diff options
Diffstat (limited to 'example')
| -rw-r--r-- | example/ndpiReader.c | 27 | ||||
| -rw-r--r-- | example/ndpiSimpleIntegration.c | 6 | ||||
| -rw-r--r-- | example/reader_util.c | 43 | ||||
| -rw-r--r-- | example/reader_util.h | 8 |
4 files changed, 35 insertions, 49 deletions
diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 2e206b578..96dd46881 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -767,7 +767,7 @@ void printCSVHeader() { fprintf(csv_fp, "server_info,"); fprintf(csv_fp, "tls_version,ja3c,tls_client_unsafe,"); fprintf(csv_fp, "ja3s,tls_server_unsafe,"); - fprintf(csv_fp, "tls_alpn,tls_supported_versions,"); + fprintf(csv_fp, "advertised_alpns,negotiated_alpn,tls_supported_versions,"); #if 0 fprintf(csv_fp, "tls_issuerDN,tls_subjectDN,"); #endif @@ -1341,8 +1341,9 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa (flow->ssh_tls.ja3_server[0] != '\0') ? flow->ssh_tls.ja3_server : "", (flow->ssh_tls.ja3_server[0] != '\0') ? is_unsafe_cipher(flow->ssh_tls.server_unsafe_cipher) : "0"); - fprintf(csv_fp, "%s,%s,", - flow->ssh_tls.tls_alpn ? flow->ssh_tls.tls_alpn : "", + fprintf(csv_fp, "%s,%s,%s,", + flow->ssh_tls.advertised_alpns ? flow->ssh_tls.advertised_alpns : "", + flow->ssh_tls.negotiated_alpn ? flow->ssh_tls.negotiated_alpn : "", flow->ssh_tls.tls_supported_versions ? flow->ssh_tls.tls_supported_versions : "" ); @@ -1541,16 +1542,16 @@ static void printFlow(u_int32_t id, struct ndpi_flow_info *flow, u_int16_t threa } } break; + } - case INFO_TLS_QUIC_ALPN_VERSION: - fprintf(out, "[ALPN: %s][TLS Supported Versions: %s]", - flow->tls_quic.alpn, flow->tls_quic.tls_supported_versions); - break; + if(flow->ssh_tls.advertised_alpns) + fprintf(out, "[(Advertised) ALPNs: %s]", flow->ssh_tls.advertised_alpns); - case INFO_TLS_QUIC_ALPN_ONLY: - fprintf(out, "[ALPN: %s]", flow->tls_quic.alpn); - break; - } + if(flow->ssh_tls.negotiated_alpn) + fprintf(out, "[(Negotiated) ALPN: %s]", flow->ssh_tls.negotiated_alpn); + + if(flow->ssh_tls.tls_supported_versions) + fprintf(out, "[TLS Supported Versions: %s]", flow->ssh_tls.tls_supported_versions); if(flow->flow_extra_info[0] != '\0') fprintf(out, "[%s]", flow->flow_extra_info); @@ -3249,14 +3250,14 @@ static void printFlowsStats() { || (all_flows[i].flow->detected_protocol.app_protocol == NDPI_PROTOCOL_TLS) || (all_flows[i].flow->detected_protocol.app_protocol == NDPI_PROTOCOL_DOH_DOT) ) - && all_flows[i].flow->ssh_tls.tls_alpn /* ALPN */ + && all_flows[i].flow->ssh_tls.advertised_alpns /* ALPN */ ) { if(check_bin_doh_similarity(&bins[i], &s)) printf("[DoH (%f distance)]", s); else printf("[NO DoH (%f distance)]", s); } else { - if(all_flows[i].flow->ssh_tls.tls_alpn == NULL) + if(all_flows[i].flow->ssh_tls.advertised_alpns == NULL) printf("[NO DoH check: missing ALPN]"); } } diff --git a/example/ndpiSimpleIntegration.c b/example/ndpiSimpleIntegration.c index 604fef242..81ac179da 100644 --- a/example/ndpiSimpleIntegration.c +++ b/example/ndpiSimpleIntegration.c @@ -943,7 +943,7 @@ static void ndpi_process_packet(uint8_t * const args, { uint8_t unknown_tls_version = 0; char buf_ver[16]; - printf("[%8llu, %d, %4d][TLS-CLIENT-HELLO] version: %s | sni: %s | alpn: %s\n", + printf("[%8llu, %d, %4d][TLS-CLIENT-HELLO] version: %s | sni: %s | (advertised) ALPNs: %s\n", workflow->packets_captured, reader_thread->array_index, flow_to_process->flow_id, @@ -951,8 +951,8 @@ static void ndpi_process_packet(uint8_t * const args, flow_to_process->ndpi_flow->protos.tls_quic.ssl_version, &unknown_tls_version), flow_to_process->ndpi_flow->host_server_name, - (flow_to_process->ndpi_flow->protos.tls_quic.alpn != NULL ? - flow_to_process->ndpi_flow->protos.tls_quic.alpn : "-")); + (flow_to_process->ndpi_flow->protos.tls_quic.advertised_alpns != NULL ? + flow_to_process->ndpi_flow->protos.tls_quic.advertised_alpns : "-")); flow_to_process->tls_client_hello_seen = 1; } if (flow_to_process->tls_server_hello_seen == 0 && diff --git a/example/reader_util.c b/example/reader_util.c index 498c834f8..ba8031185 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -480,9 +480,14 @@ static void ndpi_free_flow_tls_data(struct ndpi_flow_info *flow) { flow->ssh_tls.server_names = NULL; } - if(flow->ssh_tls.tls_alpn) { - ndpi_free(flow->ssh_tls.tls_alpn); - flow->ssh_tls.tls_alpn = NULL; + if(flow->ssh_tls.advertised_alpns) { + ndpi_free(flow->ssh_tls.advertised_alpns); + flow->ssh_tls.advertised_alpns = NULL; + } + + if(flow->ssh_tls.negotiated_alpn) { + ndpi_free(flow->ssh_tls.negotiated_alpn); + flow->ssh_tls.negotiated_alpn = NULL; } if(flow->ssh_tls.tls_supported_versions) { @@ -1248,11 +1253,6 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ssh_tls.browser_heuristics = flow->ndpi_flow->protos.tls_quic.browser_heuristics; - if(flow->ndpi_flow->protos.tls_quic.alpn) { - if((flow->ssh_tls.tls_alpn = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.alpn)) != NULL) - correct_csv_data_field(flow->ssh_tls.tls_alpn); - } - if(flow->ndpi_flow->protos.tls_quic.issuerDN) flow->ssh_tls.tls_issuerDN = strdup(flow->ndpi_flow->protos.tls_quic.issuerDN); @@ -1264,28 +1264,19 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl flow->ssh_tls.encrypted_sni.cipher_suite = flow->ndpi_flow->protos.tls_quic.encrypted_sni.cipher_suite; } - if(flow->ssh_tls.tls_supported_versions) { + if(flow->ndpi_flow->protos.tls_quic.tls_supported_versions) { if((flow->ssh_tls.tls_supported_versions = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.tls_supported_versions)) != NULL) correct_csv_data_field(flow->ssh_tls.tls_supported_versions); } - if(flow->ndpi_flow->protos.tls_quic.alpn - && flow->ndpi_flow->protos.tls_quic.tls_supported_versions) { - correct_csv_data_field(flow->ndpi_flow->protos.tls_quic.alpn); - correct_csv_data_field(flow->ndpi_flow->protos.tls_quic.tls_supported_versions); - - flow->info_type = INFO_TLS_QUIC_ALPN_VERSION; - ndpi_snprintf(flow->tls_quic.alpn, sizeof(flow->tls_quic.alpn), "%s", - flow->ndpi_flow->protos.tls_quic.alpn); - ndpi_snprintf(flow->tls_quic.tls_supported_versions, - sizeof(flow->tls_quic.tls_supported_versions), - "%s", flow->ndpi_flow->protos.tls_quic.tls_supported_versions); - } else if(flow->ndpi_flow->protos.tls_quic.alpn) { - correct_csv_data_field(flow->ndpi_flow->protos.tls_quic.alpn); - - flow->info_type = INFO_TLS_QUIC_ALPN_ONLY; - ndpi_snprintf(flow->tls_quic.alpn, sizeof(flow->tls_quic.alpn), "%s", - flow->ndpi_flow->protos.tls_quic.alpn); + if(flow->ndpi_flow->protos.tls_quic.advertised_alpns) { + if((flow->ssh_tls.advertised_alpns = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.advertised_alpns)) != NULL) + correct_csv_data_field(flow->ssh_tls.advertised_alpns); + } + + if(flow->ndpi_flow->protos.tls_quic.negotiated_alpn) { + if((flow->ssh_tls.negotiated_alpn = ndpi_strdup(flow->ndpi_flow->protos.tls_quic.negotiated_alpn)) != NULL) + correct_csv_data_field(flow->ssh_tls.negotiated_alpn); } if(enable_doh_dot_detection) { diff --git a/example/reader_util.h b/example/reader_util.h index 6a9c7cd40..d8c02c8b6 100644 --- a/example/reader_util.h +++ b/example/reader_util.h @@ -165,8 +165,6 @@ enum info_type { INFO_SOFTETHER, INFO_TIVOCONNECT, INFO_FTP_IMAP_POP_SMTP, - INFO_TLS_QUIC_ALPN_VERSION, - INFO_TLS_QUIC_ALPN_ONLY, INFO_NATPMP, }; @@ -217,10 +215,6 @@ typedef struct ndpi_flow_info { union { char info[256]; struct { - char alpn[128]; - char tls_supported_versions[128]; - } tls_quic; - struct { unsigned char auth_failed; char username[127]; char password[128]; @@ -263,7 +257,7 @@ typedef struct ndpi_flow_info { u_int16_t ssl_version; char server_info[64], client_hassh[33], server_hassh[33], *server_names, - *tls_alpn, *tls_supported_versions, + *advertised_alpns, *negotiated_alpn, *tls_supported_versions, *tls_issuerDN, *tls_subjectDN, ja3_client[33], ja3_server[33], sha1_cert_fingerprint[20]; |