tT+zgEs+5OO$G=4fuG zlkB;nu(v2Je$U`a#^}Y0qim|Ybz!ubHJxRkuMxMzaBW^*#=(QP_ zF!oU*6n2AA5TST~4K*o^r6Dyb6W)53(!iHO_MA-TkmZ@E&72$qZW*IFS)x2U=mtI~ z>#~^SHAzg;kjq{kl%^Mwl;8-8oJi6%AVKJGREZVHhuJPWgtsJd73n_@3=G5hXERRt z=k6B@*PLl~L*W?-7}Gh#|k7GS>M>LL@sL+#zfK1!20s)LjxyJ?m} zPr0L;45;8iH__ly9t5R4Q$b-P_z3$MlXIp)Gxr0;>vU%FmCH-x^w1O$v$|3_Qy#9T z>V{|?-)BttQALe`#8t(ZoQ2iqqAA0qF(fgNl+&}_L=5C)P1fN>(}&9;D}}Ph-|P3A zEFwSUV^mU9rfLJg{L|EIv_C~-vPe2{4Hv!ip_kiD#w{6altr^A#)$FC>Of*o5vDp~ zc%l?frzM(r&Jr5aG{Cdvc$Y(ly~ZGnpFx35(J=M{@lCMxXbYliuu5T&#nqK?)htcu zVsQ>;!c0FIS_@?q)pRkMl(hupLRUzXlB@>1D1YGP1Uxe^>NyHxjy=>tdZo+MUUQJ! zl`QyNz?+B;%FLK}?16w+mhYOA^@NhuQQ3lJNm1b49@YRX1Lpd7J=B78(1*=h3%G9` zU&reCd#h_f^mSGXHgofD{HnSZzw zp)wb_U)RInr4hf2h3M2}u@b+(Ko?;{K6eB#P*yQ%WzEs}-~?hk9;%B09QHD(2{Q(2 z3^3Nj;d`~>>SHg8ImEQCrMbU0`ByUs3B2zH|Ly?nl3v4D@({~u)Ep;XGqAz8D8{kk zpIH+=u=~U+`63a9v9~S;XpS9kmN5=9j60UUjMvuJ9Nz(~#`${1iCAp~ODw0sClBW9 z$Um23`55?gxZ;obnY(GviB&Ym(llc1c&aW2jqu}WOcy5{8ciB)tB*@qa<{bM7H|N6Hw#!(irN)};_^#+`7+vgr>5`SJ8yFi1 zcWB$MgYl7=38R)POfs%;OLgvENkZ=4UI1P551%XN?h{bQpQ!K0r_2~u&fL4D12N7m zT4MD!#3}_mk2};+<;N!~7#ZNmxFIip*K@5SjlZ45SUx^BT*l~V_V?ZJGcVqay5>8N zTXoG!9M3h@HIJNb9l`G=*lM&q=v4Hn>f1>N-}>NI!1ST6DQqz5n(3?eZ``^PZ>(#+ z09cLZ+5_)Lth+vH@y!Q#9mtcH;8tUS6#-ej2{Wm@(F^!9Scr`z_GSbNaqBCSPji+kq6~+#Lj*l7_*!bwJ$uP{S<$cX7T= zU#()yD!!O8uKK6ekwL)4R+Ag=fi%O|Sr-E|%=b$griihw?mLHT0HbkE{&WjsyzrnU zUVY%pHkOmVs(8WsA{;-)%B;ogXIn?cpbuM3PQo8&99tT%ivc!B1>8u{+(#-lcr=+jTKElO1Dn zHOB9+?lWsL?Tyxv#^0I_WH7F=hb%elf*ihtx{tWaIV?a9@BUqCGEean&~NdrsdVcV zO?E|-UHR5@V$+)X8$qPXn(oy&pGomrWN|!#H^zV)zc##Q;rq zYW~;3Sh{G!uyV2911e(N?W@k+(J18Z`~qmQ^Y4^%HxG3@UExP&KmNsxQKQN3V;Iwj aaSCzH8G7kF#7Y7V#+}Mn`2k*`?f(J0E(?qR delta 768 zcmXw%&ns+U9L5hhM$MdIikb0Fblp2YV>lvBNUU_voOF^aC9_dhl5CVxld`p#cOhkg zzhFXH4r4=7lDKY?bi3PIb0ej=-{iz1B$2BuBm$t`55 z$z*U<0h4|OTE-}`<5x!{ArNm3m~~Th=@mm)JFW!=87$Njz>az_!eAW$BblISU?fLi zn)aOLJx_ub$CiDV^9VWAteQ8@xJbyo<`gF`0Z`->DiJs*fPI%lkrSzla>raqB@Tb- z+Ce^4(%C*D#mnEe6&Sn$hj6D)i>37l0MS8Y82PW*x09zO~E1DOQ<1E}l;ak}nVI1m`lm}>a00*Ymj4WfW9 N8|_w!9Kd3?^&d?n1uFmm diff --git a/tests/cfgs/default/result/rdp3.pcap.out b/tests/cfgs/default/result/edonkey.pcap.out similarity index 50% rename from tests/cfgs/default/result/rdp3.pcap.out rename to tests/cfgs/default/result/edonkey.pcap.out index 45e160b0010..34d7e949574 100644 --- a/tests/cfgs/default/result/rdp3.pcap.out +++ b/tests/cfgs/default/result/edonkey.pcap.out @@ -1,8 +1,8 @@ Guessed flow protos: 0 -DPI Packets (UDP): 2 (2.00 pkts/flow) +DPI Packets (TCP): 5 (5.00 pkts/flow) Confidence DPI : 1 (flows) -Num dissector calls: 112 (112.00 diss/flow) +Num dissector calls: 120 (120.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -17,9 +17,9 @@ Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) Patricia risk mask: 0/0 (search/found) -Patricia risk: 0/0 (search/found) +Patricia risk: 2/0 (search/found) Patricia protocols: 2/0 (search/found) -RDP 6 5028 1 +eDonkey 17 2016 1 - 1 UDP 192.168.122.181:54759 <-> 192.168.122.2:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/2694 bytes <-> 2 pkts/2334 bytes][Goodput ratio: 94/96][1.76 sec][bytes ratio: 0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1649 550/1649 1011/1649 418/0][Pkt Len c2s/s2c min/avg/max/stddev: 184/1060 674/1167 1274/1274 494/107][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (OKBI.HARDENING.COM)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] + 1 TCP 201.15.177.227:1754 <-> 135.192.214.240:7551 [proto: 