diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-10-25 17:06:29 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-25 17:06:29 +0200 |
| commit | ca5ffc498873805c07a29c6d8af3e995963c055d (patch) | |
| tree | efbc859babc7668069c9576b54439ffe10cc9859 /example/ndpiReader.c | |
| parent | 2ed2e5dc7e072d41065a7c04da5db598150c71fa (diff) | |
TLS: improve handling of ALPN(s) (#1784)
Tell "Advertised" ALPN list from "Negotiated" ALPN; the former is
extracted from the CH, the latter from the SH.
Add some entries to the known ALPN list.
Fix printing of "TLS Supported Versions" field.
Diffstat (limited to 'example/ndpiReader.c')
| -rw-r--r-- | example/ndpiReader.c | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2e206b578..96dd46881 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -767,7 +767,7 @@ void printCSVHeader() { fprintf(csv_fp, "server_info,"); fprintf(csv_fp, "tls_version,ja3c,tls_client_unsafe,"); fprintf(csv_fp, "ja3s,tls_server_unsafe,"); - fprintf(csv_fp, "tls_alpn,tls_supported_versions,"); + fprintf(csv_fp, "advertised_alpns,negotiated_alpn,tls_supported_versions,"); #if 0 fprintf(csv_fp, "tls_issuerDN,tls_subjectDN,"); #endif @@ -1341,8 +1341,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa (flow->ssh_tls.ja3_server[0] != '\0') ? flow->ssh_tls.ja3_server : "", (flow->ssh_tls.ja3_server[0] != '\0') ? is_unsafe_cipher(flow->ssh_tls.server_unsafe_cipher) : "0"); - fprintf(csv_fp, "%s,%s,", - flow->ssh_tls.tls_alpn ? flow->ssh_tls.tls_alpn : "", + fprintf(csv_fp, "%s,%s,%s,", + flow->ssh_tls.advertised_alpns ? flow->ssh_tls.advertised_alpns : "", + flow->ssh_tls.negotiated_alpn ? flow->ssh_tls.negotiated_alpn : "", flow->ssh_tls.tls_supported_versions ? flow->ssh_tls.tls_supported_versions : "" ); @@ -1541,16 +1542,16 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa } } break; + } - case INFO_TLS_QUIC_ALPN_VERSION: - fprintf(out, "[ALPN: %s][TLS Supported Versions: %s]", - flow->tls_quic.alpn, flow->tls_quic.tls_supported_versions); - break; + if(flow->ssh_tls.advertised_alpns) + fprintf(out, "[(Advertised) ALPNs: %s]", flow->ssh_tls.advertised_alpns); - case INFO_TLS_QUIC_ALPN_ONLY: - fprintf(out, "[ALPN: %s]", flow->tls_quic.alpn); - break; - } + if(flow->ssh_tls.negotiated_alpn) + fprintf(out, "[(Negotiated) ALPN: %s]", flow->ssh_tls.negotiated_alpn); + + if(flow->ssh_tls.tls_supported_versions) + fprintf(out, "[TLS Supported Versions: %s]", flow->ssh_tls.tls_supported_versions); if(flow->flow_extra_info[0] != '\0') fprintf(out, "[%s]", flow->flow_extra_info); @@ -3249,14 +3250,14 @@ static void printFlowsStats() { || (all_flows[i].flow->detected_protocol.app_protocol == NDPI_PROTOCOL_TLS) || (all_flows[i].flow->detected_protocol.app_protocol == NDPI_PROTOCOL_DOH_DOT) ) - && all_flows[i].flow->ssh_tls.tls_alpn /* ALPN */ + && all_flows[i].flow->ssh_tls.advertised_alpns /* ALPN */ ) { if(check_bin_doh_similarity(&bins[i], &s)) printf("[DoH (%f distance)]", s); else printf("[NO DoH (%f distance)]", s); } else { - if(all_flows[i].flow->ssh_tls.tls_alpn == NULL) + if(all_flows[i].flow->ssh_tls.advertised_alpns == NULL) printf("[NO DoH check: missing ALPN]"); } } |