diff options
author | Luca Deri <deri@ntop.org> | 2024-05-18 09:46:15 +0200 |
---|---|---|
committer | Luca Deri <deri@ntop.org> | 2024-05-18 09:46:15 +0200 |
commit | 42dba2e4afd12ab77073cc21df1d56d0ef02b232 (patch) | |
tree | facd7ab792423e766ad2273d372cf634c47bc1e3 /src | |
parent | c63446e59220efd3b133bccbbd44ed97c86c78f1 (diff) |
Added dpi.compute_entropy configuration parameter
Diffstat (limited to 'src')
-rw-r--r-- | src/include/ndpi_private.h | 3 | ||||
-rw-r--r-- | src/lib/ndpi_main.c | 14 | ||||
-rw-r--r-- | src/lib/ndpi_utils.c | 4 |
3 files changed, 14 insertions, 7 deletions
diff --git a/src/include/ndpi_private.h b/src/include/ndpi_private.h index 693b2cd57..76d2c7def 100644 --- a/src/include/ndpi_private.h +++ b/src/include/ndpi_private.h @@ -195,7 +195,8 @@ struct ndpi_detection_module_config_struct { int track_payload_enabled; int libgcrypt_init; int guess_on_giveup; - + int compute_entropy; + char filename_config[CFG_MAX_LEN]; int log_level; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c7648079e..65df915e1 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2792,6 +2792,8 @@ int ndpi_load_ptree_file(ndpi_ptree_t *ptree, if(inet_pton(AF_INET6, addr, &addr6) == 1) node = add_to_ptree(ptree->v6, AF_INET6, &addr6, cidr ? atoi(cidr) : 128); + else + node = NULL; } if(node != NULL) { @@ -4374,13 +4376,14 @@ static u_int16_t guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str ndpi_set_risk(flow, NDPI_MALFORMED_PACKET, NULL); if(packet->payload_packet_len > sizeof(struct ndpi_icmphdr)) { - if (flow->skip_entropy_check == 0) { + if(ndpi_str->cfg.compute_entropy && (flow->skip_entropy_check == 0)) { flow->entropy = ndpi_entropy(packet->payload + sizeof(struct ndpi_icmphdr), packet->payload_packet_len - sizeof(struct ndpi_icmphdr)); ndpi_entropy2risk(flow); } u_int16_t chksm = icmp4_checksum(packet->payload, packet->payload_packet_len); + if(chksm) { ndpi_set_risk(flow, NDPI_MALFORMED_PACKET, NULL); } @@ -8563,15 +8566,17 @@ static ndpi_protocol ndpi_internal_detection_process_packet(struct ndpi_detectio ndpi_search_shellscript(ndpi_str, flow); } - if(flow->skip_entropy_check == 0 && + if(ndpi_str->cfg.compute_entropy && + flow->skip_entropy_check == 0 && flow->first_pkt_fully_encrypted == 0 && flow->packet_counter < 5 && /* The following protocols do their own entropy calculation/classification. */ - ret.app_protocol != NDPI_PROTOCOL_IP_ICMP) - { + ret.app_protocol != NDPI_PROTOCOL_IP_ICMP) { + if (ret.app_protocol != NDPI_PROTOCOL_HTTP) { flow->entropy = ndpi_entropy(packet->payload, packet->payload_packet_len); } + ndpi_entropy2risk(flow); } @@ -11173,6 +11178,7 @@ static const struct cfg_param { { NULL, "fully_encrypted_heuristic", "enable", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(fully_encrypted_heuristic), NULL }, { NULL, "libgcrypt.init", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(libgcrypt_init), NULL }, { NULL, "dpi.guess_on_giveup", "0x3", "0", "3", CFG_PARAM_INT, __OFF(guess_on_giveup), NULL }, + { NULL, "dpi.compute_entropy", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(compute_entropy), NULL }, { NULL, "flow_risk_lists.load", "1", NULL, NULL, CFG_PARAM_ENABLE_DISABLE, __OFF(flow_risk_lists_enabled), NULL }, diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index d20de6ef2..ce86b4426 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -2743,8 +2743,7 @@ void ndpi_entropy2risk(struct ndpi_flow_struct *flow) { flow->detected_protocol_stack[0] == NDPI_PROTOCOL_QUIC || flow->detected_protocol_stack[1] == NDPI_PROTOCOL_QUIC || flow->detected_protocol_stack[0] == NDPI_PROTOCOL_DTLS || - flow->detected_protocol_stack[1] == NDPI_PROTOCOL_DTLS) - { + flow->detected_protocol_stack[1] == NDPI_PROTOCOL_DTLS) { flow->skip_entropy_check = 1; goto reset_risk; } @@ -2780,6 +2779,7 @@ reset_risk: } /* ******************************************************************** */ + static inline uint16_t get_n16bit(uint8_t const * cbuf) { uint16_t r = ((uint16_t)cbuf[0]) | (((uint16_t)cbuf[1]) << 8); return r; |