Test fails while adding more protocols to protos.txt with increased NDPI_NUM_BITS

[ilanr]

_Hi Team, We added more protocols based on port numbers in protos.txt and increased the macros as below

-#define NDPI_NUM_BITS 512
-#define NDPI_NUM_BITS_MASK (512-1)
+#define NDPI_NUM_BITS 600
+#define NDPI_NUM_BITS_MASK (600-1)

But we are facing issue while running ./tests/do.sh as below

alicloud.pcap ERROR
../../../example/ndpiReader --cfg=filename.config,../../../example/config.txt -A -p ../../../example/protos.txt -c ../../../example/categories.txt -r ../../../example/risky_domains.txt -j ../../../example/ja3_fingerprints.csv -S ../../../example/sha1_fingerprints.csv -G ../../../lists -q -K JSON -k /dev/null -t -v 2 -i pcap/alicloud.pcap -w /tmp/reader.1273230.out [old vs new]
3c3
< Num dissector calls: 1605 (107.00 diss/flow)

Num dissector calls: 525 (35.00 diss/flow)

Find attached protos.txt for your reference. Please help us on this.
protos.txt

Regards,
Ilan_

[ilanr]

-#define NDPI_NUM_BITS 512
-#define NDPI_NUM_BITS_MASK (512-1)
+#define NDPI_NUM_BITS 1024
+#define NDPI_NUM_BITS_MASK (1024-1)

We did further analysis and modified the code with above value. Also we increased the flow size check as below.

-_Static_assert(sizeof(struct ndpi_flow_struct) <= 1008,

•           "Size of the flow struct increased to more than 1008 bytes, "
  

+_Static_assert(sizeof(struct ndpi_flow_struct) <= 1120,

•           "Size of the flow struct increased to more than 1120 bytes, "
            "please check if this change is necessary.");
  

Is the above changes enough to support more applications via protos.txt?

Thanks for your help.

[IvanNardi]

Is the above changes enough to support more applications via protos.txt?

Yes, it should be enough. BTW, there is an open issue about easing this process: #2136