bittorrent: add configuration for "hash" metadata (#2706)

Fix confidence value for same TCP flows
ntop · Jan 31, 2025 · dd4807f · dd4807f
1 parent c03dd3e
commit dd4807f
Show file tree

Hide file tree

Showing 11 changed files with 101 additions and 5 deletions.
diff --git a/doc/configuration_parameters.md b/doc/configuration_parameters.md
@@ -66,6 +66,7 @@ List of the supported configuration options:
 | "stun"       | "metadata.attribute.other_address"        | enable        | NULL      | NULL      | Enable/disable extraction of other-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster |
 | "stun"       | "metadata.attribute.relayed_address"      | enable        | NULL      | NULL      | Enable/disable extraction of (xor-)relayed-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster |
 | "stun"       | "metadata.attribute.peer_address"         | enable        | NULL      | NULL      | Enable/disable extraction of (xor-)peer-address attribute for STUN flows. If it is disabled, STUN classification might be significant faster; however sub-classification capability might be negatively impacted |
+| "bittorrent" | "metadata.hash"                           | enable        | NULL      | NULL      | Enable/disable extraction of hash metadata for Bittorrent flows. |
 | "dns"        | "subclassification"                       | enable        | NULL      | NULL      | Enable/disable sub-classification of DNS flows (via query/response domain name). If disabled, some flow risks are not checked |
 | "dns"        | "process_response"                        | enable        | NULL      | NULL      | Enable/disable processing of DNS responses. By default, DNS flows are fully classified after the first request/response pair (or after the first response, if the request is missing). If this parameter is disabled, the flows are fully classified after the first packet, i.e. usually after the first request; in that case, some flow risks are not checked and some metadata are not exported |
 | "http"       | "process_response"                        | enable        | NULL      | NULL      | Enable/disable processing of HTTP responses. By default, HTTP flows are usually fully classified after the first request/response pair. If this parameter is disabled, the flows are fully classified after the first request (or after the first response, if the request is missing); in that case, some flow risks are not checked and some metadata are not exported |

diff --git a/example/only_classification.conf b/example/only_classification.conf
@@ -6,6 +6,8 @@
 
 #General metadata
 --cfg=metadata.tcp_fingerprint,0
+#BITTORRENT
+--cfg=bittorrent,metadata.hash,0
 #TLS
 --cfg=tls,metadata.sha1_fingerprint,0 --cfg=tls,metadata.ja3s_fingerprint,0 --cfg=tls,metadata.ja4c_fingerprint,0 --cfg=tls,metadata.cert_server_names,0 --cfg=tls,metadata.cert_validity,0 --cfg=tls,metadata.cert_issuer,0 --cfg=tls,metadata.cert_subject,0 --cfg=tls,metadata.alpn_negotiated,0 --cfg=tls,metadata.versions_supported,0 --cfg=tls,metadata.cipher,0 --cfg=tls,metadata.browser,0
 #SIP

diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp
@@ -298,6 +298,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     snprintf(cfg_value, sizeof(cfg_value), "%d", value);
     ndpi_set_config(ndpi_info_mod, "stun", "metadata.attribute.mapped_address", cfg_value);
   }
+  if(fuzzed_data.ConsumeBool()) {
+    value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1);
+    snprintf(cfg_value, sizeof(cfg_value), "%d", value);
+    ndpi_set_config(ndpi_info_mod, "bittorrent", "metadata.hash", cfg_value);
+  }
   if(fuzzed_data.ConsumeBool()) {
     value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1);
     snprintf(cfg_value, sizeof(cfg_value), "%d", value);

diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h
@@ -285,6 +285,8 @@ struct ndpi_detection_module_config_struct {
   int stun_relayed_address_enabled;
   int stun_peer_address_enabled;
 
+  int bittorrent_hash_enabled;
+
   int dns_subclassification_enabled;
   int dns_parse_response_enabled;
 

diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
@@ -11635,6 +11635,9 @@ static const struct cfg_param {
   { "stun",          "metadata.attribute.relayed_address",      "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(stun_relayed_address_enabled), NULL },
   { "stun",          "metadata.attribute.peer_address",         "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(stun_peer_address_enabled), NULL },
 