36/eDonkey][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Download/7][6 pkts/598 bytes <-> 11 pkts/1418 bytes][Goodput ratio: 41/56][57.40 sec][bytes ratio: -0.407 (Download)][IAT c2s/s2c min/avg/max/stddev: 5/91 5347/4749 12107/12106 5400/4962][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 100/129 178/186 55/63][Risk: ** Unsafe Protocol **][Risk Score: 10][PLAIN TEXT (VeryCD)][Plen Bins: 0,0,0,25,75,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rdp2.pcap.out b/tests/cfgs/default/result/rdp2.pcap.out index 21e3158b2fa..b10098491f8 100644 --- a/tests/cfgs/default/result/rdp2.pcap.out +++ b/tests/cfgs/default/result/rdp2.pcap.out @@ -1,8 +1,8 @@ Guessed flow protos: 0 -DPI Packets (UDP): 6 (3.00 pkts/flow) -Confidence DPI : 2 (flows) -Num dissector calls: 261 (130.50 diss/flow) +DPI Packets (UDP): 8 (2.67 pkts/flow) +Confidence DPI : 3 (flows) +Num dissector calls: 373 (124.33 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -18,9 +18,10 @@ Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) -Patricia protocols: 4/0 (search/found) +Patricia protocols: 6/0 (search/found) -RDP 33 6343 2 +RDP 39 11371 3 - 1 UDP 10.50.181.210:60355 <-> 10.50.73.36:3389 [VLAN: 1108][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/1907 bytes <-> 3 pkts/1468 bytes][Goodput ratio: 90/90][0.13 sec][bytes ratio: 0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/7 41/48 80/90 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 199/64 477/489 1278/1278 463/558][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (drcsalgfc)][Plen Bins: 14,0,14,0,28,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0] - 2 UDP 10.8.37.100:51652 <-> 10.100.2.87:3389 [VLAN: 1308][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][12 pkts/1418 bytes <-> 14 pkts/1550 bytes][Goodput ratio: 60/58][0.73 sec][bytes ratio: -0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 80/65 428/261 140/94][Pkt Len c2s/s2c min/avg/max/stddev: 64/60 118/111 384/148 82/26][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][Plen Bins: 19,46,19,11,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 192.168.122.181:54759 <-> 192.168.122.2:3389 [proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/2694 bytes <-> 2 pkts/2334 bytes][Goodput ratio: 94/96][1.76 sec][bytes ratio: 0.072 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1649 550/1649 1011/1649 418/0][Pkt Len c2s/s2c min/avg/max/stddev: 184/1060 674/1167 1274/1274 494/107][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (OKBI.HARDENING.COM)][Plen Bins: 0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0] + 2 UDP 10.50.181.210:60355 <-> 10.50.73.36:3389 [VLAN: 1108][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 2][cat: RemoteAccess/12][4 pkts/1907 bytes <-> 3 pkts/1468 bytes][Goodput ratio: 90/90][0.13 sec][bytes ratio: 0.130 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 4/7 41/48 80/90 31/42][Pkt Len c2s/s2c min/avg/max/stddev: 199/64 477/489 1278/1278 463/558][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][PLAIN TEXT (drcsalgfc)][Plen Bins: 14,0,14,0,28,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,28,0,0,0,0,0,0,0,0,0] + 3 UDP 10.8.37.100:51652 <-> 10.100.2.87:3389 [VLAN: 1308][proto: 88/RDP][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 4][cat: RemoteAccess/12][12 pkts/1418 bytes <-> 14 pkts/1550 bytes][Goodput ratio: 60/58][0.73 sec][bytes ratio: -0.044 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 