diff options
| -rw-r--r-- | example/ndpiReader.c | 15 | ||||
| -rw-r--r-- | example/reader_util.c | 33 | ||||
| -rw-r--r-- | example/reader_util.h | 1 |
3 files changed, 40 insertions, 9 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index b91ddcccf..1f09e610e 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -604,8 +604,9 @@ void printCSVHeader() { fprintf(csv_fp, "client_info,server_info,"); fprintf(csv_fp, "tls_version,ja3c,tls_client_unsafe,"); fprintf(csv_fp, "ja3s,tls_server_unsafe,"); + fprintf(csv_fp, "tls_alpn,tls_supported_versions,"); fprintf(csv_fp, "ssh_client_hassh,ssh_server_hassh,flow_info"); - + /* Joy */ if(enable_joy_stats) { fprintf(csv_fp, ",byte_dist_mean,byte_dist_std,entropy,total_entropy"); @@ -1091,15 +1092,17 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa (flow->ssh_tls.client_requested_server_name[0] != '\0') ? flow->ssh_tls.client_requested_server_name : "", (flow->ssh_tls.server_info[0] != '\0') ? flow->ssh_tls.server_info : ""); - fprintf(csv_fp, "%s,%s,%s,", + fprintf(csv_fp, "%s,%s,%s,%s,%s,", (flow->ssh_tls.ssl_version != 0) ? ndpi_ssl_version2str(flow->ssh_tls.ssl_version, &known_tls) : "0", (flow->ssh_tls.ja3_client[0] != '\0') ? flow->ssh_tls.ja3_client : "", - (flow->ssh_tls.ja3_client[0] != '\0') ? is_unsafe_cipher(flow->ssh_tls.client_unsafe_cipher) : "0"); - - fprintf(csv_fp, "%s,%s,", + (flow->ssh_tls.ja3_client[0] != '\0') ? is_unsafe_cipher(flow->ssh_tls.client_unsafe_cipher) : "0", (flow->ssh_tls.ja3_server[0] != '\0') ? flow->ssh_tls.ja3_server : "", (flow->ssh_tls.ja3_server[0] != '\0') ? is_unsafe_cipher(flow->ssh_tls.server_unsafe_cipher) : "0"); - + + fprintf(csv_fp, "%s,%s,", + flow->ssh_tls.tls_alpn ? flow->ssh_tls.tls_alpn : "", + flow->ssh_tls.tls_supported_versions ? flow->ssh_tls.tls_supported_versions : "" + ); fprintf(csv_fp, "%s,%s", (flow->ssh_tls.client_hassh[0] != '\0') ? flow->ssh_tls.client_hassh : "", (flow->ssh_tls.server_hassh[0] != '\0') ? flow->ssh_tls.server_hassh : "" diff --git a/example/reader_util.c b/example/reader_util.c index 8b7f55fe4..ec070afb3 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -458,7 +458,18 @@ void ndpi_flow_info_freer(void *node) { ndpi_free_flow_data_analysis(flow); if(flow->ssh_tls.server_names) { - ndpi_free(flow->ssh_tls.server_names); flow->ssh_tls.server_names = NULL; + ndpi_free(flow->ssh_tls.server_names); + flow->ssh_tls.server_names = NULL; + } + + if(flow->ssh_tls.tls_alpn) { + ndpi_free(flow->ssh_tls.tls_alpn); + flow->ssh_tls.tls_alpn = NULL; + } + + if(flow->ssh_tls.tls_supported_versions) { + ndpi_free(flow->ssh_tls.tls_supported_versions); + flow->ssh_tls.tls_supported_versions = NULL; } ndpi_free(flow); @@ -949,6 +960,8 @@ static u_int8_t is_ndpi_proto(struct ndpi_flow_info *flow, u_int16_t id) { /* ****************************************************** */ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { + u_int i; + if(!flow->ndpi_flow) return; snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", @@ -960,7 +973,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl if(is_ndpi_proto(flow, NDPI_PROTOCOL_DHCP)) { snprintf(flow->dhcp_fingerprint, sizeof(flow->dhcp_fingerprint), "%s", flow->ndpi_flow->protos.dhcp.fingerprint); } else if(is_ndpi_proto(flow, NDPI_PROTOCOL_BITTORRENT)) { - u_int i, j, n = 0; + u_int j, n = 0; for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { sprintf(&flow->bittorent_hash[j], "%02x", @@ -1075,6 +1088,20 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ssh_tls.sha1_cert_fingerprint_set = 1; } + if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn) { + if((flow->ssh_tls.tls_alpn = ndpi_strdup(flow->ndpi_flow->protos.stun_ssl.ssl.alpn)) != NULL) { + /* Replace , with ; to avoid issues with CSVs */ + for(i=0; flow->ssh_tls.tls_alpn[i] != '\0'; i++) if(flow->ssh_tls.tls_alpn[i] == ',') flow->ssh_tls.tls_alpn[i] = ';'; + } + } + + if(flow->ssh_tls.tls_supported_versions) { + if((flow->ssh_tls.tls_supported_versions = ndpi_strdup(flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions)) != NULL) { + /* Replace , with ; to avoid issues with CSVs */ + for(i=0; flow->ssh_tls.tls_supported_versions[i] != '\0'; i++) if(flow->ssh_tls.tls_supported_versions[i] == ',') flow->ssh_tls.tls_supported_versions[i] = ';'; + } + } + if(flow->ndpi_flow->protos.stun_ssl.ssl.alpn && flow->ndpi_flow->protos.stun_ssl.ssl.tls_supported_versions) snprintf(flow->info, sizeof(flow->info), "ALPN: %s][TLS Supported Versions: %s", @@ -1522,7 +1549,7 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow, if(header->caplen < (eth_offset + radio_len + sizeof(struct ndpi_wifi_header))) return(nproto); - + /* Calculate 802.11 header length (variable) */ wifi = (struct ndpi_wifi_header*)( packet + eth_offset + radio_len); diff --git a/example/reader_util.h b/example/reader_util.h index d54b4d611..942c1f361 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -198,6 +198,7 @@ typedef struct ndpi_flow_info { u_int16_t ssl_version; char client_requested_server_name[64], server_info[64], client_hassh[33], server_hassh[33], *server_names, + *tls_alpn, *tls_supported_versions, server_organization[64], ja3_client[33], ja3_server[33], sha1_cert_fingerprint[20]; |