aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--example/ndpiReader.c9
-rw-r--r--fuzz/fuzz_common_code.c2
-rw-r--r--fuzz/fuzz_ndpi_reader.c2
-rw-r--r--fuzz/fuzz_readerutils_parseprotolist.cpp2
-rw-r--r--fuzz/fuzz_readerutils_workflow.cpp2
-rw-r--r--src/include/ndpi_typedefs.h1
-rw-r--r--src/lib/ndpi_main.c3
-rw-r--r--src/lib/ndpi_private.h2
-rw-r--r--src/lib/protocols/tls.c29
9 files changed, 8 insertions, 44 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 0b762e23c..490e0f4cb 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -523,7 +523,7 @@ static void help(u_int long_help) {
"[-f <filter>][-s <duration>][-m <duration>][-b <num bin clusters>]\n"
" [-p <protos>][-l <loops> [-q][-d][-h][-H][-D][-e <len>][-E][-t][-v <level>]\n"
" [-n <threads>][-w <file>][-c <file>][-C <file>][-j <file>][-x <file>]\n"
- " [-r <file>][-j <file>][-S <file>][-T <num>][-U <num>] [-x <domain>][-z]\n"
+ " [-r <file>][-j <file>][-S <file>][-T <num>][-U <num>] [-x <domain>]\n"
" [-a <mode>][-B proto_list]\n\n"
"Usage:\n"
" -i <file.pcap|device> | Specify a pcap file/playlist to read packets from or a\n"
@@ -586,7 +586,6 @@ static void help(u_int long_help) {
" -D | Enable DoH traffic analysis based on content (no DPI)\n"
" -x <domain> | Check domain name [Test only]\n"
" -I | Ignore VLAN id for flow hash calculation\n"
- " -z | Enable JA3+\n"
" -A | Dump internal statistics (LRU caches / Patricia trees / Ahocarasick automas / ...\n"
" -M | Memory allocation stats on data-path (only by the library). It works only on single-thread configuration\n"
" -Z proto:value | Set this value of aggressiveness for this protocol (0 to disable it). This flag can be used multiple times\n"
@@ -989,7 +988,7 @@ static void parseOptions(int argc, char **argv) {
}
while((opt = getopt_long(argc, argv,
- "a:Ab:B:e:Ec:C:dDFf:g:G:i:Ij:k:K:S:hHp:pP:l:r:s:tu:v:V:n:rp:x:X:w:zZ:q0123:456:7:89:m:MT:U:",
+ "a:Ab:B:e:Ec:C:dDFf:g:G:i:Ij:k:K:S:hHp:pP:l:r:s:tu:v:V:n:rp:x:X:w:Z:q0123:456:7:89:m:MT:U:",
longopts, &option_idx)) != EOF) {
#ifdef DEBUG_TRACE
if(trace) fprintf(trace, " #### Handling option -%c [%s] #### \n", opt, optarg ? optarg : "");
@@ -1287,10 +1286,6 @@ static void parseOptions(int argc, char **argv) {
if(max_num_udp_dissected_pkts < 3) max_num_udp_dissected_pkts = 3;
break;
- case 'z':
- init_prefs |= ndpi_enable_ja3_plus;
- break;
-
case OPTLONG_VALUE_LRU_CACHE_SIZE:
if(parse_cache_param(optarg, &cache_idx, &cache_size) == -1) {
printf("Invalid parameter [%s]\n", optarg);
diff --git a/fuzz/fuzz_common_code.c b/fuzz/fuzz_common_code.c
index bc4d32155..d13b519ce 100644
--- a/fuzz/fuzz_common_code.c
+++ b/fuzz/fuzz_common_code.c
@@ -36,7 +36,7 @@ void fuzz_set_alloc_callbacks_and_seed(int seed)
void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_mod)
{
- ndpi_init_prefs prefs = ndpi_enable_ja3_plus;
+ ndpi_init_prefs prefs = ndpi_no_prefs;
NDPI_PROTOCOL_BITMASK all;
NDPI_PROTOCOL_BITMASK debug_bitmask;
diff --git a/fuzz/fuzz_ndpi_reader.c b/fuzz/fuzz_ndpi_reader.c
index 1a6cd7569..9a3eec625 100644
--- a/fuzz/fuzz_ndpi_reader.c
+++ b/fuzz/fuzz_ndpi_reader.c
@@ -18,7 +18,7 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0;
u_int8_t enable_flow_stats = 1;
u_int8_t human_readeable_string_len = 5;
u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */;
-ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_ja3_plus | ndpi_enable_tcp_ack_payload_heuristic;
+ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_tcp_ack_payload_heuristic;
int enable_malloc_bins = 1;
int malloc_size_stats = 0;
int max_malloc_bins = 14;
diff --git a/fuzz/fuzz_readerutils_parseprotolist.cpp b/fuzz/fuzz_readerutils_parseprotolist.cpp
index 771719a8f..b41a83d09 100644
--- a/fuzz/fuzz_readerutils_parseprotolist.cpp
+++ b/fuzz/fuzz_readerutils_parseprotolist.cpp
@@ -13,7 +13,7 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0;
u_int8_t enable_flow_stats = 0;
u_int8_t human_readeable_string_len = 5;
u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */;
-ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_ja3_plus | ndpi_enable_tcp_ack_payload_heuristic;
+ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_tcp_ack_payload_heuristic;
int enable_malloc_bins = 0;
int malloc_size_stats = 0;
int max_malloc_bins = 14;
diff --git a/fuzz/fuzz_readerutils_workflow.cpp b/fuzz/fuzz_readerutils_workflow.cpp
index f753560f2..a271fc2c7 100644
--- a/fuzz/fuzz_readerutils_workflow.cpp
+++ b/fuzz/fuzz_readerutils_workflow.cpp
@@ -15,7 +15,7 @@ u_int8_t enable_protocol_guess = 1, enable_payload_analyzer = 0;
u_int8_t enable_flow_stats = 0;
u_int8_t human_readeable_string_len = 5;
u_int8_t max_num_udp_dissected_pkts = 16 /* 8 is enough for most protocols, Signal requires more */, max_num_tcp_dissected_pkts = 80 /* due to telnet */;
-ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_ja3_plus | ndpi_enable_tcp_ack_payload_heuristic;
+ndpi_init_prefs init_prefs = ndpi_track_flow_payload | ndpi_enable_tcp_ack_payload_heuristic;
int enable_malloc_bins = 0;
int malloc_size_stats = 0;
int max_malloc_bins = 14;
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 3b29cb046..06e55adca 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1511,7 +1511,6 @@ typedef enum {
ndpi_no_prefs = 0,
ndpi_dont_load_tor_list = (1 << 0),
ndpi_dont_init_libgcrypt = (1 << 1),
- ndpi_enable_ja3_plus = (1 << 2),
ndpi_dont_load_azure_list = (1 << 3),
ndpi_dont_load_whatsapp_list = (1 << 4),
ndpi_dont_load_amazon_aws_list = (1 << 5),
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 2dbf92e64..0a29295c2 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -3058,9 +3058,6 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(ndpi_init_prefs
NDPI_BITMASK_RESET(ndpi_str->debug_bitmask);
#endif /* NDPI_ENABLE_DEBUG_MESSAGES */
- if(prefs & ndpi_enable_ja3_plus)
- ndpi_str->enable_ja3_plus = 1;
-
if(!(prefs & ndpi_dont_init_libgcrypt)) {
if(!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
const char *gcrypt_ver = gcry_check_version(NULL);
diff --git a/src/lib/ndpi_private.h b/src/lib/ndpi_private.h
index 8a06804e2..a9500d13d 100644
--- a/src/lib/ndpi_private.h
+++ b/src/lib/ndpi_private.h
@@ -128,7 +128,7 @@ struct ndpi_detection_module_struct {
u_int64_t current_ts;
u_int16_t max_packets_to_process;
u_int16_t num_tls_blocks_to_follow;
- u_int8_t skip_tls_blocks_until_change_cipher:1, enable_ja3_plus:1, _notused:6;
+ u_int8_t skip_tls_blocks_until_change_cipher:1, _notused:7;
u_int8_t tls_certificate_expire_in_x_days;
void *user_data;
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index b86d51f54..1ed8341b6 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1851,26 +1851,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
if(rc <= 0) break; else ja3_str_len += rc;
}
- if(ndpi_struct->enable_ja3_plus) {
- for(i=0; (i<ja3.server.num_elliptic_curve_point_format) && (JA3_STR_LEN > ja3_str_len); i++) {
- rc = ndpi_snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, "%s%u",
- (i > 0) ? "-" : "", ja3.server.elliptic_curve_point_format[i]);
- if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; else break;
- }
-
- if((ja3.server.alpn[0] != '\0') && (JA3_STR_LEN > ja3_str_len)) {
- rc = ndpi_snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len, ",%s", ja3.server.alpn);
- if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc;
- }
-
-#ifdef DEBUG_TLS
- printf("[JA3+] Server: %s \n", ja3_str);
-#endif
- } else {
#ifdef DEBUG_TLS
- printf("[JA3] Server: %s \n", ja3_str);
+ printf("[JA3] Server: %s \n", ja3_str);
#endif
- }
ndpi_MD5Init(&ctx);
ndpi_MD5Update(&ctx, (const unsigned char *)ja3_str, strlen(ja3_str));
@@ -2636,16 +2619,6 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc; else break;
}
- if(ndpi_struct->enable_ja3_plus) {
- rc = ndpi_snprintf(&ja3_str[ja3_str_len], JA3_STR_LEN-ja3_str_len,
- ",%s,%s,%s", ja3.client.signature_algorithms, ja3.client.supported_versions, ja3.client.alpn);
- if((rc > 0) && (ja3_str_len + rc < JA3_STR_LEN)) ja3_str_len += rc;
- }
-
-#ifdef DEBUG_JA3C
- printf("[JA3+] Client: %s \n", ja3_str);
-#endif
-
ndpi_MD5Init(&ctx);
ndpi_MD5Update(&ctx, (const unsigned char *)ja3_str, strlen(ja3_str));
ndpi_MD5Final(md5_hash, &ctx);
Powered by cgit, Themed by Ted Yin.