diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-12-18 12:03:32 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-18 12:03:32 +0100 |
| commit | ec6eea0c230acfdbc4eb26299c74663fbee38032 (patch) | |
| tree | 929b74ffbdb4880d0840f08d52ae987cfccdf556 /src/lib/protocols | |
| parent | 74519f6e1086b95d95d0b9082492ff2b39da2f58 (diff) | |
TLS: fix usage of certificate cache (#1384)
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/tls.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index da29466e8..249752cda 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -283,16 +283,22 @@ static int extractRDNSequence(struct ndpi_packet_struct *packet, /* **************************************** */ static void checkTLSSubprotocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) { + struct ndpi_flow_struct *flow, + int is_from_client) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; if(flow->detected_protocol_stack[1] == NDPI_PROTOCOL_UNKNOWN) { /* Subprotocol not yet set */ if(ndpi_struct->tls_cert_cache && packet->iph && packet->tcp) { - u_int32_t key = packet->iph->daddr + packet->tcp->dest; + u_int32_t key; /* Server ip/port */ u_int16_t cached_proto; + if(is_from_client) + key = packet->iph->daddr + packet->tcp->dest; + else + key = packet->iph->saddr + packet->tcp->source; + if(ndpi_lru_find_cache(ndpi_struct->tls_cert_cache, key, &cached_proto, 0 /* Don't remove it as it can be used for other connections */)) { ndpi_protocol ret = { NDPI_PROTOCOL_TLS, cached_proto, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED }; @@ -640,7 +646,7 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi ndpi_struct->tls_cert_cache = ndpi_lru_cache_init(1024); if(ndpi_struct->tls_cert_cache && packet->iph) { - u_int32_t key = packet->iph->daddr + packet->tcp->dest; + u_int32_t key = packet->iph->saddr + packet->tcp->source; /* Server */ ndpi_lru_add_to_cache(ndpi_struct->tls_cert_cache, key, proto_id); } @@ -813,7 +819,7 @@ static int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct, flow->l4.tcp.tls.certificate_processed = 1; /* No Certificate with TLS 1.3+ */ } - checkTLSSubprotocol(ndpi_struct, flow); + checkTLSSubprotocol(ndpi_struct, flow, packet->payload[0] == 0x01); break; case 0x0b: /* Certificate */ |