diff options
| author | Luca Deri <deri@ntop.org> | 2020-07-22 15:58:46 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2020-07-22 15:58:46 +0200 |
| commit | 3cd1ec5c9a165c8c53e49568b2da820222252986 (patch) | |
| tree | 741a39a121e6d6222a6c3847f4506bbe7edec625 /src/lib/protocols/ssh.c | |
| parent | 36af97a14cec89af777b3b87ea2c18cc966b7fa4 (diff) | |
Added changes for handlign SSSH cipher detection
Diffstat (limited to 'src/lib/protocols/ssh.c')
| -rw-r--r-- | src/lib/protocols/ssh.c | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 7679a2337..5aca9b350 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -70,7 +70,28 @@ static void ssh_analyse_signature_version(struct ndpi_detection_module_struct *n if(obsolete_ssh_version) NDPI_SET_BIT(flow->risk, is_client_signature ? NDPI_SSH_OBSOLETE_CLIENT_SIGNATURE : NDPI_SSH_OBSOLETE_SERVER_SIGNATURE); */ +} + +/* ************************************************************************ */ + +static void ssh_analyse_cipher(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + char *cipher, u_int cipher_len, + u_int8_t is_client_signature) { + /* + List of obsolete ciphers can be found at + https://www.linuxminion.com/deprecated-ssh-cryptographic-settings/ + */ +#ifdef SSH_DEBUG + u_int i; + printf("[%s] ", is_client_signature ? "CLIENT" : "SERVER"); + + for(i=0; i<cipher_len; i++) + printf("%c", cipher[i]); + + printf("\n"); +#endif } /* ************************************************************************ */ @@ -108,7 +129,9 @@ static void ndpi_int_ssh_add_connection(struct ndpi_detection_module_struct /* ************************************************************************ */ -static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, +static u_int16_t concat_hash_string(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + struct ndpi_packet_struct *packet, char *buf, u_int8_t client_hash) { u_int32_t offset = 22, len, buf_out_len = 0, max_payload_len = packet->payload_packet_len-sizeof(u_int32_t); const u_int32_t len_max = 65565; @@ -150,6 +173,7 @@ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, goto invalid_payload; strncpy(&buf[buf_out_len], (const char *)&packet->payload[offset], len); + ssh_analyse_cipher(ndpi_struct, flow, (char*)&packet->payload[offset], len, 1 /* client */); buf_out_len += len; buf[buf_out_len++] = ';'; } @@ -170,6 +194,7 @@ static u_int16_t concat_hash_string(struct ndpi_packet_struct *packet, goto invalid_payload; strncpy(&buf[buf_out_len], (const char *)&packet->payload[offset], len); + ssh_analyse_cipher(ndpi_struct, flow, (char*)&packet->payload[offset], len, 0 /* server */); buf_out_len += len; buf[buf_out_len++] = ';'; } @@ -355,7 +380,7 @@ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct if(packet->packet_direction == 0 /* client */) { u_char fingerprint_client[16]; - len = concat_hash_string(packet, hassh_buf, 1 /* client */); + len = concat_hash_string(ndpi_struct, flow, packet, hassh_buf, 1 /* client */); ndpi_MD5Init(&ctx); ndpi_MD5Update(&ctx, (const unsigned char *)hassh_buf, len); @@ -373,7 +398,7 @@ static void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct } else { u_char fingerprint_server[16]; - len = concat_hash_string(packet, hassh_buf, 0 /* server */); + len = concat_hash_string(ndpi_struct, flow, packet, hassh_buf, 0 /* server */); ndpi_MD5Init(&ctx); ndpi_MD5Update(&ctx, (const unsigned char *)hassh_buf, len); |