diff options
| author | 刘学利 <[email protected]> | 2023-09-07 04:01:30 +0000 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2023-09-20 17:01:53 +0800 |
| commit | 6f433c9b7079c6aa07956a4edda4e10a28e76c1c (patch) | |
| tree | f20dc52e74cbb09faa01f14e709ea660465326f2 | |
| parent | b46276f914fe04cdce77a634e7909f2a8c27cb2f (diff) | |
client hello分数据包传输时,增强支持识别SSL协议的条件
| -rw-r--r-- | src/tsg_entry.cpp | 36 | ||||
| -rw-r--r-- | src/tsg_ssl_utils.cpp | 11 |
2 files changed, 45 insertions, 2 deletions
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index 118ec49..20fde20 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -235,6 +235,40 @@ static char get_direction(const struct streaminfo *a_stream) return direction; } +static int is_port443(const struct streaminfo *a_stream) +{ + struct stream_tuple4_v4 *tpl4 = NULL; + struct stream_tuple4_v6 *tpl6 = NULL; + + if(a_stream==NULL) + { + return 0; + } + + //ntohs(443)=47873 + switch(a_stream->addr.addrtype) + { + case ADDR_TYPE_IPV4: + tpl4=a_stream->addr.tuple4_v4; + if((tpl4->source==47873) || (tpl4->dest==47873)) + { + return 1; + } + break; + case ADDR_TYPE_IPV6: + tpl6=a_stream->addr.tuple4_v6; + if((tpl6->source==47873) || (tpl6->dest==47873)) + { + return 1; + } + break; + default: + break; + } + + return 0; +} + static int is_only_monitor(struct maat_rule *result, int hit_cnt) { int i=0; @@ -1486,7 +1520,7 @@ int session_l7_protocol_identify(const struct streaminfo *a_stream, struct sessi return 1; } - if(chello!=NULL) + if((is_port443(a_stream)==1) && chello!=NULL) { if(chello->is_ssl==1) { diff --git a/src/tsg_ssl_utils.cpp b/src/tsg_ssl_utils.cpp index 99d2142..a9f7140 100644 --- a/src/tsg_ssl_utils.cpp +++ b/src/tsg_ssl_utils.cpp @@ -300,6 +300,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, return _chello; } + _chello->is_ssl=1; _chello->max_version.major = buff[pos]; _chello->max_version.minor = buff[pos + 1]; _chello->max_version.ossl_format=(uint16_t)_chello->max_version.major<<8|_chello->max_version.minor; @@ -345,7 +346,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, return _chello; } buff_len = len; - size_t pos = 6; + size_t pos = 5; pos += 4; if(pos + 2 > buff_len) @@ -409,6 +410,14 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, } enum chello_parse_result ret = parse_extensions(buff + pos, len, _chello); *result = ret; + if(ret!=CHELLO_PARSE_SUCCESS) + { + _chello->is_ssl=0; + } + else + { + _chello->is_ssl=1; + } return _chello; } } |