aboutsummaryrefslogtreecommitdiff
path: root/src/include
diff options
context:
space:
mode:
authorToni <matzeton@googlemail.com>2024-05-09 15:24:11 +0200
committerGitHub <noreply@github.com>2024-05-09 15:24:11 +0200
commit18e03a26ca781490f06bfdbd34628614fcb65ca9 (patch)
tree8f2d7033aa0fe3a695134e7554c624be3e8fb472 /src/include
parentb65a755e8569d428732f54bc72f7da3ffb94a3ff (diff)
Add extra entropy checks and more precise(?) analysis. (#2383)
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/include')
-rw-r--r--src/include/ndpi_main.h11
-rw-r--r--src/include/ndpi_typedefs.h2
2 files changed, 10 insertions, 3 deletions
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index 7012fd8ec..a95bf03c2 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -113,8 +113,15 @@ extern "C" {
int ndpi_is_printable_buffer(u_int8_t const * const buf, size_t len);
int ndpi_normalize_printable_string(char * const str, size_t len);
int ndpi_is_valid_hostname(char * const str, size_t len);
-#define NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(entropy) (entropy > 7.0f)
- float ndpi_entropy(u_int8_t const * const buf, size_t len);
+
+#define NDPI_ENTROPY_PLAINTEXT(entropy) (entropy < 4.941f)
+#define NDPI_ENTROPY_EXECUTABLE(entropy) (entropy >= 4.941f)
+#define NDPI_ENTROPY_EXECUTABLE_PACKED(entropy) (entropy >= 6.677f)
+#define NDPI_ENTROPY_EXECUTABLE_ENCRYPTED(entropy) (entropy >= 7.174f)
+#define NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(entropy) (entropy >= 7.312f)
+ float ndpi_entropy(u_int8_t const * const buf, size_t len);
+ char *ndpi_entropy2str(float entropy, char *buf, size_t len);
+ void ndpi_entropy2risk(struct ndpi_flow_struct *flow);
#ifdef __cplusplus
}
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 51b12595b..9a65e292a 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1202,7 +1202,7 @@ struct ndpi_flow_struct {
/* init parameter, internal used to set up timestamp,... */
u_int16_t guessed_protocol_id, guessed_protocol_id_by_ip, guessed_category, guessed_header_category;
u_int8_t l4_proto, protocol_id_already_guessed:1, fail_with_unknown:1,
- init_finished:1, client_packet_direction:1, packet_direction:1, is_ipv6:1, first_pkt_fully_encrypted:1, _pad1: 1;
+ init_finished:1, client_packet_direction:1, packet_direction:1, is_ipv6:1, first_pkt_fully_encrypted:1, skip_entropy_check: 1;
u_int16_t num_dissector_calls;
ndpi_confidence_t confidence; /* ndpi_confidence_t */
Powered by cgit, Themed by Ted Yin.