Merge remote-tracking branch 'origin/unirec_tlsfields' into devel

Huták Lukáš · Huták Lukáš · commit 6195fccdb1f5 · 2019-08-14T10:35:44.000+02:00
diff --git a/extra_plugins/output/unirec/config/unirec-elements.txt b/extra_plugins/output/unirec/config/unirec-elements.txt
@@ -116,3 +116,33 @@ HB_SIZE_PAYLOAD                uint16 	     e8057id703       # Heartbeat payload
 VENOM                          uint8         e8057id1001      # Venom rootkit detection
 IPV6_TUN_TYPE                  uint8         e16982id405      # IPv6 tunnel type
 
+# --- Flowmon TLS fields
+TLS_CONTENT_TYPE	uint8	flowmon:tlsContentType		# tlsContentType
+TLS_HANDSHAKE_TYPE	uint32	flowmon:tlsHandshakeType	# https://tools.ietf.org/html/rfc5246#appendix-A.4
+TLS_SETUP_TIME		uint64	flowmon:tlsSetupTime		# tlsSetupTime
+TLS_SERVER_VERSION	uint16	flowmon:tlsServerVersion	# 8b major and 8b minor, 0x0303 ~ TLS1.2
+TLS_SERVER_RANDOM	bytes	flowmon:tlsServerRandom		# tlsServerRandom
+TLS_SERVER_SESSIONID	bytes	flowmon:tlsServerSessionId	# tlsServerSessionId
+TLS_CIPHER_SUITE	uint16	flowmon:tlsCipherSuite		# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
+TLS_ALPN		string	flowmon:tlsAlpn			# TLS Application-Layer Protocol Negotiation https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
+TLS_SNI			string	flowmon:tlsSni			# Server Name Indication https://en.wikipedia.org/wiki/Server_Name_Indication
+TLS_SNI_LENGTH		uint16	flowmon:tlsSniLength		# Length of TLS_SNI field
+TLS_CLIENT_VERSION	uint16	flowmon:tlsClientVersion	# tlsClientVersion
+TLS_CIPHER_SUITES	bytes	flowmon:tlsCipherSuites		# List of 2B ciphers, beware of network byte order. See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
+TLS_CLIENT_RANDOM	bytes	flowmon:tlsClientRandom		# tlsClientRandom
+TLS_CLIENT_SESSIONID	bytes	flowmon:tlsClientSessionId	# tlsClientSessionId
+TLS_EXTENSION_TYPES	bytes	flowmon:tlsExtensionTypes	# tlsExtensionTypes
+TLS_EXTENSION_LENGTHS	bytes	flowmon:tlsExtensionLengths	# tlsExtensionLengths
+TLS_ELLIPTIC_CURVES	bytes	flowmon:tlsEllipticCurves	# tlsEllipticCurves
+TLS_EC_POINTFORMATS	bytes	flowmon:tlsEcPointFormats	# tlsEcPointFormats
+TLS_CLIENT_KEYLENGTH	int32	flowmon:tlsClientKeyLength	# Length of client's key
+TLS_ISSUER_CN		string	flowmon:tlsIssuerCn		# Common name of certificate issuer
+TLS_SUBJECT_CN		string	flowmon:tlsSubjectCn		# Certificate Common Name
+TLS_SUBJECT_ON		string	flowmon:tlsSubjectOn		# Certificate Organization Name
+TLS_VALIDITY_NOTBEFORE	int64	flowmon:tlsValidityNotBefore	# UNIX timestamp of certificate creation
+TLS_VALIDITY_NOTAFTER	int64	flowmon:tlsValidityNotAfter	# UNIX timestamp of certificate expiration
+TLS_SIGNATURE_ALG	uint16	flowmon:tlsSignatureAlg		# tlsSignatureAlg
+TLS_PUBLIC_KEYALG	uint16	flowmon:tlsPublicKeyAlg		# tlsPublicKeyAlg
+TLS_PUBLIC_KEYLENGTH	int32	flowmon:tlsPublicKeyLength	# tlsPublicKeyLength
+TLS_JA_3FINGERPRINT	bytes	flowmon:tlsJa3Fingerprint	# tlsJa3Fingerprint
+
