diff options
| author | Luca Deri <deri@ntop.org> | 2021-02-04 22:06:18 +0100 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2021-02-04 22:06:18 +0100 |
| commit | 54636a32131b4cc348b3e2154c2f441cb7678e4c (patch) | |
| tree | 6691de68d2dd9e8154857b23b7d77feb6e89b877 /src | |
| parent | 679c317c5770b7aa4cb93bdf1c436041cada82e5 (diff) | |
Improved (partial) TLS dissection
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/tls.c | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 0eebe7773..d9c5765d8 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -618,7 +618,7 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct, printf("[TLS] SHA-1: "); for(i=0;i<20;i++) - printf("%s%02X", (i > 0) ? ":" : "", flow->l4.tcp.tls.sha1_certificate_fingerprint[i]); + printf("%s%02X", (i > 0) ? ":" : "", flow->protos.tls_quic_stun.tls_quic.sha1_certificate_fingerprint[i]); printf("\n"); } #endif @@ -684,6 +684,16 @@ static int processTLSBlock(struct ndpi_detection_module_struct *ndpi_struct, /* **************************************** */ +static void ndpi_looks_like_tls(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + // ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TLS, NDPI_PROTOCOL_UNKNOWN); + + if(flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) + flow->guessed_protocol_id = NDPI_PROTOCOL_TLS; +} + +/* **************************************** */ + static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -773,21 +783,25 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, } processTLSBlock(ndpi_struct, flow); - + ndpi_looks_like_tls(ndpi_struct, flow); + processed += packet->payload_packet_len; } } else { /* Process element as a whole */ - if((content_type == 0x17 /* Application Data */) - && (flow->l4.tcp.tls.certificate_processed)) { - if(flow->l4.tcp.tls.num_tls_blocks < ndpi_struct->num_tls_blocks_to_follow) - flow->l4.tcp.tls.tls_application_blocks_len[flow->l4.tcp.tls.num_tls_blocks++] = - (packet->packet_direction == 0) ? (len-5) : -(len-5); - + if(content_type == 0x17 /* Application Data */) { + ndpi_looks_like_tls(ndpi_struct, flow); + + if(flow->l4.tcp.tls.certificate_processed) { + if(flow->l4.tcp.tls.num_tls_blocks < ndpi_struct->num_tls_blocks_to_follow) + flow->l4.tcp.tls.tls_application_blocks_len[flow->l4.tcp.tls.num_tls_blocks++] = + (packet->packet_direction == 0) ? (len-5) : -(len-5); + #ifdef DEBUG_TLS_BLOCKS - printf("*** [TLS Block] [len: %u][num_tls_blocks: %u/%u]\n", - len-5, flow->l4.tcp.tls.num_tls_blocks, ndpi_struct->num_tls_blocks_to_follow); + printf("*** [TLS Block] [len: %u][num_tls_blocks: %u/%u]\n", + len-5, flow->l4.tcp.tls.num_tls_blocks, ndpi_struct->num_tls_blocks_to_follow); #endif + } } } |