aboutsummaryrefslogtreecommitdiff
path: root/src/lib/ndpi_main.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/ndpi_main.c')
-rw-r--r--src/lib/ndpi_main.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index b3758a1aa..41caa8c40 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -105,6 +105,7 @@ static ndpi_risk_info ndpi_known_risks[] = {
{ NDPI_TLS_CERT_VALIDITY_TOO_LONG, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE },
{ NDPI_TLS_SUSPICIOUS_EXTENSION, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE },
{ NDPI_TLS_FATAL_ALERT, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE },
+ { NDPI_ENTROPY_SUSPICIOUS, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE },
/* Leave this as last member */
{ NDPI_MAX_RISK, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE }
@@ -2841,6 +2842,7 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
break;
case NDPI_ICMP_PROTOCOL_TYPE:
if(flow) {
+ flow->entropy = 0.0f;
/* Run some basic consistency tests */
if(flow->packet.payload_packet_len < sizeof(struct ndpi_icmphdr))
@@ -2853,6 +2855,15 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str,
if(((icmp_type >= 44) && (icmp_type <= 252))
|| (icmp_code > 15))
ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET);
+ if (flow->packet.payload_packet_len > sizeof(struct ndpi_icmphdr))
+ {
+ flow->entropy = ndpi_entropy(flow->packet.payload + sizeof(struct ndpi_icmphdr),
+ flow->packet.payload_packet_len - sizeof(struct ndpi_icmphdr));
+ if (NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0)
+ {
+ ndpi_set_risk(ndpi_str, flow, NDPI_ENTROPY_SUSPICIOUS);
+ }
+ }
}
}
return(NDPI_PROTOCOL_IP_ICMP);
Powered by cgit, Themed by Ted Yin.