Improved TLS application data detection. (#1532)

Signed-off-by: lns <matzeton@googlemail.com>
author: Toni <matzeton@googlemail.com> 2022-04-27 17:22:53 +0200
committer: GitHub <noreply@github.com> 2022-04-27 17:22:53 +0200
commit: 10161448bc1b2ad98fd49356203d6a53f5c1abe9 (patch)
tree: c172d0bacea888fe5f23e170e14a2505965b3f8b /src/lib/protocols/tls.c
parent: 3ad989f6a814fb7e286de81c10b5fba4a615f920 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index fbb21ef00..8324cb9ea 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -987,6 +987,12 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
 	if(block_len < 16384 /* Max TLS block size */)
 	  ndpi_looks_like_tls(ndpi_struct, flow);
 
+    if (packet->payload[1] == 0x03 && packet->payload[2] <= 4 &&
+        block_len == (u_int32_t)packet->payload_packet_len - 5)
+    {
+      ndpi_int_tls_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TLS);
+    }
+
 	if(flow->l4.tcp.tls.certificate_processed) {
 	  if(flow->l4.tcp.tls.num_tls_blocks < ndpi_struct->num_tls_blocks_to_follow)
 	    flow->l4.tcp.tls.tls_application_blocks_len[flow->l4.tcp.tls.num_tls_blocks++] =
author	Toni <matzeton@googlemail.com>	2022-04-27 17:22:53 +0200
committer	GitHub <noreply@github.com>	2022-04-27 17:22:53 +0200
commit	10161448bc1b2ad98fd49356203d6a53f5c1abe9 (patch)
tree	c172d0bacea888fe5f23e170e14a2505965b3f8b /src/lib/protocols/tls.c
parent	3ad989f6a814fb7e286de81c10b5fba4a615f920 (diff)