From 259b60f574fd3cb7ccd0fb205d0e91b7b5173c5c Mon Sep 17 00:00:00 2001
From: Toni <matzeton@googlemail.com>
Date: Sun, 8 Aug 2021 17:03:23 +0200
Subject: Added entropy calculation to check for suspicious (encrypted)
 payload. (#1270)

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

Co-authored-by: Luca Deri <lucaderi@users.noreply.github.com>
---
 src/include/ndpi_main.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/include/ndpi_main.h')

diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index 8c6eac83f..0a513c353 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -155,7 +155,8 @@ extern "C" {
   void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str,
 		     struct ndpi_flow_struct *flow, ndpi_risk_enum r);
   int ndpi_is_printable_string(char const * const str, size_t len);
-  float ndpi_calculate_entropy(u_int8_t const * const buf, size_t len);
+#define NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(entropy) (entropy > 7.0f)
+  float ndpi_entropy(u_int8_t const * const buf, size_t len);
   void load_common_alpns(struct ndpi_detection_module_struct *ndpi_str);
   u_int8_t is_a_common_alpn(struct ndpi_detection_module_struct *ndpi_str,
 			    const char *alpn_to_check, u_int alpn_to_check_len);    
-- 
cgit v1.2.3