aboutsummaryrefslogtreecommitdiff
path: root/wireshark/ndpi.lua
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2022-01-26 09:23:23 +0100
committerLuca Deri <deri@ntop.org>2022-01-26 09:23:23 +0100
commit58a9aff17cec2842b5d232eee5a39c0d58a01a75 (patch)
treeaad123e364d9eb0faf62e233531d510621404eff /wireshark/ndpi.lua
parent14e8808f0351da2f4a4a2a3ce55e42d06c48370a (diff)
Added NDPI_TLS_CERTIFICATE_ABOUT_TO_EXPIRE flow risk
Added ndpi_set_tls_cert_expire_days() API call to modify the number of days for triggering the above alert that by default is set to 30 days
Diffstat (limited to 'wireshark/ndpi.lua')
-rw-r--r--wireshark/ndpi.lua1
1 files changed, 1 insertions, 0 deletions
diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua
index 28e4fce8e..d7cebb969 100644
--- a/wireshark/ndpi.lua
+++ b/wireshark/ndpi.lua
@@ -79,6 +79,7 @@ flow_risks[37] = ProtoField.bool("ndpi.flow_risk.dns_large_packet", "DNS large p
flow_risks[38] = ProtoField.bool("ndpi.flow_risk.dns_fragmented", "DNS fragmented", num_bits_flow_risks, nil, bit(6), "nDPI Flow Risk: DNS message is fragmented")
flow_risks[39] = ProtoField.bool("ndpi.flow_risk.invalid_characters", "Invalid characters", num_bits_flow_risks, nil, bit(7), "nDPI Flow Risk: Text contains non-printable characters")
flow_risks[40] = ProtoField.bool("ndpi.flow_risk.possible_exploit", "Possible Exploit", num_bits_flow_risks, nil, bit(8), "nDPI Flow Risk: Possible exploit detected")
+flow_risks[41] = ProtoField.bool("ndpi.flow_risk.cert_about_to_expire", "TLS cert about to expire", num_bits_flow_risks, nil, bit(9), "nDPI Flow Risk: TLS certificate about to expire")
-- Last one: keep in sync the bitmask when adding new risks!!
flow_risks[64] = ProtoField.new("Unused", "ndpi.flow_risk.unused", ftypes.UINT32, nil, base.HEX, bit(32) - bit(8))
Powered by cgit, Themed by Ted Yin.