aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols
diff options
context:
space:
mode:
authorIvan Nardi <12729895+IvanNardi@users.noreply.github.com>2024-10-28 23:36:51 +0100
committerGitHub <noreply@github.com>2024-10-28 23:36:51 +0100
commit9da99075aa174a7ecfc00fb9a18d32d3056d8db3 (patch)
treee3ad461c6c651cc5b179f1c8dc7180523c1add69 /src/lib/protocols
parentdc125dc2a8a3aebd9accfd2deaae7dbecb5aae5a (diff)
TLS: export heuristic fingerprint as metadata (#2609)
Diffstat (limited to 'src/lib/protocols')
-rw-r--r--src/lib/protocols/tls.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 048060188..498147181 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -380,6 +380,20 @@ static int tls_obfuscated_heur_search(struct ndpi_detection_module_struct* ndpi_
NDPI_LOG_DBG2(ndpi_struct, "TLS-Obf-Heur: set %d completed\n", i);
if(check_set(ndpi_struct, set)) {
/* Heuristic match */
+
+ /* Export the matching set as metadata */
+ flow->tls_quic.obfuscated_heur_matching_set = ndpi_calloc(1, sizeof(struct ndpi_tls_obfuscated_heuristic_matching_set));
+ if(flow->tls_quic.obfuscated_heur_matching_set) {
+ flow->tls_quic.obfuscated_heur_matching_set->bytes[0] = set->bytes[0];
+ flow->tls_quic.obfuscated_heur_matching_set->bytes[1] = set->bytes[1];
+ flow->tls_quic.obfuscated_heur_matching_set->bytes[2] = set->bytes[2];
+ flow->tls_quic.obfuscated_heur_matching_set->bytes[3] = set->bytes[3];
+ flow->tls_quic.obfuscated_heur_matching_set->pkts[0] = set->pkts[0];
+ flow->tls_quic.obfuscated_heur_matching_set->pkts[1] = set->pkts[1];
+ flow->tls_quic.obfuscated_heur_matching_set->pkts[2] = set->pkts[2];
+ flow->tls_quic.obfuscated_heur_matching_set->pkts[3] = set->pkts[3];
+ }
+
return 2; /* Found */
} else {
/* Close this set and open a new one... */