diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-10-28 23:36:51 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-28 23:36:51 +0100 |
| commit | 9da99075aa174a7ecfc00fb9a18d32d3056d8db3 (patch) | |
| tree | e3ad461c6c651cc5b179f1c8dc7180523c1add69 /src/lib/protocols | |
| parent | dc125dc2a8a3aebd9accfd2deaae7dbecb5aae5a (diff) | |
TLS: export heuristic fingerprint as metadata (#2609)
Diffstat (limited to 'src/lib/protocols')
| -rw-r--r-- | src/lib/protocols/tls.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 048060188..498147181 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -380,6 +380,20 @@ static int tls_obfuscated_heur_search(struct ndpi_detection_module_struct* ndpi_ NDPI_LOG_DBG2(ndpi_struct, "TLS-Obf-Heur: set %d completed\n", i); if(check_set(ndpi_struct, set)) { /* Heuristic match */ + + /* Export the matching set as metadata */ + flow->tls_quic.obfuscated_heur_matching_set = ndpi_calloc(1, sizeof(struct ndpi_tls_obfuscated_heuristic_matching_set)); + if(flow->tls_quic.obfuscated_heur_matching_set) { + flow->tls_quic.obfuscated_heur_matching_set->bytes[0] = set->bytes[0]; + flow->tls_quic.obfuscated_heur_matching_set->bytes[1] = set->bytes[1]; + flow->tls_quic.obfuscated_heur_matching_set->bytes[2] = set->bytes[2]; + flow->tls_quic.obfuscated_heur_matching_set->bytes[3] = set->bytes[3]; + flow->tls_quic.obfuscated_heur_matching_set->pkts[0] = set->pkts[0]; + flow->tls_quic.obfuscated_heur_matching_set->pkts[1] = set->pkts[1]; + flow->tls_quic.obfuscated_heur_matching_set->pkts[2] = set->pkts[2]; + flow->tls_quic.obfuscated_heur_matching_set->pkts[3] = set->pkts[3]; + } + return 2; /* Found */ } else { /* Close this set and open a new one... */ |