diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-07-19 13:58:22 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-07-19 16:05:51 +0200 |
| commit | 370ea972c127c6a8ed704f8ca237aae6e9eb2660 (patch) | |
| tree | 6c71a429d37be7ed0e8be939702cd91545266b8d /src/include | |
| parent | b95bd0358fd43d9fdfdc5266e3c8923b91e1d4db (diff) | |
Added risk: TLS_EXTENSION_SUSPICIOUSadded/sus_tls_ext_risk
* validates client/server hello TLS extensions
* inspects content for some extensions
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ndpi_main.h | 2 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 1 | ||||
| -rw-r--r-- | src/include/ndpi_utils.h | 13 |
3 files changed, 16 insertions, 0 deletions
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 78e8fdb4a..c8d9b06ae 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -152,6 +152,8 @@ extern "C" { const u_int8_t ** l4ptr, u_int16_t * l4len, u_int8_t * nxt_hdr); void ndpi_set_risk(struct ndpi_flow_struct *flow, ndpi_risk_enum r); + int ndpi_is_printable_string(char const * const str, size_t len); + float ndpi_calculate_entropy(u_int8_t const * const buf, size_t len); #ifdef __cplusplus } #endif diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 860e2da1c..aeac33b30 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -102,6 +102,7 @@ typedef enum { NDPI_DESKTOP_OR_FILE_SHARING_SESSION, /* 30 */ NDPI_TLS_UNCOMMON_ALPN, NDPI_TLS_CERT_VALIDITY_TOO_LONG, + NDPI_TLS_EXTENSION_SUSPICIOUS, /* Leave this as last member */ NDPI_MAX_RISK /* must be <= 63 due to (**) */ diff --git a/src/include/ndpi_utils.h b/src/include/ndpi_utils.h index b8176cc02..983aae283 100644 --- a/src/include/ndpi_utils.h +++ b/src/include/ndpi_utils.h @@ -16,4 +16,17 @@ extern void printRawData(const uint8_t *ptr, size_t len); //extern uint8_t add_segment_to_buffer( struct ndpi_flow_struct *flow, struct ndpi_tcphdr const * tcph, uint32_t waited); //extern uint8_t check_for_sequence( struct ndpi_flow_struct *flow, struct ndpi_tcphdr const * tcph); +/* **************************************** */ + +/* Can't call libc functions from kernel space, define some stub instead */ + +#define ndpi_isalpha(ch) (((ch) >= 'a' && (ch) <= 'z') || ((ch) >= 'A' && (ch) <= 'Z')) +#define ndpi_isdigit(ch) ((ch) >= '0' && (ch) <= '9') +#define ndpi_isspace(ch) (((ch) >= '\t' && (ch) <= '\r') || ((ch) == ' ')) +#define ndpi_isprint(ch) ((ch) >= 0x20 && (ch) <= 0x7e) +#define ndpi_ispunct(ch) (((ch) >= '!' && (ch) <= '/') || \ + ((ch) >= ':' && (ch) <= '@') || \ + ((ch) >= '[' && (ch) <= '`') || \ + ((ch) >= '{' && (ch) <= '~')) + #endif |