diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2021-09-16 14:34:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-16 14:34:59 +0200 |
| commit | 6325aebda6c583d8acb21e664ad805418bb4e747 (patch) | |
| tree | 6ce4e598b98f7772a9bb68d30bdcea9f6309b90a /src/lib | |
| parent | 978c9cfda376d008aa4801205f3dd887638d5053 (diff) | |
TLS: avoid zeroing large structures (#1300)
Zeroing large structures (i.e. size > KB) is quite costly (from a CPU point
of view): we can safely avoid doing that for a couple of big structures.
Standard and Valgrind tests have been diverging quite a lot: it is time
to re-sync them. Use the same script and enable Valgrind via an
enviroment variable:
NDPI_TESTS_VALGRIND=1 ./tests/do.sh
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/protocols/tls.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index b1d3d2c5e..2270b05ab 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -313,9 +313,11 @@ static void processCertificateElements(struct ndpi_detection_module_struct *ndpi u_int16_t p_offset, u_int16_t certificate_len) { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t num_found = 0, i; - char buffer[64] = { '\0' }, rdnSeqBuf[2048] = { '\0' }; + char buffer[64] = { '\0' }, rdnSeqBuf[2048]; u_int rdn_len = 0; + rdnSeqBuf[0] = '\0'; + #ifdef DEBUG_TLS printf("[TLS] %s() [offset: %u][certificate_len: %u]\n", __FUNCTION__, p_offset, certificate_len); #endif @@ -1222,7 +1224,6 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, printf("TLS %s() called\n", __FUNCTION__); #endif - memset(&ja3, 0, sizeof(ja3)); handshake_type = packet->payload[0]; total_len = (packet->payload[1] << 16) + (packet->payload[2] << 8) + packet->payload[3]; @@ -1254,6 +1255,11 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, if(handshake_type == 0x02 /* Server Hello */) { int i, rc; + ja3.server.num_cipher = 0; + ja3.server.num_tls_extension = 0; + ja3.server.num_elliptic_curve_point_format = 0; + ja3.server.alpn[0] = '\0'; + ja3.server.tls_handshake_version = tls_version; #ifdef DEBUG_TLS @@ -1474,6 +1480,14 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t cipher_len, cipher_offset; u_int8_t cookie_len = 0; + ja3.client.num_cipher = 0; + ja3.client.num_tls_extension = 0; + ja3.client.num_elliptic_curve = 0; + ja3.client.num_elliptic_curve_point_format = 0; + ja3.client.signature_algorithms[0] = '\0'; + ja3.client.supported_versions[0] = '\0'; + ja3.client.alpn[0] = '\0'; + flow->protos.tls_quic_stun.tls_quic.ssl_version = ja3.client.tls_handshake_version = tls_version; if(flow->protos.tls_quic_stun.tls_quic.ssl_version < 0x0302) /* TLSv1.1 */ ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_OBSOLETE_VERSION); |