diff options
| author | Luca Deri <deri@ntop.org> | 2025-04-04 14:09:27 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2025-04-04 14:09:27 +0200 |
| commit | 4f15419b64c3baf6c77d94ec9e5873aa8f89c0da (patch) | |
| tree | c5cc4e6e28aca2da455d153d3ec664150f042bfd /src | |
| parent | 4d41588a7704fb89859fb708bcf526f1638eadb1 (diff) | |
Added check while dissecting non-TCP packets ndpi_search_tls_tcp
Renamed ndpi_search_tls_udp to ndpi_search_dtls
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/tls.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index c6d19775b..3424e55b2 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1381,6 +1381,9 @@ int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t something_went_wrong = 0; message_t *message; + if(packet->tcp == NULL) + return 0; /* Error -> stop (this doesn't seem to be TCP) */ + #ifdef DEBUG_TLS_MEMORY printf("[TLS Mem] ndpi_search_tls_tcp() Processing new packet [payload_packet_len: %u][Dir: %u]\n", packet->payload_packet_len, packet->packet_direction); @@ -1657,7 +1660,8 @@ int is_dtls(const u_int8_t *buf, u_int32_t buf_len, u_int32_t *block_len) { /* **************************************** */ -static int ndpi_search_tls_udp(struct ndpi_detection_module_struct *ndpi_struct, +/* NOTE: this function supports both TCP and UDP */ +static int ndpi_search_dtls(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &ndpi_struct->packet; u_int32_t handshake_len, handshake_frag_off, handshake_frag_len; @@ -1826,7 +1830,7 @@ static void tlsInitExtraPacketProcessing(struct ndpi_detection_module_struct *nd /* At most 12 packets should almost always be enough to find the server certificate if it's there. Exception: DTLS traffic with fragments, retransmissions and STUN packets */ flow->max_extra_packets_to_check = ((packet->udp != NULL) ? 20 : 12) + (ndpi_struct->num_tls_blocks_to_follow*4); - flow->extra_packets_func = (packet->udp != NULL) ? ndpi_search_tls_udp : ndpi_search_tls_tcp; + flow->extra_packets_func = (packet->udp != NULL) ? ndpi_search_dtls : ndpi_search_tls_tcp; } /* **************************************** */ @@ -3399,7 +3403,7 @@ static void ndpi_search_tls_wrapper(struct ndpi_detection_module_struct *ndpi_st if(flow->tls_quic.obfuscated_heur_state == NULL) { if(packet->udp != NULL || flow->stun.maybe_dtls) - rc = ndpi_search_tls_udp(ndpi_struct, flow); + rc = ndpi_search_dtls(ndpi_struct, flow); else rc = ndpi_search_tls_tcp(ndpi_struct, flow); |