tls: debug compilation fixes, new tls decoder rule for tls.error_message_encountered event.

remotes/origin/master
Victor Julien 13 years ago
parent f08fc8d7c5
commit e3764b90c3

@ -15,4 +15,7 @@ alert tls any any -> any any (msg:"SURICATA TLS certificate missing element"; fl
alert tls any any -> any any (msg:"SURICATA TLS certificate unknown element"; flow:established; app-layer-event:tls.certificate_unknown_element; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230006; rev:1;)
alert tls any any -> any any (msg:"SURICATA TLS certificate invalid length"; flow:established; app-layer-event:tls.certificate_invalid_length; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230007; rev:1;)
alert tls any any -> any any (msg:"SURICATA TLS certificate invalid string"; flow:established; app-layer-event:tls.certificate_invalid_string; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230008; rev:1;)
alert tls any any -> any any (msg:"SURICATA TLS error message encountered"; flow:established; app-layer-event:tls.error_message_encountered; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230009; rev:1;)
#next sid is 2230010

@ -65,6 +65,7 @@ SCEnumCharMap tls_decoder_event_table[ ] = {
{ "CERTIFICATE_UNKNOWN_ELEMENT", TLS_DECODER_EVENT_CERTIFICATE_UNKNOWN_ELEMENT },
{ "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH },
{ "CERTIFICATE_INVALID_STRING", TLS_DECODER_EVENT_CERTIFICATE_INVALID_STRING },
{ "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED },
{ NULL, -1 },
};

@ -138,7 +138,7 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
ver = app_state->server_connp.version;
} else if (flags & STREAM_TOSERVER) {
SCLogDebug("client (toserver) version is 0x%02X",
app_state->client_connp.ersion);
app_state->client_connp.version);
ver = app_state->client_connp.version;
}

@ -126,11 +126,11 @@ int DetectTlsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow *
SCLogDebug("looking for tls_data->ver 0x%02X (flags 0x%02X)", tls_data->ver, flags);
if (flags & STREAM_TOCLIENT) {
SCLogDebug("server (toclient) version is 0x%02X", ssl_state->server_version);
SCLogDebug("server (toclient) version is 0x%02X", ssl_state->server_connp.version);
if (tls_data->ver == ssl_state->server_connp.version)
ret = 1;
} else if (flags & STREAM_TOSERVER) {
SCLogDebug("client (toserver) version is 0x%02X", ssl_state->client_version);
SCLogDebug("client (toserver) version is 0x%02X", ssl_state->client_connp.version);
if (tls_data->ver == ssl_state->client_connp.version)
ret = 1;
}

Loading…
Cancel
Save