From 64ed0ac6b33744263e7a05010db366efa925eea1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 17 Sep 2019 00:11:17 +0200 Subject: Various STUN improvements --- src/lib/protocols/tls.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'src/lib/protocols/tls.c') diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index f468df8d8..0df5d52e0 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1329,16 +1329,18 @@ void ndpi_search_tls_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, flow->guessed_protocol_id = NDPI_PROTOCOL_TLS; if(flow->protos.stun_ssl.stun.num_udp_pkts > 0) { - u_int32_t key = get_stun_lru_key(flow, 1); - if(ndpi_struct->stun_cache == NULL) ndpi_struct->stun_cache = ndpi_lru_cache_init(1024); - ndpi_lru_add_to_cache(ndpi_struct->stun_cache, key, NDPI_PROTOCOL_SIGNAL); + if(ndpi_struct->stun_cache) { #ifdef DEBUG_TLS - printf("[LRU] Adding Signal cached key %u\n", key); + printf("[LRU] Adding Signal cached keys\n"); #endif - + + ndpi_lru_add_to_cache(ndpi_struct->stun_cache, get_stun_lru_key(flow, 0), NDPI_PROTOCOL_SIGNAL); + ndpi_lru_add_to_cache(ndpi_struct->stun_cache, get_stun_lru_key(flow, 1), NDPI_PROTOCOL_SIGNAL); + } + /* In Signal protocol STUN turns into DTLS... */ ndpi_int_tls_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SIGNAL); } else if(flow->protos.stun_ssl.ssl.ja3_server[0] != '\0') { -- cgit v1.2.3 From 10e560a5088e37520db9148c727f7e2f62c8ed68 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Tue, 17 Sep 2019 18:09:17 +0200 Subject: Fix notBefore/notAfter issues --- src/lib/protocols/tls.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'src/lib/protocols/tls.c') diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 0df5d52e0..188011300 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -918,17 +918,18 @@ void getSSLorganization(struct ndpi_detection_module_struct *ndpi_struct, if(len < (sizeof(utcDate)-1)) { struct tm utc; + utc.tm_isdst = -1; /* Not set by strptime */ strncpy(utcDate, (const char*)&packet->payload[i+4], len); utcDate[len] = '\0'; /* 141021000000Z */ - if(strptime(utcDate, "%y%m%d%H%M%SZ", &utc) != NULL) { + if(strptime(utcDate, "%d%m%y%H%M%SZ", &utc) != NULL) { + flow->protos.stun_ssl.ssl.notBefore = timegm(&utc); #ifdef DEBUG_TLS printf("[CERTIFICATE] notBefore %u [%s]\n", - (unsigned int)mktime(&utc), utcDate); + flow->protos.stun_ssl.ssl.notBefore, utcDate); #endif - flow->protos.stun_ssl.ssl.notBefore = timegm(&utc); } } @@ -948,17 +949,18 @@ void getSSLorganization(struct ndpi_detection_module_struct *ndpi_struct, if(len < (sizeof(utcDate)-1)) { struct tm utc; + utc.tm_isdst = -1; /* Not set by strptime */ strncpy(utcDate, (const char*)&packet->payload[offset], len); utcDate[len] = '\0'; /* 141021000000Z */ - if(strptime(utcDate, "%y%m%d%H%M%SZ", &utc) != NULL) { + if(strptime(utcDate, "%d%m%y%H%M%SZ", &utc) != NULL) { + flow->protos.stun_ssl.ssl.notAfter = timegm(&utc); #ifdef DEBUG_TLS printf("[CERTIFICATE] notAfter %u [%s]\n", - (unsigned int)mktime(&utc), utcDate); + flow->protos.stun_ssl.ssl.notAfter, utcDate); #endif - flow->protos.stun_ssl.ssl.notAfter = timegm(&utc); } } } -- cgit v1.2.3 From e152e687a551ac4a0f2ff621868a5a8cbe883f56 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Tue, 17 Sep 2019 18:43:11 +0200 Subject: Fix notBefore/notAfter broken in previous commit --- src/lib/protocols/tls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib/protocols/tls.c') diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 188011300..8a4d0c3ac 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -924,7 +924,7 @@ void getSSLorganization(struct ndpi_detection_module_struct *ndpi_struct, utcDate[len] = '\0'; /* 141021000000Z */ - if(strptime(utcDate, "%d%m%y%H%M%SZ", &utc) != NULL) { + if(strptime(utcDate, "%y%m%d%H%M%SZ", &utc) != NULL) { flow->protos.stun_ssl.ssl.notBefore = timegm(&utc); #ifdef DEBUG_TLS printf("[CERTIFICATE] notBefore %u [%s]\n", @@ -955,7 +955,7 @@ void getSSLorganization(struct ndpi_detection_module_struct *ndpi_struct, utcDate[len] = '\0'; /* 141021000000Z */ - if(strptime(utcDate, "%d%m%y%H%M%SZ", &utc) != NULL) { + if(strptime(utcDate, "%y%m%d%H%M%SZ", &utc) != NULL) { flow->protos.stun_ssl.ssl.notAfter = timegm(&utc); #ifdef DEBUG_TLS printf("[CERTIFICATE] notAfter %u [%s]\n", -- cgit v1.2.3