80/65 428/261 140/94][Pkt Len c2s/s2c min/avg/max/stddev: 64/60 118/111 384/148 82/26][Risk: ** Desktop/File Sharing **][Risk Score: 10][Risk Info: Found RDP][Plen Bins: 19,46,19,11,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/rtp.pcapng.out b/tests/cfgs/default/result/rtp.pcapng.out index 8a0774a4e05..2010f0fda8c 100644 --- a/tests/cfgs/default/result/rtp.pcapng.out +++ b/tests/cfgs/default/result/rtp.pcapng.out @@ -1,8 +1,8 @@ Guessed flow protos: 0 -DPI Packets (UDP): 6 (3.00 pkts/flow) -Confidence DPI : 2 (flows) -Num dissector calls: 278 (139.00 diss/flow) +DPI Packets (UDP): 9 (3.00 pkts/flow) +Confidence DPI : 3 (flows) +Num dissector calls: 408 (136.00 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) @@ -16,12 +16,13 @@ Automa domain: 0/0 (search/found) Automa tls cert: 0/0 (search/found) Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) -Patricia risk mask: 2/0 (search/found) +Patricia risk mask: 4/0 (search/found) Patricia risk: 2/0 (search/found) -Patricia protocols: 4/0 (search/found) +Patricia protocols: 6/0 (search/found) Discord 30 16092 1 -RTP 30 2181 1 +RTP 45 20619 2 - 1 UDP 150.219.118.19:54234 <-> 192.113.193.227:50003 [proto: 58/Discord][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Collaborative/15][11 pkts/1455 bytes <-> 19 pkts/14637 bytes][Goodput ratio: 68/95][0.14 sec][Client IP: 85.154.2.145][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 36/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/116 132/770 207/1146 54/475][PLAIN TEXT (85.154.2.145)][Plen Bins: 0,20,6,20,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,13,0,0,0,0,0,0,0,0,0,0,0,0,0] - 2 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + 1 UDP 10.204.220.71:6000 -> 10.204.220.171:6000 [proto: 87/RTP][IP: 0/Unknown][Stream Content: Video][ClearText][Confidence: DPI][DPI packets: 3][cat: Media/1][15 pkts/18438 bytes -> 0 pkts/0 bytes][Goodput ratio: 97/0][0.34 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/0 25/0 77/0 31/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/0 1229/0 1486/0 467/0][Plen Bins: 6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,6,0,0,0,0,0,0,0,0,0,6,0,0,0,68,0,0] + 2 UDP 150.219.118.19:54234 <-> 192.113.193.227:50003 [proto: 58/Discord][IP: 0/Unknown][Encrypted][Confidence: DPI][DPI packets: 2][cat: Collaborative/15][11 pkts/1455 bytes <-> 19 pkts/14637 bytes][Goodput ratio: 68/95][0.14 sec][Client IP: 85.154.2.145][bytes ratio: -0.819 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 13/6 36/29 11/11][Pkt Len c2s/s2c min/avg/max/stddev: 85/116 132/770 207/1146 54/475][PLAIN TEXT (85.154.2.145)][Plen Bins: 0,20,6,20,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,13,0,0,0,0,0,0,0,0,0,0,0,0,0] + 3 UDP 10.140.67.167:55402 -> 148.153.85.97:6008 [VLAN: 1508][proto: 87/RTP][IP: 0/Unknown][Stream Content: Audio][ClearText][Confidence: DPI][DPI packets: 4][cat: Media/1][30 pkts/2181 bytes -> 0 pkts/0 bytes][Goodput ratio: 37/0][0.82 sec][bytes ratio: 1.000 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 29/0 118/0 35/0][Pkt Len c2s/s2c min/avg/max/stddev: 62/0 73/0 106/0 12/0][Plen Bins: 80,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] diff --git a/tests/cfgs/default/result/socks-http-example.pcap.out b/tests/cfgs/default/result/socks.pcap.out similarity index 56% rename from tests/cfgs/default/result/socks-http-example.pcap.out rename to tests/cfgs/default/result/socks.pcap.out