From b1edfdbf5c2eef8f55d4ac4d0bde8174b31ed66f Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Tue, 25 Mar 2025 17:00:03 +0100
Subject: Remove `NDPI_FULLY_ENCRYPTED` flow risk (#2779)

Use `NDPI_OBFUSCATED_TRAFFIC` instead; this way, all the obfuscated
traffic is identified via `NDPI_OBFUSCATED_TRAFFIC` flow risk.

Disable fully-encryption detection by default, like all the obfuscation
heuristics.
---
 src/lib/ndpi_utils.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'src/lib/ndpi_utils.c')

diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index ef179246a..7a31f0df2 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -2299,8 +2299,8 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
   case NDPI_TCP_ISSUES:
     return("TCP Connection Issues");
 
-  case NDPI_FULLY_ENCRYPTED:
-    return("Fully Encrypted Flow");
+  case NDPI_FREE_51:
+    return("FREE51");
 
   case NDPI_TLS_ALPN_SNI_MISMATCH:
     return("ALPN/SNI Mismatch");
@@ -2431,8 +2431,8 @@ const char* ndpi_risk2code(ndpi_risk_enum risk) {
     return STRINGIFY(NDPI_MINOR_ISSUES);
   case NDPI_TCP_ISSUES:
     return STRINGIFY(NDPI_MINOR_ISSUES);
-  case NDPI_FULLY_ENCRYPTED:
-    return STRINGIFY(NDPI_FULLY_ENCRYPTED);
+  case NDPI_FREE_51:
+    return STRINGIFY(NDPI_FREE_51);
   case NDPI_TLS_ALPN_SNI_MISMATCH:
     return STRINGIFY(NDPI_TLS_ALPN_SNI_MISMATCH);
   case NDPI_MALWARE_HOST_CONTACTED:
@@ -2554,8 +2554,8 @@ ndpi_risk_enum ndpi_code2risk(const char* risk) {
     return(NDPI_MINOR_ISSUES);
   else if(strcmp(STRINGIFY(NDPI_TCP_ISSUES), risk) == 0)
     return(NDPI_MINOR_ISSUES);
-  else if(strcmp(STRINGIFY(NDPI_FULLY_ENCRYPTED), risk) == 0)
-    return(NDPI_FULLY_ENCRYPTED);
+  else if(strcmp(STRINGIFY(NDPI_FREE_51), risk) == 0)
+    return(NDPI_FREE_51);
   else if(strcmp(STRINGIFY(NDPI_TLS_ALPN_SNI_MISMATCH), risk) == 0)
     return(NDPI_TLS_ALPN_SNI_MISMATCH);
   else if(strcmp(STRINGIFY(NDPI_MALWARE_HOST_CONTACTED), risk) == 0)
@@ -2703,7 +2703,7 @@ const char *ndpi_risk_shortnames[NDPI_MAX_RISK] = {
   "periodic_flow",
   "minor_issues",
   "tcp_issues",                 /* NDPI_TCP_ISSUES */
-  "fully_encrypted",
+  "free51",
   "tls_alpn_mismatch",
   "malware_host",
   "binary_data_transfer",
-- 
cgit v1.2.3