Merge pull request #974 from IvanNardi/esni4

Suspicious ESNI usage: add a comment and a pcap example
author: Luca Deri <lucaderi@users.noreply.github.com> 2020-08-13 10:40:51 +0200
committer: GitHub <noreply@github.com> 2020-08-13 10:40:51 +0200
commit: 8090765a648788bce7e923dde78ed242a59c547f (patch)
tree: 60eff8d35dde23e32ebe631506dfe96ed85fbead /src
parent: 9edddee0b7e63ff4fd6e5c19156e422d5712375c (diff)
parent: 2722861d6e79d416d3377af4cf6fdaaba2a18de4 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index f96745dc6..883de7666 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1434,6 +1434,8 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 	      NDPI_SET_BIT(flow->risk, NDPI_TLS_NOT_CARRYING_HTTPS);
 	    }
 
+	    /* Suspicious Domain Fronting:
+	       https://github.com/SixGenInc/Noctilucent/blob/master/docs/ */
 	    if(flow->protos.stun_ssl.ssl.encrypted_sni.esni &&
 	       flow->protos.stun_ssl.ssl.client_requested_server_name[0] != '\0') {
 	      NDPI_SET_BIT(flow->risk, NDPI_TLS_SUSPICIOUS_ESNI_USAGE);
author	Luca Deri <lucaderi@users.noreply.github.com>	2020-08-13 10:40:51 +0200
committer	GitHub <noreply@github.com>	2020-08-13 10:40:51 +0200
commit	8090765a648788bce7e923dde78ed242a59c547f (patch)
tree	60eff8d35dde23e32ebe631506dfe96ed85fbead /src
parent	9edddee0b7e63ff4fd6e5c19156e422d5712375c (diff)
parent	2722861d6e79d416d3377af4cf6fdaaba2a18de4 (diff)