index be1502abe4b..2955b58980e 100644 --- a/tests/cfgs/default/result/socks-http-example.pcap.out +++ b/tests/cfgs/default/result/socks.pcap.out @@ -1,15 +1,14 @@ -Guessed flow protos: 1 +Guessed flow protos: 0 -DPI Packets (TCP): 29 (9.67 pkts/flow) -Confidence Match by port : 1 (flows) -Confidence DPI : 2 (flows) -Num dissector calls: 445 (148.33 diss/flow) +DPI Packets (TCP): 23 (5.75 pkts/flow) +Confidence DPI : 4 (flows) +Num dissector calls: 474 (118.50 diss/flow) LRU cache ookla: 0/0/0 (insert/search/found) -LRU cache bittorrent: 0/3/0 (insert/search/found) +LRU cache bittorrent: 0/0/0 (insert/search/found) LRU cache zoom: 0/0/0 (insert/search/found) LRU cache stun: 0/0/0 (insert/search/found) LRU cache tls_cert: 0/0/0 (insert/search/found) -LRU cache mining: 0/1/0 (insert/search/found) +LRU cache mining: 0/0/0 (insert/search/found) LRU cache msteams: 0/0/0 (insert/search/found) LRU cache stun_zoom: 0/0/0 (insert/search/found) Automa host: 0/0 (search/found) @@ -19,10 +18,11 @@ Automa risk mask: 0/0 (search/found) Automa common alpns: 0/0 (search/found) Patricia risk mask: 0/0 (search/found) Patricia risk: 0/0 (search/found) -Patricia protocols: 6/0 (search/found) +Patricia protocols: 8/0 (search/found) -SOCKS 46 8383 3 +SOCKS 60 10559 4 - 1 TCP 10.180.156.185:53535 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: Match by port][DPI packets: 17][cat: Web/5][10 pkts/832 bytes <-> 7 pkts/2073 bytes][Goodput ratio: 19/77][0.01 sec][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/296 212/1514 43/500][PLAIN TEXT (uGET / HTTP/1.1)][Plen Bins: 57,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] + 1 TCP 10.180.156.185:53535 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][10 pkts/832 bytes <-> 7 pkts/2073 bytes][Goodput ratio: 19/77][0.01 sec][bytes ratio: -0.427 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/1 4/3 2/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 83/296 212/1514 43/500][PLAIN TEXT (uGET / HTTP/1.1)][Plen Bins: 57,0,0,0,28,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0] 2 TCP 10.180.156.185:53534 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/711 bytes <-> 7 pkts/2069 bytes][Goodput ratio: 24/77][0.05 sec][bytes ratio: -0.488 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 8/12 47/46 18/20][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 89/296 212/1514 47/500][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] 3 TCP 10.180.156.185:53533 <-> 10.180.156.249:1080 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 6][cat: Web/5][8 pkts/695 bytes <-> 6 pkts/2003 bytes][Goodput ratio: 22/80][0.01 sec][bytes ratio: -0.485 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/2 3/4 1/2][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 87/334 212/1514 48/530][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 40,0,0,0,40,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0] + 4 TCP 10.0.0.1:1637 <-> 10.0.0.2:21477 [proto: 172/SOCKS][IP: 0/Unknown][ClearText][Confidence: DPI][DPI packets: 5][cat: Web/5][8 pkts/886 bytes <-> 6 pkts/1290 bytes][Goodput ratio: 47/73][117.94 sec][bytes ratio: -0.186 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/356 370/415 644/479 191/50][Pkt Len c2s/s2c min/avg/max/stddev: 60/60 111/215 449/984 128/344][Risk: ** Known Proto on Non Std Port **][Risk Score: 50][PLAIN TEXT (GET / HTTP/1.1)][Plen Bins: 67,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]