suricata
|
#include "suricata-common.h"
#include "decode.h"
#include "app-layer.h"
#include "app-layer-detect-proto.h"
#include "app-layer-protos.h"
#include "app-layer-parser.h"
#include "app-layer-frames.h"
#include "app-layer-ssl.h"
#include "conf.h"
#include "feature.h"
#include "util-debug.h"
#include "util-ja3.h"
#include "util-enum.h"
#include "util-validate.h"
Go to the source code of this file.
Data Structures | |
struct | SslConfig_ |
struct | SSLDecoderResult |
Typedefs | |
typedef struct SslConfig_ | SslConfig |
Functions | |
void | SSLVersionToString (uint16_t version, char *buffer) |
void | RegisterSSLParsers (void) |
Function to register the SSL protocol parser and other functions. More... | |
void | SSLEnableJA3 (void) |
if not explicitly disabled in config, enable ja3 support More... | |
void | SSLEnableJA4 (void) |
if not explicitly disabled in config, enable ja4 support More... | |
bool | SSLJA3IsEnabled (void) |
return whether ja3 is effectively enabled More... | |
bool | SSLJA4IsEnabled (void) |
return whether ja4 is effectively enabled More... | |
Variables | |
SCEnumCharMap | tls_frame_table [] |
SCEnumCharMap | tls_decoder_event_table [] |
SslConfig | ssl_config |
Definition in file app-layer-ssl.c.
#define HAS_SPACE | ( | n | ) | ((uint64_t)(input - initial_input) + (uint64_t)(n) <= (uint64_t)(input_len)) |
Definition at line 205 of file app-layer-ssl.c.
#define SHA1_STRING_LENGTH 60 |
Definition at line 203 of file app-layer-ssl.c.
#define SSL_CONFIG_DEFAULT_JA3 0 |
Definition at line 136 of file app-layer-ssl.c.
#define SSL_CONFIG_DEFAULT_JA4 0 |
Definition at line 137 of file app-layer-ssl.c.
#define SSL_DECODER_ERROR | ( | e | ) |
Definition at line 211 of file app-layer-ssl.c.
#define SSL_DECODER_INCOMPLETE | ( | c, | |
n | |||
) |
Definition at line 221 of file app-layer-ssl.c.
#define SSL_DECODER_OK | ( | c | ) |
Definition at line 216 of file app-layer-ssl.c.
#define SSL_RECORD_MINIMUM_LENGTH 6 |
Definition at line 201 of file app-layer-ssl.c.
#define SSLParserHSReset | ( | connp | ) |
Definition at line 257 of file app-layer-ssl.c.
#define SSLParserReset | ( | state | ) |
Definition at line 263 of file app-layer-ssl.c.
#define SSLSetEvent | ( | ssl_state, | |
event | |||
) |
Definition at line 270 of file app-layer-ssl.c.
#define SSLV2_MT_CLIENT_CERTIFICATE 8 |
Definition at line 188 of file app-layer-ssl.c.
#define SSLV2_MT_CLIENT_FINISHED 3 |
Definition at line 183 of file app-layer-ssl.c.
#define SSLV2_MT_CLIENT_HELLO 1 |
Definition at line 181 of file app-layer-ssl.c.
#define SSLV2_MT_CLIENT_MASTER_KEY 2 |
Definition at line 182 of file app-layer-ssl.c.
#define SSLV2_MT_ERROR 0 |
Definition at line 180 of file app-layer-ssl.c.
#define SSLV2_MT_REQUEST_CERTIFICATE 7 |
Definition at line 187 of file app-layer-ssl.c.
#define SSLV2_MT_SERVER_FINISHED 6 |
Definition at line 186 of file app-layer-ssl.c.
#define SSLV2_MT_SERVER_HELLO 4 |
Definition at line 184 of file app-layer-ssl.c.
#define SSLV2_MT_SERVER_VERIFY 5 |
Definition at line 185 of file app-layer-ssl.c.
#define SSLV3_ALERT_PROTOCOL 21 |
Definition at line 159 of file app-layer-ssl.c.
#define SSLV3_APPLICATION_PROTOCOL 23 |
Definition at line 161 of file app-layer-ssl.c.
#define SSLV3_CHANGE_CIPHER_SPEC 20 |
Definition at line 158 of file app-layer-ssl.c.
#define SSLV3_CLIENT_HELLO_RANDOM_LEN 32 |
Definition at line 195 of file app-layer-ssl.c.
#define SSLV3_CLIENT_HELLO_VERSION_LEN 2 |
Definition at line 194 of file app-layer-ssl.c.
#define SSLV3_HANDSHAKE_PROTOCOL 22 |
Definition at line 160 of file app-layer-ssl.c.
#define SSLV3_HEARTBEAT_PROTOCOL 24 |
Definition at line 162 of file app-layer-ssl.c.
#define SSLV3_HS_CERTIFICATE 11 |
Definition at line 169 of file app-layer-ssl.c.
#define SSLV3_HS_CERTIFICATE_REQUEST 13 |
Definition at line 171 of file app-layer-ssl.c.
#define SSLV3_HS_CERTIFICATE_STATUS 22 |
Definition at line 177 of file app-layer-ssl.c.
#define SSLV3_HS_CERTIFICATE_URL 21 |
Definition at line 176 of file app-layer-ssl.c.
#define SSLV3_HS_CERTIFICATE_VERIFY 15 |
Definition at line 173 of file app-layer-ssl.c.
