From e3764b90c3bdfffaf8d98ec5bd71543a37b3f407 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 7 Jun 2012 17:33:49 +0200 Subject: [PATCH] tls: debug compilation fixes, new tls decoder rule for tls.error_message_encountered event. --- rules/tls-events.rules | 3 +++ src/app-layer-ssl.c | 1 + src/detect-ssl-version.c | 2 +- src/detect-tls-version.c | 4 ++-- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/rules/tls-events.rules b/rules/tls-events.rules index 86815e31c2..273edadfcf 100644 --- a/rules/tls-events.rules +++ b/rules/tls-events.rules @@ -15,4 +15,7 @@ alert tls any any -> any any (msg:"SURICATA TLS certificate missing element"; fl alert tls any any -> any any (msg:"SURICATA TLS certificate unknown element"; flow:established; app-layer-event:tls.certificate_unknown_element; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230006; rev:1;) alert tls any any -> any any (msg:"SURICATA TLS certificate invalid length"; flow:established; app-layer-event:tls.certificate_invalid_length; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230007; rev:1;) alert tls any any -> any any (msg:"SURICATA TLS certificate invalid string"; flow:established; app-layer-event:tls.certificate_invalid_string; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230008; rev:1;) +alert tls any any -> any any (msg:"SURICATA TLS error message encountered"; flow:established; app-layer-event:tls.error_message_encountered; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230009; rev:1;) + +#next sid is 2230010 diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index c0b70d5308..f8012c32e2 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -65,6 +65,7 @@ SCEnumCharMap tls_decoder_event_table[ ] = { { "CERTIFICATE_UNKNOWN_ELEMENT", TLS_DECODER_EVENT_CERTIFICATE_UNKNOWN_ELEMENT }, { "CERTIFICATE_INVALID_LENGTH", TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH }, { "CERTIFICATE_INVALID_STRING", TLS_DECODER_EVENT_CERTIFICATE_INVALID_STRING }, + { "ERROR_MESSAGE_ENCOUNTERED", TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED }, { NULL, -1 }, }; diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index f2d33eb6f9..292c345cfd 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -138,7 +138,7 @@ int DetectSslVersionMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx, ver = app_state->server_connp.version; } else if (flags & STREAM_TOSERVER) { SCLogDebug("client (toserver) version is 0x%02X", - app_state->client_connp.ersion); + app_state->client_connp.version); ver = app_state->client_connp.version; } diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c index b36986740b..b356bfdeae 100644 --- a/src/detect-tls-version.c +++ b/src/detect-tls-version.c @@ -126,11 +126,11 @@ int DetectTlsVersionMatch (ThreadVars *t, DetectEngineThreadCtx *det_ctx, Flow * SCLogDebug("looking for tls_data->ver 0x%02X (flags 0x%02X)", tls_data->ver, flags); if (flags & STREAM_TOCLIENT) { - SCLogDebug("server (toclient) version is 0x%02X", ssl_state->server_version); + SCLogDebug("server (toclient) version is 0x%02X", ssl_state->server_connp.version); if (tls_data->ver == ssl_state->server_connp.version) ret = 1; } else if (flags & STREAM_TOSERVER) { - SCLogDebug("client (toserver) version is 0x%02X", ssl_state->client_version); + SCLogDebug("client (toserver) version is 0x%02X", ssl_state->client_connp.version); if (tls_data->ver == ssl_state->client_connp.version) ret = 1; }