From 06b05e21c627f87fc4bc16830099f30cc7df860b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 30 Jun 2019 08:19:51 +0200 Subject: Improvemnts in SSL certificate detection --- src/lib/ndpi_main.c | 1 + src/lib/ndpi_utils.c | 9 ++++++++- src/lib/protocols/ssl.c | 6 +++++- 3 files changed, 14 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 61ebc7b5d..4112bc657 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4583,6 +4583,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct && (ret.app_protocol == NDPI_PROTOCOL_UNKNOWN) && flow->packet.tcp && (flow->packet.tcp->syn == 0) + && (flow->guessed_protocol_id == 0) ) { /* This is a TCP flow diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index bcd8e5f48..f48a19393 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -590,7 +590,14 @@ const char* ndpi_cipher2str(u_int32_t cipher) { case 0x060040: return("SSL2_DES_64_CBC_WITH_MD5"); case 0x0700c0: return("SSL2_DES_192_EDE3_CBC_WITH_MD5"); case 0x080080: return("SSL2_RC4_64_WITH_MD5"); - default: return("???"); + case 0x001301: return("TLS_AES_128_GMC_SHA256"); + default: + { + static char buf[8]; + + snprintf(buf, sizeof(buf), "0X%04X", cipher); + return(buf); + } } } diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 947b8371d..f7009a788 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -339,6 +339,10 @@ static void stripCertificateTrailer(char *buffer, int buffer_len) { buffer[i] = '\0', buffer_len = i; } } + + /* Now all lowecase */ + for(i=0; ipayload_packet_len) { + if((server_len+i+3) < packet->payload_packet_len) { char *server_name = (char*)&packet->payload[i+4]; u_int8_t begin = 0, len, j, num_dots; -- cgit v1.2.3