diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/protocols/rdp.c | 2 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 7 |
3 files changed, 8 insertions, 3 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 8ce77bf54..95c295108 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1426,7 +1426,7 @@ struct ndpi_flow_struct { struct { message_t message[2]; /* Directions */ - u_int8_t certificate_processed:1, change_cipher_from_client:1, change_cipher_from_server:1, from_opportunistic_tls:1, pad:4; + u_int8_t certificate_processed:1, change_cipher_from_client:1, change_cipher_from_server:1, from_opportunistic_tls:1, from_rdp:1, pad:3; struct tls_obfuscated_heuristic_state *obfuscated_heur_state; struct ndpi_tls_obfuscated_heuristic_matching_set *obfuscated_heur_matching_set; } tls_quic; /* Used also by DTLS and POPS/IMAPS/SMTPS/FTPS */ diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c index 5831c01b7..23e50af63 100644 --- a/src/lib/protocols/rdp.c +++ b/src/lib/protocols/rdp.c @@ -91,7 +91,7 @@ static void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, if((rdp_requested_proto & 0x1) == 0x1) { /* RDP Response + Client Hello + Server hello */ flow->max_extra_packets_to_check = 5; - + flow->tls_quic.from_rdp = 1; flow->extra_packets_func = ndpi_search_tls_over_rdp; } } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 1dcae22c4..c45d42de1 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1087,7 +1087,8 @@ void processCertificateElements(struct ndpi_detection_module_struct *ndpi_struct } if(ndpi_struct->cfg.tls_subclassification_enabled && - !flow->protos.tls_quic.subprotocol_detected) { + !flow->protos.tls_quic.subprotocol_detected && + !flow->tls_quic.from_rdp) { /* No (other) sub-classification; we will have TLS.RDP anyway */ if(ndpi_match_hostname_protocol(ndpi_struct, flow, __get_master(ndpi_struct, flow), dNSName, dNSName_len)) { flow->protos.tls_quic.subprotocol_detected = 1; ndpi_unset_risk(ndpi_struct, flow, NDPI_NUMERIC_IP_HOST); @@ -2855,10 +2856,14 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, if(!is_quic) { if(ndpi_struct->cfg.tls_subclassification_enabled && + flow->protos.tls_quic.subprotocol_detected == 0 && + !flow->tls_quic.from_rdp && /* No (other) sub-classification; we will have TLS.RDP anyway */ ndpi_match_hostname_protocol(ndpi_struct, flow, __get_master(ndpi_struct, flow), sni, sni_len)) flow->protos.tls_quic.subprotocol_detected = 1; } else { if(ndpi_struct->cfg.quic_subclassification_enabled && + flow->protos.tls_quic.subprotocol_detected == 0 && + !flow->tls_quic.from_rdp && /* No (other) sub-classification; we will have TLS.RDP anyway */ ndpi_match_hostname_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, sni, sni_len)) flow->protos.tls_quic.subprotocol_detected = 1; } |