suricata
|
#include "suricata-common.h"
#include "decode.h"
#include "threads.h"
#include "stream-tcp-private.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp.h"
#include "stream.h"
#include "app-layer.h"
#include "app-layer-detect-proto.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-frames.h"
#include "app-layer-ssl.h"
#include "decode-events.h"
#include "conf.h"
#include "util-spm.h"
#include "util-unittest.h"
#include "util-debug.h"
#include "util-print.h"
#include "util-pool.h"
#include "util-byte.h"
#include "util-ja3.h"
#include "util-enum.h"
#include "flow-util.h"
#include "flow-private.h"
#include "util-validate.h"
Go to the source code of this file.
Data Structures | |
struct | SslConfig_ |
struct | SSLDecoderResult |
Typedefs | |
typedef struct SslConfig_ | SslConfig |
Functions | |
void | SSLVersionToString (uint16_t version, char *buffer) |
void | RegisterSSLParsers (void) |
Function to register the SSL protocol parser and other functions. More... | |
void | SSLEnableJA3 (void) |
if not explicitly disabled in config, enable ja3 support More... | |
bool | SSLJA3IsEnabled (void) |
Variables | |
SCEnumCharMap | tls_frame_table [] |
SCEnumCharMap | tls_decoder_event_table [] |
SslConfig | ssl_config |
Definition in file app-layer-ssl.c.
#define HAS_SPACE | ( | n | ) | ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len)) |
Definition at line 215 of file app-layer-ssl.c.
#define SHA1_STRING_LENGTH 60 |
Definition at line 213 of file app-layer-ssl.c.
#define SSL_CONFIG_DEFAULT_JA3 0 |
Definition at line 148 of file app-layer-ssl.c.
#define SSL_DECODER_ERROR | ( | e | ) |
Definition at line 221 of file app-layer-ssl.c.
#define SSL_DECODER_INCOMPLETE | ( | c, | |
n | |||
) |
Definition at line 231 of file app-layer-ssl.c.
#define SSL_DECODER_OK | ( | c | ) |
Definition at line 226 of file app-layer-ssl.c.
#define SSL_RECORD_MINIMUM_LENGTH 6 |
Definition at line 211 of file app-layer-ssl.c.
#define SSLParserHSReset | ( | connp | ) |
Definition at line 267 of file app-layer-ssl.c.
#define SSLParserReset | ( | state | ) |
Definition at line 273 of file app-layer-ssl.c.
#define SSLSetEvent | ( | ssl_state, | |
event | |||
) |
Definition at line 280 of file app-layer-ssl.c.
#define SSLV2_MT_CLIENT_CERTIFICATE 8 |
Definition at line 197 of file app-layer-ssl.c.
#define SSLV2_MT_CLIENT_FINISHED 3 |
Definition at line 192 of file app-layer-ssl.c.
#define SSLV2_MT_CLIENT_HELLO 1 |
Definition at line 190 of file app-layer-ssl.c.
#define SSLV2_MT_CLIENT_MASTER_KEY 2 |
Definition at line 191 of file app-layer-ssl.c.
#define SSLV2_MT_ERROR 0 |
Definition at line 189 of file app-layer-ssl.c.
#define SSLV2_MT_REQUEST_CERTIFICATE 7 |
Definition at line 196 of file app-layer-ssl.c.
#define SSLV2_MT_SERVER_FINISHED 6 |
Definition at line 195 of file app-layer-ssl.c.
#define SSLV2_MT_SERVER_HELLO 4 |
Definition at line 193 of file app-layer-ssl.c.
#define SSLV2_MT_SERVER_VERIFY 5 |
Definition at line 194 of file app-layer-ssl.c.
#define SSLV3_ALERT_PROTOCOL 21 |
Definition at line 168 of file app-layer-ssl.c.
#define SSLV3_APPLICATION_PROTOCOL 23 |
Definition at line 170 of file app-layer-ssl.c.
#define SSLV3_CHANGE_CIPHER_SPEC 20 |
Definition at line 167 of file app-layer-ssl.c.
#define SSLV3_CLIENT_HELLO_RANDOM_LEN 32 |
Definition at line 205 of file app-layer-ssl.c.
#define SSLV3_CLIENT_HELLO_VERSION_LEN 2 |
Definition at line 204 of file app-layer-ssl.c.
#define SSLV3_HANDSHAKE_PROTOCOL 22 |
Definition at line 169 of file app-layer-ssl.c.
#define SSLV3_HEARTBEAT_PROTOCOL 24 |
Definition at line 171 of file app-layer-ssl.c.
#define SSLV3_HS_CERTIFICATE 11 |
Definition at line 178 of file app-layer-ssl.c.
#define SSLV3_HS_CERTIFICATE_REQUEST 13 |
Definition at line 180 of file app-layer-ssl.c.
#define SSLV3_HS_CERTIFICATE_STATUS 22 |
Definition at line 186 of file app-layer-ssl.c.
#define SSLV3_HS_CERTIFICATE_URL 21 |
Definition at line 185 of file app-layer-ssl.c.
#define SSLV3_HS_CERTIFICATE_VERIFY 15 |
Definition at line 182 of file app-layer-ssl.c.
#define SSLV3_HS_CLIENT_HELLO 1 |
Definition at line 175 of file app-layer-ssl.c.
#define SSLV3_HS_CLIENT_KEY_EXCHANGE 16 |
Definition at line 183 of file app-layer-ssl.c.
#define SSLV3_HS_FINISHED 20 |
Definition at line 184 of file app-layer-ssl.c.
#define SSLV3_HS_HELLO_REQUEST 0 |
Definition at line 174 of file app-layer-ssl.c.
#define SSLV3_HS_NEW_SESSION_TICKET 4 |
Definition at line 177 of file app-layer-ssl.c.
#define SSLV3_HS_SERVER_HELLO 2 |
Definition at line 176 of file app-layer-ssl.c.
#define SSLV3_HS_SERVER_HELLO_DONE 14 |
Definition at line 181 of file app-layer-ssl.c.
#define SSLV3_HS_SERVER_KEY_EXCHANGE 12 |
Definition at line 179 of file app-layer-ssl.c.
#define SSLV3_MESSAGE_HDR_LEN 4 |
Definition at line 200 of file app-layer-ssl.c.
#define SSLV3_RECORD_HDR_LEN 5 |
Definition at line 199 of file app-layer-ssl.c.
#define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024) |
max length according to RFC 5246 6.2.2 is 2^14 + 1024
Definition at line 202 of file app-layer-ssl.c.
#define TLS_HB_REQUEST 1 |
Definition at line 208 of file app-layer-ssl.c.
#define TLS_HB_RESPONSE 2 |
Definition at line 209 of file app-layer-ssl.c.
#define ValidateRecordState | ( | ... | ) |
Definition at line 264 of file app-layer-ssl.c.
typedef struct SslConfig_ SslConfig |
anonymous enum |
Definition at line 127 of file app-layer-ssl.c.
Definition at line 149 of file app-layer-ssl.c.
void RegisterSSLParsers | ( | void | ) |
Function to register the SSL protocol parser and other functions.
SSLv2 and SSLv23
Definition at line 2956 of file app-layer-ssl.c.
References ALPROTO_TLS, AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectRegisterProtocol(), SC_ATOMIC_INIT, and ssl_config.
void SSLEnableJA3 | ( | void | ) |
if not explicitly disabled in config, enable ja3 support
Implemented using atomic to allow rule reloads to do this at runtime.
Definition at line 3091 of file app-layer-ssl.c.
References SslConfig_::disable_ja3, g_disable_hashing, SC_ATOMIC_GET, SC_ATOMIC_SET, and ssl_config.
bool SSLJA3IsEnabled | ( | void | ) |
Definition at line 3102 of file app-layer-ssl.c.
References SC_ATOMIC_GET, and ssl_config.
Referenced by Ja3IsDisabled().
void SSLVersionToString | ( | uint16_t | version, |
char * | buffer | ||
) |
Definition at line 340 of file app-layer-ssl.c.
References SSL_VERSION_2, SSL_VERSION_3, strlcat(), TLS_VERSION_10, TLS_VERSION_11, TLS_VERSION_12, TLS_VERSION_13, TLS_VERSION_13_DRAFT16, TLS_VERSION_13_DRAFT17, TLS_VERSION_13_DRAFT18, TLS_VERSION_13_DRAFT19, TLS_VERSION_13_DRAFT20, TLS_VERSION_13_DRAFT20_FB, TLS_VERSION_13_DRAFT21, TLS_VERSION_13_DRAFT21_FB, TLS_VERSION_13_DRAFT22, TLS_VERSION_13_DRAFT22_FB, TLS_VERSION_13_DRAFT23, TLS_VERSION_13_DRAFT23_FB, TLS_VERSION_13_DRAFT24, TLS_VERSION_13_DRAFT25, TLS_VERSION_13_DRAFT26, TLS_VERSION_13_DRAFT26_FB, TLS_VERSION_13_DRAFT27, TLS_VERSION_13_DRAFT28, TLS_VERSION_13_PRE_DRAFT16, TLS_VERSION_UNKNOWN, and version.
SslConfig ssl_config |
Definition at line 163 of file app-layer-ssl.c.
Referenced by RegisterSSLParsers(), SSLEnableJA3(), and SSLJA3IsEnabled().
SCEnumCharMap tls_decoder_event_table[] |
Definition at line 90 of file app-layer-ssl.c.
SCEnumCharMap tls_frame_table[] |
Definition at line 58 of file app-layer-ssl.c.