vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-22 11:11:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

TLS: fix dissection stop when block analysis is enabled (#3103)

Browse source 
Use the proper variable; remove the unused parameter
`skip_tls_blocks_until_change_cipher`.
This commit is contained in:
Ivan Nardi 2026-01-26 18:10:05 +00:00 committed by GitHub
parent 89151eb8e8
commit a096a3ca87
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 8 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/include/ndpi_private.h
View file

@ -370,7 +370,7 @@ struct ndpi_detection_module_config_struct {
struct ndpi_detection_module_struct {
u_int64_t current_ts;
u_int8_t skip_tls_blocks_until_change_cipher:1, finalized:1, _notused:6;
u_int8_t finalized:1, _notused:7;
u_int8_t tls_certificate_expire_in_x_days;
void *user_data;

2
src/include/ndpi_typedefs.h
View file

@ -885,7 +885,7 @@ struct ndpi_flow_tcp_struct {
struct {
/* NDPI_PROTOCOL_TLS */
u_int8_t app_data_seen[2];
u_int8_t num_tls_blocks, num_processed_tls_blocks /* used internally for dissection */;
u_int8_t num_tls_blocks /* used internally for dissection */;
u_int64_t last_tls_block_time_ms;
struct ndpi_tls_block *tls_blocks; /* ndpi_struct->cfg.tls_num_blocks_analyzed */
} tls;

3
src/lib/ndpi_main.c
View file

@ -4757,9 +4757,6 @@ int ndpi_finalize_initialization(struct ndpi_detection_module_struct *ndpi_str)
ac_automata_finalize((AC_AUTOMATA_t *) a->ac_automa);
}
if(ndpi_str->cfg.tls_max_num_blocks_to_analyze > 0)
ndpi_str->skip_tls_blocks_until_change_cipher = 1;
if(ndpi_str->cfg.track_payload_enabled)
ndpi_str->max_payload_track_len = 1024; /* track up to X payload bytes */

17
src/lib/protocols/tls.c
View file

@ -1230,7 +1230,7 @@ int processCertificate(struct ndpi_detection_module_struct *ndpi_struct,
}
if((ndpi_struct->cfg.tls_max_num_blocks_to_analyze != 0)
&& (flow->l4.tcp.tls.num_processed_tls_blocks >= ndpi_struct->cfg.tls_max_num_blocks_to_analyze)) {
&& (flow->l4.tcp.tls.num_tls_blocks >= ndpi_struct->cfg.tls_max_num_blocks_to_analyze)) {
#ifdef DEBUG_TLS_BLOCKS
printf("*** [TLS Block] Enough blocks dissected\n");
#endif
@ -1507,14 +1507,6 @@ int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
p_len = packet->payload_packet_len; /* Backup */
if(content_type == 0x14 /* Change Cipher Spec */) {
if(ndpi_struct->skip_tls_blocks_until_change_cipher) {
/*
Ignore Application Data up until change cipher
so in this case we reset the number of observed
TLS blocks
*/
flow->l4.tcp.tls.num_processed_tls_blocks = 0;
}
if(len == 6 &&
message->buffer[1] == 0x03 && /* TLS >= 1.0 */
((message->buffer[3] << 8) + (message->buffer[4])) == 1) {
@ -1625,12 +1617,15 @@ int ndpi_search_tls_tcp(struct ndpi_detection_module_struct *ndpi_struct,
}
#ifdef DEBUG_TLS_MEMORY
printf("[TLS] Eval if keep going [%p]\n", flow->extra_packets_func);
printf("[TLS] Eval if keep going [%p][blocks:%d/%d][wrong:%d]\n",
flow->extra_packets_func,
flow->l4.tcp.tls.num_tls_blocks, ndpi_struct->cfg.tls_max_num_blocks_to_analyze,
something_went_wrong);
#endif
if(something_went_wrong
|| ((ndpi_struct->cfg.tls_max_num_blocks_to_analyze > 0)
&& (flow->l4.tcp.tls.num_processed_tls_blocks == ndpi_struct->cfg.tls_max_num_blocks_to_analyze))
&& (flow->l4.tcp.tls.num_tls_blocks == ndpi_struct->cfg.tls_max_num_blocks_to_analyze))
|| ((ndpi_struct->cfg.tls_max_num_blocks_to_analyze == 0)
&& (!keep_extra_dissection_tcp(ndpi_struct, flow)))
) {