From e9e647f04310cddbee5356068c032d819027a877 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 29 Jun 2019 17:34:08 +0200 Subject: ntohl Portability fixes --- src/lib/protocols/quic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib/protocols') diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index d14538e0d..d67414fdf 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -100,8 +100,8 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, && (packet->payload[i+1] == 'N') && (packet->payload[i+2] == 'I') && (packet->payload[i+3] == 0)) { - u_int32_t offset = le32toh(*((u_int32_t*)&packet->payload[i+4])); - u_int32_t prev_offset = le32toh(*((u_int32_t*)&packet->payload[i-4])); + u_int32_t offset = ntohl(*((u_int32_t*)&packet->payload[i+4])); + u_int32_t prev_offset = ntohl(*((u_int32_t*)&packet->payload[i-4])); int len = offset-prev_offset; int sni_offset = i+prev_offset+1; -- cgit v1.2.3 From 06b05e21c627f87fc4bc16830099f30cc7df860b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 30 Jun 2019 08:19:51 +0200 Subject: Improvemnts in SSL certificate detection --- example/ndpiReader.c | 2 +- src/lib/ndpi_main.c | 1 + src/lib/ndpi_utils.c | 9 ++++++++- src/lib/protocols/ssl.c | 6 +++++- 4 files changed, 15 insertions(+), 3 deletions(-) (limited to 'src/lib/protocols') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8551992bf..2a2f1cbf5 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -843,7 +843,7 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa if(flow->ssh_ssl.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s%s]", flow->ssh_ssl.ja3_server, print_cipher(flow->ssh_ssl.server_unsafe_cipher)); if(flow->ssh_ssl.server_organization[0] != '\0') fprintf(out, "[organization: %s]", flow->ssh_ssl.server_organization); - if(flow->ssh_ssl.server_cipher != '\0') fprintf(out, "[%s]", ndpi_cipher2str(flow->ssh_ssl.server_cipher));; + if(flow->ssh_ssl.server_cipher != '\0') fprintf(out, "[Cipher: %s]", ndpi_cipher2str(flow->ssh_ssl.server_cipher)); if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); if(flow->dhcp_fingerprint[0] != '\0') fprintf(out, "[DHCP Fingerprint: %s]", flow->dhcp_fingerprint); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 61ebc7b5d..4112bc657 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4583,6 +4583,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) && flow->packet.tcp && (flow->packet.tcp->syn == 0) + && (flow->guessed_protocol_id == 0) ) { /* This is a TCP flow diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index bcd8e5f48..f48a19393 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -590,7 +590,14 @@ const char* ndpi_cipher2str(u_int32_t cipher) { case 0x060040: return("SSL2_DES_64_CBC_WITH_MD5"); case 0x0700c0: return("SSL2_DES_192_EDE3_CBC_WITH_MD5"); case 0x080080: return("SSL2_RC4_64_WITH_MD5"); - default: return("???"); + case 0x001301: return("TLS_AES_128_GMC_SHA256"); + default: + { + static char buf[8]; + + snprintf(buf, sizeof(buf), "0X%04X", cipher); + return(buf); + } } } diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 947b8371d..f7009a788 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -339,6 +339,10 @@ static void stripCertificateTrailer(char *buffer, int buffer_len) { buffer[i] = '\0', buffer_len = i; } } + + /* Now all lowecase */ + for(i=0; ipayload_packet_len) { + if((server_len+i+3) < packet->payload_packet_len) { char *server_name = (char*)&packet->payload[i+4]; u_int8_t begin = 0, len, j, num_dots; -- cgit v1.2.3