Added TLS fatal alert flow risk

author: Luca Deri <deri@ntop.org> 2021-08-07 19:40:44 +0200
committer: Luca Deri <deri@ntop.org> 2021-08-07 19:40:44 +0200
commit: 4183718952b248f4c5cf6637dfcc03bbffa27f2f (patch)
tree: b87e6c5ce0c3301872d7cffa54cad7765fec3b60 /wireshark
parent: e8455236bdb1f4555215d7d2f4dcc749ea1ae7a9 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua
index 66b3c6138..2586a5616 100644
--- a/wireshark/ndpi.lua
+++ b/wireshark/ndpi.lua
@@ -70,6 +70,8 @@ flow_risks[30] = ProtoField.bool("ndpi.flow_risk.desktop_file_sharing_session",
 flow_risks[31] = ProtoField.bool("ndpi.flow_risk.uncommon_tls_alpn", "Uncommon TLS ALPN", num_bits_flow_risks, nil, bit(31), "nDPI Flow Risk: Uncommon TLS ALPN")
 -- FIXME: Workaround for masks 32+ bits
 -- flow_risks[32] = ProtoField.bool("ndpi.flow_risk.cert_validity_too_long", "TLS certificate validity longer than 13 months", num_bits_flow_risks, nil, bit(32), "nDPI Flow Risk: TLS certificate validity longer than 13 months")
+-- flow_risks[33] = ProtoField.bool("ndpi.flow_risk.suspicious_extension", "TLS suspicious extension", num_bits_flow_risks, nil, bit(33), "nDPI Flow Risk: TLS suspicious extension")
+-- flow_risks[34] = ProtoField.bool("ndpi.flow_risk.fatal_alert", "TLS fatal alert detected", num_bits_flow_risks, nil, bit(34), "nDPI Flow Risk: TLS fatal alert")
 
 for _,v in pairs(flow_risks) do
   ndpi_fds[#ndpi_fds + 1] = v
author	Luca Deri <deri@ntop.org>	2021-08-07 19:40:44 +0200
committer	Luca Deri <deri@ntop.org>	2021-08-07 19:40:44 +0200
commit	4183718952b248f4c5cf6637dfcc03bbffa27f2f (patch)
tree	b87e6c5ce0c3301872d7cffa54cad7765fec3b60 /wireshark
parent	e8455236bdb1f4555215d7d2f4dcc749ea1ae7a9 (diff)