aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/ndpi_typedefs.h1
-rw-r--r--src/lib/protocols/tls.c6
2 files changed, 7 insertions, 0 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 24302075e..74df9e957 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -709,6 +709,7 @@ struct ndpi_flow_tcp_struct {
/* NDPI_PROTOCOL_TLS */
u_int8_t certificate_processed:1, fingerprint_set:1, _pad:6;
+ u_int8_t app_data_seen[2];
u_int8_t num_tls_blocks;
int16_t tls_application_blocks_len[NDPI_MAX_NUM_TLS_APPL_BLOCKS]; /* + = src->dst, - = dst->src */
} tls;
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 99c469766..53e79d161 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1052,6 +1052,12 @@ static int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
ndpi_int_tls_add_connection(ndpi_struct, flow);
}
+ /* If we have seen Application Data blocks in both directions, it means
+ we are after the handshake. Stop extra processing */
+ flow->l4.tcp.tls.app_data_seen[packet->packet_direction] = 1;
+ if(flow->l4.tcp.tls.app_data_seen[!packet->packet_direction] == 1)
+ flow->l4.tcp.tls.certificate_processed = 1;
+
if(flow->l4.tcp.tls.certificate_processed) {
if(flow->l4.tcp.tls.num_tls_blocks < ndpi_struct->num_tls_blocks_to_follow)
flow->l4.tcp.tls.tls_application_blocks_len[flow->l4.tcp.tls.num_tls_blocks++] =
Powered by cgit, Themed by Ted Yin.