diff options
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 19 | ||||
| -rw-r--r-- | example/reader_util.c | 2 | ||||
| -rw-r--r-- | example/reader_util.h | 1 |
3 files changed, 18 insertions, 4 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index d0c46d43e..5998a37b5 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1096,19 +1096,30 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa } if(flow->ssh_tls.ssl_version != 0) fprintf(out, "[%s]", ndpi_ssl_version2str(flow->ssh_tls.ssl_version)); - if(flow->ssh_tls.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_tls.client_info); + if(flow->ssh_tls.client_info[0] != '\0') fprintf(out, "[Client: %s]", flow->ssh_tls.client_info); if(flow->ssh_tls.client_hassh[0] != '\0') fprintf(out, "[HASSH-C: %s]", flow->ssh_tls.client_hassh); if(flow->ssh_tls.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_tls.ja3_client, print_cipher(flow->ssh_tls.client_unsafe_cipher)); - if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_tls.server_info); + if(flow->ssh_tls.server_info[0] != '\0') fprintf(out, "[Server: %s]", flow->ssh_tls.server_info); if(flow->ssh_tls.server_hassh[0] != '\0') fprintf(out, "[HASSH-S: %s]", flow->ssh_tls.server_hassh); if(flow->ssh_tls.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s%s]", flow->ssh_tls.ja3_server, print_cipher(flow->ssh_tls.server_unsafe_cipher)); - if(flow->ssh_tls.server_organization[0] != '\0') fprintf(out, "[organization: %s]", flow->ssh_tls.server_organization); - if(flow->ssh_tls.server_cipher != '\0') fprintf(out, "[Cipher: %s]", ndpi_cipher2str(flow->ssh_tls.server_cipher)); + if(flow->ssh_tls.server_organization[0] != '\0') fprintf(out, "[Organization: %s]", flow->ssh_tls.server_organization); + + if(flow->ssh_tls.notBefore && flow->ssh_tls.notAfter) { + char notBefore[32], notAfter[32]; + + ctime_r(&flow->ssh_tls.notBefore, notBefore); + notBefore[strlen(notBefore)-1] = '\0'; /* Remove trailer \n */ + ctime_r(&flow->ssh_tls.notAfter, notAfter); + notAfter[strlen(notAfter)-1] = '\0'; /* Remove trailer \n */ + + fprintf(out, "[Validity: %s - %s]", notBefore, notAfter); + } + if(flow->ssh_tls.server_cipher != '\0') fprintf(out, "[Cipher: %s]", ndpi_cipher2str(flow->ssh_tls.server_cipher)); if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); if(flow->dhcp_fingerprint[0] != '\0') fprintf(out, "[DHCP Fingerprint: %s]", flow->dhcp_fingerprint); diff --git a/example/reader_util.c b/example/reader_util.c index c716d1766..9ec50486c 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -977,6 +977,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ndpi_flow->protos.stun_ssl.ssl.server_certificate); snprintf(flow->ssh_tls.server_organization, sizeof(flow->ssh_tls.server_organization), "%s", flow->ndpi_flow->protos.stun_ssl.ssl.server_organization); + flow->ssh_tls.notBefore = flow->ndpi_flow->protos.stun_ssl.ssl.notBefore; + flow->ssh_tls.notAfter = flow->ndpi_flow->protos.stun_ssl.ssl.notAfter; snprintf(flow->ssh_tls.ja3_client, sizeof(flow->ssh_tls.ja3_client), "%s", flow->ndpi_flow->protos.stun_ssl.ssl.ja3_client); snprintf(flow->ssh_tls.ja3_server, sizeof(flow->ssh_tls.ja3_server), "%s", diff --git a/example/reader_util.h b/example/reader_util.h index 0d3c2c9d9..95eac67e8 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -162,6 +162,7 @@ typedef struct ndpi_flow_info { client_hassh[33], server_hassh[33], server_organization[64], ja3_client[33], ja3_server[33]; + time_t notBefore, notAfter; u_int16_t server_cipher; ndpi_cipher_weakness client_unsafe_cipher, server_unsafe_cipher; } ssh_tls; |