Improved TLS application data detection.improved/tls-appdata-detection

Signed-off-by: lns <matzeton@googlemail.com>
author: lns <matzeton@googlemail.com> 2022-04-25 23:06:25 +0200
committer: lns <matzeton@googlemail.com> 2022-04-25 23:09:35 +0200
commit: c125f8c52b6350db037b56c2616692bfe7189caf (patch)
tree: 9c3d66997828e6bf27fcdd1b35ee82e78fb20836 /src/lib/protocols/tls.c
parent: 075bce5f3de463975464472158dca980a45f48a3 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index c5142abde..098e4d5b0 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -987,6 +987,12 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 	if(block_len < 16384 /* Max TLS block size */)
 	  ndpi_looks_like_tls(ndpi_struct, flow);
 
+    if (packet->payload[1] == 0x03 && packet->payload[2] <= 4 &&
+        block_len == (u_int32_t)packet->payload_packet_len - 5)
+    {
+      ndpi_int_tls_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TLS);
+    }
+
 	if(flow->l4.tcp.tls.certificate_processed) {
 	  if(flow->l4.tcp.tls.num_tls_blocks < ndpi_struct->num_tls_blocks_to_follow)
 	    flow->l4.tcp.tls.tls_application_blocks_len[flow->l4.tcp.tls.num_tls_blocks++] =
author	lns <matzeton@googlemail.com>	2022-04-25 23:06:25 +0200
committer	lns <matzeton@googlemail.com>	2022-04-25 23:09:35 +0200
commit	c125f8c52b6350db037b56c2616692bfe7189caf (patch)
tree	9c3d66997828e6bf27fcdd1b35ee82e78fb20836 /src/lib/protocols/tls.c
parent	075bce5f3de463975464472158dca980a45f48a3 (diff)