diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 3 | ||||
| -rw-r--r-- | src/lib/ndpi_main.c | 12 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 4 |
3 files changed, 9 insertions, 10 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 2260e95e8..38613886f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -66,7 +66,6 @@ typedef enum { - ndpi_risk2str (in ndpi_utils.c) - https://github.com/ntop/ntopng/blob/dev/scripts/lua/modules/flow_risk_utils.lua - ndpi_risk_enum (in python/ndpi.py) - - ndpi_known_risks (ndpi_utils.c) - ndpi_known_risks (ndpi_main.c) */ typedef enum { @@ -105,7 +104,7 @@ typedef enum { NDPI_TLS_CERT_VALIDITY_TOO_LONG, NDPI_TLS_SUSPICIOUS_EXTENSION, NDPI_TLS_FATAL_ALERT, - NDPI_ENTROPY_SUSPICIOUS, + NDPI_SUSPICIOUS_ENTROPY, /* Leave this as last member */ NDPI_MAX_RISK /* must be <= 63 due to (**) */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 41caa8c40..464b2b326 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -105,7 +105,7 @@ static ndpi_risk_info ndpi_known_risks[] = { { NDPI_TLS_CERT_VALIDITY_TOO_LONG, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE }, { NDPI_TLS_SUSPICIOUS_EXTENSION, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE }, { NDPI_TLS_FATAL_ALERT, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE }, - { NDPI_ENTROPY_SUSPICIOUS, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE }, + { NDPI_SUSPICIOUS_ENTROPY, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE }, /* Leave this as last member */ { NDPI_MAX_RISK, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE } @@ -2855,13 +2855,13 @@ u_int16_t ndpi_guess_protocol_id(struct ndpi_detection_module_struct *ndpi_str, if(((icmp_type >= 44) && (icmp_type <= 252)) || (icmp_code > 15)) ndpi_set_risk(ndpi_str, flow, NDPI_MALFORMED_PACKET); - if (flow->packet.payload_packet_len > sizeof(struct ndpi_icmphdr)) - { + + if (flow->packet.payload_packet_len > sizeof(struct ndpi_icmphdr)) { flow->entropy = ndpi_entropy(flow->packet.payload + sizeof(struct ndpi_icmphdr), flow->packet.payload_packet_len - sizeof(struct ndpi_icmphdr)); - if (NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0) - { - ndpi_set_risk(ndpi_str, flow, NDPI_ENTROPY_SUSPICIOUS); + + if (NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(flow->entropy) != 0) { + ndpi_set_risk(ndpi_str, flow, NDPI_SUSPICIOUS_ENTROPY); } } } diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 714a1f28c..250a010ed 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1780,8 +1780,8 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) { case NDPI_TLS_FATAL_ALERT: return("TLS fatal alert"); - case NDPI_ENTROPY_SUSPICIOUS: - return("Entropy suspicious"); + case NDPI_SUSPICIOUS_ENTROPY: + return("Suspicious entropy"); default: snprintf(buf, sizeof(buf), "%d", (int)risk); |