TLS: add basic, basic, detection of Encrypted ClientHello (#2053)

3 files changed, 10 insertions, 0 deletions

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index dfde22d61..c37c046f8 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -1819,6 +1819,10 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa
               ndpi_cipher2str(flow->ssh_tls.encrypted_sni.cipher_suite, unknown_cipher));
     }
 
+    if(flow->ssh_tls.encrypted_ch.version != 0) {
+      fprintf(out, "[ECH: version 0x%x]", flow->ssh_tls.encrypted_ch.version);
+    }
+
     if(flow->ssh_tls.sha1_cert_fingerprint_set) {
       fprintf(out, "[Certificate SHA-1: ");
       for(i=0; i<20; i++)
diff --git a/example/reader_util.c b/example/reader_util.c
index b9112b92e..d8c4b23f3 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1339,6 +1339,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
       flow->ssh_tls.encrypted_sni.cipher_suite = flow->ndpi_flow->protos.tls_quic.encrypted_sni.cipher_suite;
     }
 
+    flow->ssh_tls.encrypted_ch.version = flow->ndpi_flow->protos.tls_quic.encrypted_ch.version;
+
     if(flow->ndpi_flow->protos.tls_quic.tls_supported_versions) {
       if((flow->ssh_tls.tls_supported_versions = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.tls_supported_versions)) != NULL)
 	correct_csv_data_field(flow->ssh_tls.tls_supported_versions);
diff --git a/example/reader_util.h b/example/reader_util.h
index 4dabbc88d..cce243130 100644
--- a/example/reader_util.h
+++ b/example/reader_util.h
@@ -276,6 +276,10 @@ typedef struct ndpi_flow_info {
       char *esni;
     } encrypted_sni;    
 
+    struct {
+      u_int16_t version;
+    } encrypted_ch;
+
     time_t notBefore, notAfter;
     u_int16_t server_cipher;
     ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher;