diff options
| author | 刘学利 <[email protected]> | 2023-09-07 04:01:30 +0000 |
|---|---|---|
| committer | 刘学利 <[email protected]> | 2023-09-07 04:01:30 +0000 |
| commit | 2882f1125661d906e31da887fbcab3f491eb6ad9 (patch) | |
| tree | 2a3efbdb5c29753b15f7ff52f6c397263c57a94d | |
| parent | 8934001da67933f5fabc1a0effc68bb5b1a1f135 (diff) | |
client hello分数据包传输时,增强支持识别SSL协议的条件v6.1.9
| -rw-r--r-- | src/tsg_entry.cpp | 36 | ||||
| -rw-r--r-- | src/tsg_ssl_utils.cpp | 11 |
2 files changed, 45 insertions, 2 deletions
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp index c1580af..d2ea949 100644 --- a/src/tsg_entry.cpp +++ b/src/tsg_entry.cpp @@ -236,6 +236,40 @@ static char get_direction(const struct streaminfo *a_stream) return direction; } +static int is_port443(const struct streaminfo *a_stream) +{ + struct stream_tuple4_v4 *tpl4 = NULL; + struct stream_tuple4_v6 *tpl6 = NULL; + + if(a_stream==NULL) + { + return 0; + } + + //ntohs(443)=47873 + switch(a_stream->addr.addrtype) + { + case ADDR_TYPE_IPV4: + tpl4=a_stream->addr.tuple4_v4; + if((tpl4->source==47873) || (tpl4->dest==47873)) + { + return 1; + } + break; + case ADDR_TYPE_IPV6: + tpl6=a_stream->addr.tuple4_v6; + if((tpl6->source==47873) || (tpl6->dest==47873)) + { + return 1; + } + break; + default: + break; + } + + return 0; +} + static int is_only_monitor(struct maat_rule *result, int hit_cnt) { int i=0; @@ -1487,7 +1521,7 @@ int session_l7_protocol_identify(const struct streaminfo *a_stream, struct sessi return 1; } - if(chello!=NULL) + if((is_port443(a_stream)==1) && chello!=NULL) { if(chello->is_ssl==1) { diff --git a/src/tsg_ssl_utils.cpp b/src/tsg_ssl_utils.cpp index 99d2142..a9f7140 100644 --- a/src/tsg_ssl_utils.cpp +++ b/src/tsg_ssl_utils.cpp @@ -300,6 +300,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, return _chello; } + _chello->is_ssl=1; _chello->max_version.major = buff[pos]; _chello->max_version.minor = buff[pos + 1]; _chello->max_version.ossl_format=(uint16_t)_chello->max_version.major<<8|_chello->max_version.minor; @@ -345,7 +346,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, return _chello; } buff_len = len; - size_t pos = 6; + size_t pos = 5; pos += 4; if(pos + 2 > buff_len) @@ -409,6 +410,14 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, } enum chello_parse_result ret = parse_extensions(buff + pos, len, _chello); *result = ret; + if(ret!=CHELLO_PARSE_SUCCESS) + { + _chello->is_ssl=0; + } + else + { + _chello->is_ssl=1; + } return _chello; } } |