+  { "bittorrent",    "metadata.hash",                           "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(bittorrent_hash_enabled), NULL },
+
+
   { "dns",           "subclassification",                       "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(dns_subclassification_enabled), NULL },
   { "dns",           "process_response",                        "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(dns_parse_response_enabled), NULL },
 

diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c
@@ -184,13 +184,15 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc
 					      struct ndpi_flow_struct *flow,
 					      int bt_offset, int check_hash,
 					      ndpi_confidence_t confidence) {
-  if(check_hash)
+  if(ndpi_struct->cfg.bittorrent_hash_enabled &&
+     check_hash)
     ndpi_search_bittorrent_hash(ndpi_struct, flow, bt_offset);
 
   ndpi_set_detected_protocol_keeping_master(ndpi_struct, flow, NDPI_PROTOCOL_BITTORRENT,
 					    confidence);
 
-  if(flow->protos.bittorrent.hash[0] == '\0') {
+  if(ndpi_struct->cfg.bittorrent_hash_enabled &&
+     flow->protos.bittorrent.hash[0] == '\0') {
     /* Don't use just 1 as in TCP DNS more packets could be returned (e.g. ACK). */
     flow->max_extra_packets_to_check = 3;
     flow->extra_packets_func = search_bittorrent_again;
@@ -511,6 +513,8 @@ static u_int8_t is_port(u_int16_t a, u_int16_t b, u_int16_t what) {
 
 static void ndpi_skip_bittorrent(struct ndpi_detection_module_struct *ndpi_struct,
 				 struct ndpi_flow_struct *flow) {
+  if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_BITTORRENT)
+    return;
   if(search_into_bittorrent_cache(ndpi_struct, flow))
     ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 0, NDPI_CONFIDENCE_DPI_CACHE);
   else

