diff options
| -rw-r--r-- | example/ndpiReader.c | 4 | ||||
| -rw-r--r-- | example/reader_util.c | 9 | ||||
| -rw-r--r-- | src/lib/protocols/kerberos.c | 11 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 15 |
4 files changed, 20 insertions, 19 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 6a52cc953..77b1a3591 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -602,7 +602,7 @@ void printCSVHeader() { fprintf(csv_fp, "client_info,server_info,"); fprintf(csv_fp, "tls_version,ja3c,tls_client_unsafe,"); fprintf(csv_fp, "ja3s,tls_server_unsafe,"); - fprintf(csv_fp, "ssh_client_hassh,ssh_server_hassh"); + fprintf(csv_fp, "ssh_client_hassh,ssh_server_hassh,flow_info"); /* Joy */ if(enable_joy_stats) { @@ -1099,6 +1099,8 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa (flow->ssh_tls.client_hassh[0] != '\0') ? flow->ssh_tls.client_hassh : "", (flow->ssh_tls.server_hassh[0] != '\0') ? flow->ssh_tls.server_hassh : "" ); + + fprintf(csv_fp, ",%s", flow->info); } if((verbose != 1) && (verbose != 2)) { diff --git a/example/reader_util.c b/example/reader_util.c index 1d19e8b41..a1a712837 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -993,6 +993,15 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl } else if(flow->ndpi_flow->protos.kerberos.domain[0] != '\0') snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.kerberos.domain); + +#if 0 + if(flow->info[0] != '\0') + printf("->> (%d) [%s][%s][%s]<<--\n", + htons(flow->src_port), + flow->ndpi_flow->protos.kerberos.domain, + flow->ndpi_flow->protos.kerberos.hostname, + flow->ndpi_flow->protos.kerberos.username); +#endif } /* HTTP */ else if((flow->detected_protocol.master_protocol == NDPI_PROTOCOL_HTTP) diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index 81f84a8ac..2d062ce4e 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -28,7 +28,7 @@ #include "ndpi_api.h" -//#define KERBEROS_DEBUG 1 +/* #define KERBEROS_DEBUG 1 */ #define KERBEROS_PORT 88 @@ -190,7 +190,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t name_offset; name_offset = body_offset + 13; - for(i=0; i<10; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */ + for(i=0; i<20; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */ #ifdef KERBEROS_DEBUG printf("name_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", name_offset, packet->payload[name_offset], packet->payload[name_offset+1]); @@ -222,8 +222,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, for(i=0; i<cname_len; i++) cname_str[i] = tolower(cname_str[i]); #ifdef KERBEROS_DEBUG - printf("[AS-REQ][s/dport: %u/%u][Kerberos Cname][len: %u][%s]\n", - sport, dport, cname_len, cname_str); + printf("[AS-REQ][s/dport: %u/%u][Kerberos Cname][len: %u][%s]\n", sport, dport, cname_len, cname_str); #endif if(((strcmp(cname_str, "host") == 0) || (strcmp(cname_str, "ldap") == 0)) && (packet->payload[name_offset+1+cname_len] == 0x1b)) { @@ -242,7 +241,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, } else snprintf(flow->protos.kerberos.username, sizeof(flow->protos.kerberos.username), "%s", cname_str); - for(i=0; i<10; i++) if(packet->payload[realm_offset] != 0x1b) name_offset++; /* ASN.1 */ + for(i=0; i<14; i++) if(packet->payload[realm_offset] != 0x1b) realm_offset++; /* ASN.1 */ #ifdef KERBEROS_DEBUG printf("realm_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", realm_offset, packet->payload[realm_offset], packet->payload[realm_offset+1]); #endif @@ -279,7 +278,7 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, u_int name_offset, padding_offset = body_offset + 4; name_offset = padding_offset; - for(i=0; i<10; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */ + for(i=0; i<14; i++) if(packet->payload[name_offset] != 0x1b) name_offset++; /* ASN.1 */ #ifdef KERBEROS_DEBUG printf("name_offset=%u [%02X %02X] [byte 0 must be 0x1b]\n", name_offset, packet->payload[name_offset], packet->payload[name_offset+1]); diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 1d7d2a02b..3fda1d22a 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -33,7 +33,7 @@ extern char *strptime(const char *s, const char *format, struct tm *tm); -/* #define DEBUG_TLS 1 */ +/* #define DEBUG_TLS 1 */ /* #define DEBUG_FINGERPRINT 1 */ /* @@ -252,7 +252,6 @@ int getTLScertificate(struct ndpi_detection_module_struct *ndpi_struct, } total_len += header_len; - memset(buffer, 0, buffer_len); /* Truncate total len, search at least in incomplete packet */ @@ -966,8 +965,8 @@ void getSSLorganization(struct ndpi_detection_module_struct *ndpi_struct, memset(buffer, 0, buffer_len); /* Check after handshake protocol header (5 bytes) and message header (4 bytes) */ - u_int num_found = 0; - u_int i, j; + u_int num_found = 0, i, j; + for(i = 9; i < packet->payload_packet_len-4; i++) { /* Organization OID: 2.5.4.10 */ if((packet->payload[i] == 0x55) && (packet->payload[i+1] == 0x04) && (packet->payload[i+2] == 0x0a)) { @@ -1083,7 +1082,6 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi getSSCertificateFingerprint(ndpi_struct, flow); } -#if 1 /* consider only specific SSL packets (handshake) */ if((packet->payload_packet_len > 9) && (packet->payload[0] == 0x16)) { char certificate[64]; @@ -1101,12 +1099,6 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi getSSLorganization(ndpi_struct, flow, organization, sizeof(organization)); packet->tls_certificate_detected++; -#if 0 - if((flow->l4.tcp.tls_seen_server_cert == 1) - && (flow->protos.stun_ssl.ssl.server_certificate[0] != '\0')) - /* 0 means we've done processing extra packets (since we found what we wanted) */ - return 0; -#endif } if(flow->l4.tcp.tls_record_offset == 0) { @@ -1123,7 +1115,6 @@ int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi } } } -#endif /* 1 means keep looking for more packets */ if(!flow->l4.tcp.tls_srv_cert_fingerprint_processed) rc = 1; |