From f3a74d97d845d07628533717666637e1630aa1ed Mon Sep 17 00:00:00 2001 From: Nardi Ivan Date: Tue, 27 Sep 2022 20:01:32 +0200 Subject: TLS/DTLS: we process certificate for UDP flows, too Note that current code access `certificate_processed` state even before setting the protocol classification, so this piece of information can't be saved in `flow->protos` union. --- src/include/ndpi_typedefs.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/include') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 4c6e7ad99..9dfa80c9a 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -708,7 +708,6 @@ struct ndpi_flow_tcp_struct { message_t message[2]; /* Directions */ /* NDPI_PROTOCOL_TLS */ - u_int8_t certificate_processed:1, fingerprint_set:1, _pad:6; u_int8_t app_data_seen[2]; u_int8_t num_tls_blocks; int16_t tls_application_blocks_len[NDPI_MAX_NUM_TLS_APPL_BLOCKS]; /* + = src->dst, - = dst->src */ @@ -1367,6 +1366,10 @@ struct ndpi_flow_struct { u_int16_t num_processed_pkts; } stun; + struct { + u_int8_t certificate_processed:1, _pad:7; + } tls_quic; /* Used also by DTLS and POPS/IMAPS/SMTPS/FTPS */ + union { /* the only fields useful for nDPI and ntopng */ struct { @@ -1397,7 +1400,7 @@ struct ndpi_flow_struct { char ja3_client[33], ja3_server[33]; u_int16_t server_cipher; u_int8_t sha1_certificate_fingerprint[20]; - u_int8_t hello_processed:1, subprotocol_detected:1, _pad:6; + u_int8_t hello_processed:1, subprotocol_detected:1, fingerprint_set:1, _pad:5; #ifdef TLS_HANDLE_SIGNATURE_ALGORITMS /* Under #ifdef to save memory for those who do not need them */ -- cgit v1.2.3