Fix CNP-IP false positives

ntop / nDPI

Open Source Deep Packet Inspection Software Toolkit

http://www.ntop.org

GNU Lesser General Public License v3.0

3.86k stars 902 forks source link

Fix CNP-IP false positives #2531

Closed 0xA50C1A1 closed 3 months ago

0xA50C1A1 commented 3 months ago

Please sign (check) the below before submitting the Pull Request:

[x] I have signed the ntop Contributor License Agreement at https://github.com/ntop/legal/blob/main/individual-contributor-licence-agreement.md
[x] I have read the contributing guidelines at https://github.com/ntop/nDPI/blob/dev/CONTRIBUTING.md
[x] I have updated the documentation (in doc/) to reflect the changes made (if applicable)

Link to the related issue: #2530

IvanNardi commented 3 months ago

@0xA50C1A1, thanks for fixing that! Could you try to add these false positives flows to tests/cfgs/default/pcap/false_positives.pcapng, please?

0xA50C1A1 commented 3 months ago

@0xA50C1A1, thanks for fixing that! Could you try to add these false positives flows to tests/cfgs/default/pcap/false_positives.pcapng, please?

I replaced NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION with NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD for now, as even checking the Session ID didn't help. I'll think of something better when I find samples of CNP-IP over TCP.

sonarcloud[bot] commented 3 months ago

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud