diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-10-25 17:06:29 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-25 17:06:29 +0200 |
| commit | ca5ffc498873805c07a29c6d8af3e995963c055d (patch) | |
| tree | efbc859babc7668069c9576b54439ffe10cc9859 /example/reader_util.c | |
| parent | 2ed2e5dc7e072d41065a7c04da5db598150c71fa (diff) | |
TLS: improve handling of ALPN(s) (#1784)
Tell "Advertised" ALPN list from "Negotiated" ALPN; the former is
extracted from the CH, the latter from the SH.
Add some entries to the known ALPN list.
Fix printing of "TLS Supported Versions" field.
Diffstat (limited to 'example/reader_util.c')
| -rw-r--r-- | example/reader_util.c | 43 |
1 files changed, 17 insertions, 26 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index 498c834f8..ba8031185 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -480,9 +480,14 @@ static void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow) { flow->ssh_tls.server_names = NULL; } - if(flow->ssh_tls.tls_alpn) { - ndpi_free(flow->ssh_tls.tls_alpn); - flow->ssh_tls.tls_alpn = NULL; + if(flow->ssh_tls.advertised_alpns) { + ndpi_free(flow->ssh_tls.advertised_alpns); + flow->ssh_tls.advertised_alpns = NULL; + } + + if(flow->ssh_tls.negotiated_alpn) { + ndpi_free(flow->ssh_tls.negotiated_alpn); + flow->ssh_tls.negotiated_alpn = NULL; } if(flow->ssh_tls.tls_supported_versions) { @@ -1248,11 +1253,6 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ssh_tls.browser_heuristics = flow->ndpi_flow->protos.tls_quic.browser_heuristics; - if(flow->ndpi_flow->protos.tls_quic.alpn) { - if((flow->ssh_tls.tls_alpn = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.alpn)) != NULL) - correct_csv_data_field(flow->ssh_tls.tls_alpn); - } - if(flow->ndpi_flow->protos.tls_quic.issuerDN) flow->ssh_tls.tls_issuerDN = strdup(flow->ndpi_flow->protos.tls_quic.issuerDN); @@ -1264,28 +1264,19 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ssh_tls.encrypted_sni.cipher_suite = flow->ndpi_flow->protos.tls_quic.encrypted_sni.cipher_suite; } - if(flow->ssh_tls.tls_supported_versions) { + if(flow->ndpi_flow->protos.tls_quic.tls_supported_versions) { if((flow->ssh_tls.tls_supported_versions = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.tls_supported_versions)) != NULL) correct_csv_data_field(flow->ssh_tls.tls_supported_versions); } - if(flow->ndpi_flow->protos.tls_quic.alpn - && flow->ndpi_flow->protos.tls_quic.tls_supported_versions) { - correct_csv_data_field(flow->ndpi_flow->protos.tls_quic.alpn); - correct_csv_data_field(flow->ndpi_flow->protos.tls_quic.tls_supported_versions); - - flow->info_type = INFO_TLS_QUIC_ALPN_VERSION; - ndpi_snprintf(flow->tls_quic.alpn, sizeof(flow->tls_quic.alpn), "%s", - flow->ndpi_flow->protos.tls_quic.alpn); - ndpi_snprintf(flow->tls_quic.tls_supported_versions, - sizeof(flow->tls_quic.tls_supported_versions), - "%s", flow->ndpi_flow->protos.tls_quic.tls_supported_versions); - } else if(flow->ndpi_flow->protos.tls_quic.alpn) { - correct_csv_data_field(flow->ndpi_flow->protos.tls_quic.alpn); - - flow->info_type = INFO_TLS_QUIC_ALPN_ONLY; - ndpi_snprintf(flow->tls_quic.alpn, sizeof(flow->tls_quic.alpn), "%s", - flow->ndpi_flow->protos.tls_quic.alpn); + if(flow->ndpi_flow->protos.tls_quic.advertised_alpns) { + if((flow->ssh_tls.advertised_alpns = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.advertised_alpns)) != NULL) + correct_csv_data_field(flow->ssh_tls.advertised_alpns); + } + + if(flow->ndpi_flow->protos.tls_quic.negotiated_alpn) { + if((flow->ssh_tls.negotiated_alpn = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.negotiated_alpn)) != NULL) + correct_csv_data_field(flow->ssh_tls.negotiated_alpn); } if(enable_doh_dot_detection) { |