|
2 | 2 | * \file tls.hpp |
3 | 3 | * \brief Plugin for parsing https traffic. |
4 | 4 | * \author Jiri Havranek <[email protected]> |
5 | | - * \date 2018 |
| 5 | + * \author Karel Hynek <[email protected]> |
| 6 | + * \date 2021 |
6 | 7 | */ |
7 | 8 | /* |
8 | 9 | * Copyright (C) 2018 CESNET |
|
47 | 48 | #include <string> |
48 | 49 | #include <cstring> |
49 | 50 | #include <arpa/inet.h> |
| 51 | + |
50 | 52 | #include <sstream> |
51 | 53 | #include <iomanip> |
52 | 54 |
|
|
58 | 60 | #include <ipfixprobe/flowifc.hpp> |
59 | 61 | #include <ipfixprobe/packet.hpp> |
60 | 62 | #include <ipfixprobe/ipfix-elements.hpp> |
| 63 | +#include <ipfixprobe/utils.hpp> |
61 | 64 |
|
62 | 65 | namespace ipxp { |
63 | 66 |
|
@@ -109,24 +112,20 @@ struct RecordExtTLS : public RecordExt { |
109 | 112 |
|
110 | 113 | virtual int fill_ipfix(uint8_t *buffer, int size) |
111 | 114 | { |
112 | | - int sni_len = strlen(sni); |
113 | | - int alpn_len = strlen(alpn); |
114 | | - int pos = 0; |
| 115 | + uint16_t sni_len = strlen(sni); |
| 116 | + uint16_t alpn_len = strlen(alpn); |
115 | 117 |
|
116 | | - if (sni_len + alpn_len + 2 + 16 + 3 > size) { |
| 118 | + uint32_t pos = 0; |
| 119 | + uint32_t req_buff_len = (sni_len + 3) + (alpn_len + 3) + (2) + (16 + 3); // (SNI) + (ALPN) + (VERSION) + (JA3) |
| 120 | + if (req_buff_len > size) { |
117 | 121 | return -1; |
118 | 122 | } |
119 | 123 |
|
120 | 124 | *(uint16_t *) buffer = ntohs(version); |
121 | 125 | pos += 2; |
122 | 126 |
|
123 | | - buffer[pos++] = sni_len; |
124 | | - memcpy(buffer + pos, sni, sni_len); |
125 | | - pos += sni_len; |
126 | | - |
127 | | - buffer[pos++] = alpn_len; |
128 | | - memcpy(buffer + pos, alpn, alpn_len); |
129 | | - pos += alpn_len; |
| 127 | + pos += variable2ipfix_buffer(buffer + pos, (uint8_t*) sni, sni_len); |
| 128 | + pos += variable2ipfix_buffer(buffer + pos, (uint8_t*) alpn, alpn_len); |
130 | 129 |
|
131 | 130 | buffer[pos++] = 16; |
132 | 131 | memcpy(buffer + pos, ja3_hash_bin, 16); |
|
0 commit comments