diff --git a/tests/cfgs/classification_only/pcap/bittorrent.pcap b/tests/cfgs/classification_only/pcap/bittorrent.pcap
@@ -0,0 +1 @@
+../../default/pcap/bittorrent.pcap
diff --git a/tests/cfgs/classification_only/pcap/bittorrent_tcp_miss.pcapng b/tests/cfgs/classification_only/pcap/bittorrent_tcp_miss.pcapng
@@ -0,0 +1 @@
+../../default/pcap/bittorrent_tcp_miss.pcapng
diff --git a/tests/cfgs/classification_only/result/bittorrent.pcap.out b/tests/cfgs/classification_only/result/bittorrent.pcap.out
@@ -0,0 +1,50 @@
+DPI Packets (TCP):	24	(1.00 pkts/flow)
+Confidence DPI              : 24 (flows)
+Num dissector calls: 1740 (72.50 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 120/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/0/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   48/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+BitTorrent	299	305728	24
+
+Acceptable                     299 305728        24           
+
+	1	TCP 192.168.1.3:52915 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][17 pkts/2745 bytes <-> 193 pkts/282394 bytes][Goodput ratio: 59/95][5.77 sec][bytes ratio: -0.981 (Download)][IAT c2s/s2c min/avg/max/stddev: 12/0 319/30 779/919 241/95][Pkt Len c2s/s2c min/avg/max/stddev: 83/80 161/1463 242/1506 58/218][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 2,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,93,0,0]
+	2	TCP 192.168.1.3:52895 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/583 bytes <-> 4 pkts/975 bytes][Goodput ratio: 55/73][4.11 sec][bytes ratio: -0.252 (Download)][IAT c2s/s2c min/avg/max/stddev: 132/72 959/2027 1966/3982 760/1955][Pkt Len c2s/s2c min/avg/max/stddev: 80/73 146/244 198/648 44/235][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,12,25,12,12,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	3	TCP 192.168.1.3:52914 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][4 pkts/640 bytes <-> 3 pkts/910 bytes][Goodput ratio: 59/78][3.54 sec][bytes ratio: -0.174 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 489/661 1178/883 1943/1105 596/222][Pkt Len c2s/s2c min/avg/max/stddev: 75/113 160/303 241/650 62/246][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 14,14,28,14,0,14,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 192.168.1.3:52907 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/583 bytes <-> 2 pkts/818 bytes][Goodput ratio: 77/84][1.89 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,25,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	TCP 192.168.1.3:52927 <-> 83.216.184.241:51413 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/582 bytes <-> 2 pkts/796 bytes][Goodput ratio: 66/83][0.92 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	TCP 192.168.1.3:52897 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/510 bytes <-> 2 pkts/771 bytes][Goodput ratio: 61/83][0.92 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,20,60,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	TCP 192.168.1.3:52903 <-> 198.100.146.9:60163 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/410 bytes <-> 3 pkts/851 bytes][Goodput ratio: 52/77][0.81 sec][bytes ratio: -0.350 (Download)][IAT c2s/s2c min/avg/max/stddev: 320/159 407/298 494/436 87/138][Pkt Len c2s/s2c min/avg/max/stddev: 80/80 137/284 196/601 47/227][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 34,0,16,16,16,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	8	TCP 192.168.1.3:52917 <-> 151.15.48.189:47001 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 2 pkts/771 bytes][Goodput ratio: 56/83][0.09 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,0,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	9	TCP 192.168.1.3:52911 <-> 151.26.95.30:22673 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/442 bytes <-> 2 pkts/771 bytes][Goodput ratio: 55/83][0.94 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	10	TCP 192.168.1.3:52921 <-> 95.234.159.16:41205 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/440 bytes <-> 2 pkts/772 bytes][Goodput ratio: 55/83][0.27 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	11	TCP 192.168.1.3:52906 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.36 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	12	TCP 192.168.1.3:52922 <-> 95.237.193.34:11321 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/434 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.26 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	13	TCP 192.168.1.3:52887 <-> 82.57.97.83:53137 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/430 bytes <-> 2 pkts/771 bytes][Goodput ratio: 54/83][0.45 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,20,20,20,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	14	TCP 192.168.1.3:52896 <-> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/409 bytes <-> 2 pkts/771 bytes][Goodput ratio: 51/83][0.25 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 20,0,40,0,20,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	15	TCP 192.168.1.3:52926 <-> 93.65.249.100:31336 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 2 pkts/796 bytes][Goodput ratio: 50/83][0.23 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,33,33,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	16	TCP 192.168.1.3:52888 <-> 82.58.216.115:38305 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes <-> 1 pkts/624 bytes][Goodput ratio: 50/89][0.22 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	17	TCP 192.168.1.3:52902 <-> 190.103.195.56:46633 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][2 pkts/349 bytes <-> 2 pkts/265 bytes][Goodput ratio: 62/50][1.91 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,25,25,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	18	TCP 192.168.1.3:52912 <-> 151.72.255.163:59928 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][3 pkts/455 bytes <-> 1 pkts/157 bytes][Goodput ratio: 56/58][0.15 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 25,0,50,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	19	TCP 192.168.1.3:52893 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	20	TCP 192.168.1.3:52894 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	21	TCP 192.168.1.3:52908 -> 79.55.129.22:12097 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	22	TCP 192.168.1.3:52909 -> 79.53.228.2:14627 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	23	TCP 192.168.1.3:52910 -> 120.62.33.241:39332 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	24	TCP 192.168.1.3:52925 -> 93.65.227.100:19116 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 37/BitTorrent, Confidence: DPI][DPI packets: 1][cat: Download/7][1 pkts/134 bytes -> 0 pkts/0 bytes][Goodput ratio: 50/0][< 1 sec][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,0,100,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
diff --git a/tests/cfgs/classification_only/result/bittorrent_tcp_miss.pcapng.out b/tests/cfgs/classification_only/result/bittorrent_tcp_miss.pcapng.out
@@ -0,0 +1,27 @@
+DPI Packets (TCP):	10	(10.00 pkts/flow)
+Confidence DPI              : 1 (flows)
+Num dissector calls: 243 (243.00 diss/flow)
+LRU cache ookla:      0/0/0 (insert/search/found)
+LRU cache bittorrent: 5/0/0 (insert/search/found)
+LRU cache stun:       0/0/0 (insert/search/found)
+LRU cache tls_cert:   0/0/0 (insert/search/found)
+LRU cache mining:     0/0/0 (insert/search/found)
+LRU cache msteams:    0/0/0 (insert/search/found)
+LRU cache fpc_dns:    0/1/0 (insert/search/found)
+Automa host:          0/0 (search/found)
+Automa domain:        0/0 (search/found)
+Automa tls cert:      0/0 (search/found)
+Automa risk mask:     0/0 (search/found)
+Automa common alpns:  0/0 (search/found)
+Patricia risk mask:   0/0 (search/found)
+Patricia risk mask IPv6: 0/0 (search/found)
+Patricia risk:        0/0 (search/found)
+Patricia risk IPv6:   0/0 (search/found)
+Patricia protocols:   2/0 (search/found)
+Patricia protocols IPv6: 0/0 (search/found)
+
+BitTorrent	100	96898	1
+
+Acceptable                     100 96898         1            
+
+	1	TCP 192.168.122.34:48987 <-> 178.71.206.1:6881 [proto: 37/BitTorrent][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: Download/7][33 pkts/2895 bytes <-> 67 pkts/94003 bytes][Goodput ratio: 38/96][0.31 sec][bytes ratio: -0.940 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 7/4 33/64 11/12][Pkt Len c2s/s2c min/avg/max/stddev: 54/66 88/1403 525/1494 98/324][PLAIN TEXT (BitTorrent protocol)][Plen Bins: 0,4,1,0,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,88,0,0]