diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-01-07 10:55:23 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-07 10:55:23 +0100 |
| commit | b8a5358e8010f5e46df528b440cd9cc26910fdb9 (patch) | |
| tree | 514fe84e7e308cc443ed001601e99834ac2c1d32 /src/lib/ndpi_utils.c | |
| parent | eb37f8f1fbf62fce7e8997a24408b998f895d07b (diff) | |
QUIC: improve handling of SNI (#1105)
* QUIC: SNI should be always saved in flow->protos.stun_ssl.ssl.client_requested_server_name
Close #1077
* QUIC: fix matching of custom categories
* QUIC: add NDPI_TLS_MISSING_SNI support for older GQUIC versions
* QUIC: fix serialization
* QUIC: add DGA check for older GQUIC versions
Diffstat (limited to 'src/lib/ndpi_utils.c')
| -rw-r--r-- | src/lib/ndpi_utils.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 97b94ed68..8938a35f2 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1213,8 +1213,23 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, case NDPI_PROTOCOL_QUIC: ndpi_serialize_start_of_block(serializer, "quic"); - if(flow->host_server_name[0] != '\0') - ndpi_serialize_string_string(serializer, "hostname", (const char*)flow->host_server_name); + if(flow->protos.stun_ssl.ssl.client_requested_server_name[0] != '\0') + ndpi_serialize_string_string(serializer, "client_requested_server_name", + flow->protos.stun_ssl.ssl.client_requested_server_name); + if(flow->http.user_agent) + ndpi_serialize_string_string(serializer, "user_agent", flow->http.user_agent); + if(flow->protos.stun_ssl.ssl.ssl_version) { + u_int8_t unknown_tls_version; + char *version = ndpi_ssl_version2str(flow, flow->protos.stun_ssl.ssl.ssl_version, &unknown_tls_version); + + if(!unknown_tls_version) + ndpi_serialize_string_string(serializer, "version", version); + if(flow->protos.stun_ssl.ssl.alpn) + ndpi_serialize_string_string(serializer, "alpn", flow->protos.stun_ssl.ssl.alpn); + ndpi_serialize_string_string(serializer, "ja3", flow->protos.stun_ssl.ssl.ja3_client); + if(flow->protos.stun_ssl.ssl.tls_supported_versions) + ndpi_serialize_string_string(serializer, "tls_supported_versions", flow->protos.stun_ssl.ssl.tls_supported_versions); + } ndpi_serialize_end_of_block(serializer); break; |