#define SSLV3_HS_CLIENT_HELLO 1 |
Definition at line 166 of file app-layer-ssl.c.
#define SSLV3_HS_CLIENT_KEY_EXCHANGE 16 |
Definition at line 174 of file app-layer-ssl.c.
#define SSLV3_HS_FINISHED 20 |
Definition at line 175 of file app-layer-ssl.c.
#define SSLV3_HS_HELLO_REQUEST 0 |
Definition at line 165 of file app-layer-ssl.c.
#define SSLV3_HS_NEW_SESSION_TICKET 4 |
Definition at line 168 of file app-layer-ssl.c.
#define SSLV3_HS_SERVER_HELLO 2 |
Definition at line 167 of file app-layer-ssl.c.
#define SSLV3_HS_SERVER_HELLO_DONE 14 |
Definition at line 172 of file app-layer-ssl.c.
#define SSLV3_HS_SERVER_KEY_EXCHANGE 12 |
Definition at line 170 of file app-layer-ssl.c.
#define SSLV3_RECORD_HDR_LEN 5 |
Definition at line 190 of file app-layer-ssl.c.
#define SSLV3_RECORD_MAX_LEN ((1 << 14) + 1024) |
max length according to RFC 5246 6.2.2 is 2^14 + 1024
Definition at line 192 of file app-layer-ssl.c.
#define TLS_HB_REQUEST 1 |
Definition at line 198 of file app-layer-ssl.c.
#define TLS_HB_RESPONSE 2 |
Definition at line 199 of file app-layer-ssl.c.
#define ValidateRecordState | ( | ... | ) |
Definition at line 254 of file app-layer-ssl.c.
typedef struct SslConfig_ SslConfig |
anonymous enum |
Definition at line 115 of file app-layer-ssl.c.
Definition at line 138 of file app-layer-ssl.c.
void RegisterSSLParsers | ( | void | ) |
Function to register the SSL protocol parser and other functions.
SSLv2 and SSLv23
Definition at line 3209 of file app-layer-ssl.c.
References ALPROTO_TLS, AppLayerProtoDetectConfProtoDetectionEnabled(), AppLayerProtoDetectRegisterProtocol(), SC_ATOMIC_INIT, and ssl_config.
void SSLEnableJA3 | ( | void | ) |
if not explicitly disabled in config, enable ja3 support
Implemented using atomic to allow rule reloads to do this at runtime.
Definition at line 3342 of file app-layer-ssl.c.
References SslConfig_::disable_ja3, g_disable_hashing, SC_ATOMIC_GET, SC_ATOMIC_SET, and ssl_config.
void SSLEnableJA4 | ( | void | ) |
if not explicitly disabled in config, enable ja4 support
Implemented using atomic to allow rule reloads to do this at runtime.
Definition at line 3359 of file app-layer-ssl.c.
References SslConfig_::disable_ja4, g_disable_hashing, SC_ATOMIC_GET, SC_ATOMIC_SET, and ssl_config.
bool SSLJA3IsEnabled | ( | void | ) |
return whether ja3 is effectively enabled
This means that it either has been enabled explicitly or has been enabled by having loaded a rule while not being explicitly disabled.
true | if enabled, false otherwise |
Definition at line 3378 of file app-layer-ssl.c.
References SC_ATOMIC_GET, and ssl_config.
bool SSLJA4IsEnabled | ( | void | ) |
return whether ja4 is effectively enabled
This means that it either has been enabled explicitly or has been enabled by having loaded a rule while not being explicitly disabled.
true | if enabled, false otherwise |
Definition at line 3391 of file app-layer-ssl.c.
References SC_ATOMIC_GET, and ssl_config.
void SSLVersionToString | ( | uint16_t | version, |
char * | buffer | ||
) |
Definition at line 332 of file app-layer-ssl.c.
References SSL_VERSION_2, SSL_VERSION_3, strlcat(), TLS_VERSION_10, TLS_VERSION_11, TLS_VERSION_12, TLS_VERSION_13, TLS_VERSION_13_DRAFT16, TLS_VERSION_13_DRAFT17, TLS_VERSION_13_DRAFT18, TLS_VERSION_13_DRAFT19, TLS_VERSION_13_DRAFT20, TLS_VERSION_13_DRAFT20_FB, TLS_VERSION_13_DRAFT21, TLS_VERSION_13_DRAFT21_FB, TLS_VERSION_13_DRAFT22, TLS_VERSION_13_DRAFT22_FB, TLS_VERSION_13_DRAFT23, TLS_VERSION_13_DRAFT23_FB, TLS_VERSION_13_DRAFT24, TLS_VERSION_13_DRAFT25, TLS_VERSION_13_DRAFT26, TLS_VERSION_13_DRAFT26_FB, TLS_VERSION_13_DRAFT27, TLS_VERSION_13_DRAFT28, TLS_VERSION_13_PRE_DRAFT16, TLS_VERSION_UNKNOWN, and version.
SslConfig ssl_config |
Definition at line 154 of file app-layer-ssl.c.
Referenced by RegisterSSLParsers(), SSLEnableJA3(), SSLEnableJA4(), SSLJA3IsEnabled(), and SSLJA4IsEnabled().
SCEnumCharMap tls_decoder_event_table[] |
Definition at line 78 of file app-layer-ssl.c.
SCEnumCharMap tls_frame_table[] |
Definition at line 46 of file app-layer-ssl.c.