Fixed JA3 decoding

Made ndpi_process_extra_packet() optional
author: Luca Deri <deri@ntop.org> 2019-05-20 15:32:50 +0200
committer: Luca Deri <deri@ntop.org> 2019-05-20 15:32:50 +0200
commit: f97be61e8b46663254425f99a944c36392227f0b (patch)
tree: 8639f7816f1a25f2a07685adbc8ed610b2be3ae9 /src/lib/ndpi_main.c
parent: 96043866989d0fe355b53a8a50fdd6f4a303e3cc (diff)
1 files changed, 18 insertions, 3 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 6561bf1b9..737124697 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4650,9 +4650,24 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct
   flow->num_processed_pkts++;
 
   if(flow->server_id == NULL) flow->server_id = dst; /* Default */
-  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN)
-    goto ret_protocols;
-
+  if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) {
+    /*
+      With SSL we might want to dissect further packets to decode
+      the certificate type for instance 
+    */
+    if(flow->check_extra_packets
+       /*
+	 && ((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL)
+	 || (flow->detected_protocol_stack[1] == NDPI_PROTOCOL_SSL))
+       */
+       ) {
+      ndpi_process_extra_packet(ndpi_struct, flow, packet, packetlen, current_tick_l, src, dst);
+      ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0];
+      return(ret);
+    } else
+      goto ret_protocols;
+  }
+  
   /* need at least 20 bytes for ip header */
   if(packetlen < 20) {
     /* reset protocol which is normally done in init_packet_header */
author	Luca Deri <deri@ntop.org>	2019-05-20 15:32:50 +0200
committer	Luca Deri <deri@ntop.org>	2019-05-20 15:32:50 +0200
commit	f97be61e8b46663254425f99a944c36392227f0b (patch)
tree	8639f7816f1a25f2a07685adbc8ed610b2be3ae9 /src/lib/ndpi_main.c
parent	96043866989d0fe355b53a8a50fdd6f4a303e3cc (diff)