From 3326fa258ec92e553e39fc8a1bfa3921dc81f15c Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Wed, 26 Jul 2023 09:09:12 +0200
Subject: Add an heuristic to detect fully encrypted flows (#2058)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A fully encrypted session is a flow where every bytes of the
payload is encrypted in an attempt to “look like nothing”.
The heuristic needs only the very first packet of the flow.
See: https://www.usenix.org/system/files/sec23fall-prepub-234-wu-mingshi.pdf

A basic, but generic, inplementation of the popcpunt alg has been added
---
 src/include/ndpi_win32.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/include/ndpi_win32.h')

diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h
index 721ba48a4..2ad8602aa 100644
--- a/src/include/ndpi_win32.h
+++ b/src/include/ndpi_win32.h
@@ -78,4 +78,9 @@ typedef unsigned       __int64 u_int64_t;
 /* https://stackoverflow.com/questions/7993050/multiplatform-atomic-increment */
 #define __sync_fetch_and_add(a,b)       InterlockedExchangeAdd ((a), b)
 
+#if defined(WIN32) || defined(WIN64)
+#include <intrin.h>
+#define __builtin_popcount __popcnt
+#endif
+
 #endif /* __NDPI_WIN32_H__ */
-- 
cgit v1.2.3