Commit Graph

32 Commits (fa121a1dd40dcf2ac70a6d43c5882ce7b7606ffd)

Author SHA1 Message Date
Pierre Chifflier d866f38982 TLS: add variable to store the error code in the decoder
Use a variable to store the decoding error code if required, and remove
the calls to SCLogInfo and SCLogDebug.
14 years ago
Pierre Chifflier 3df341dbeb Add TLS decode events 14 years ago
Pierre Chifflier 8457ce3b11 TLS app layer: rewrite decoder to handle multiple messages in records
Since we now parse the content of the TLS messages, we need to handle
the case multiple messages are shipped in a single TLS record, and
taking care of the multiple levels of fragmentation (message, record,
and TCP).
Additionally, fix a bug where the parser state was not reset after an
empty record.
14 years ago
Pierre Chifflier 4bb5e2a79d TLS app layer: fix number of bytes processed on SERVER_CERTIFICATE message.
Change the function to return the number of bytes processed, and fix a bug
where the input buffer was wrong.

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
14 years ago
Eric Leblond 38c213cb84 tls app layer: add missing free
issuerdn was not freed at exit.
14 years ago
Pierre Chifflier 53e5421a24 TLS handshake: get TLS ciphersuite and compression
Decode the SERVER_HELLO message to extract the ciphersuite and compression
chosen by the server.

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
14 years ago
Pierre Chifflier 4be65fd016 TLS handshake: decode the SERVER_CERTIFICATE message
Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the
certificates and keep the subject name.
Add the tls.subject keyword for substring match in rules (TLS layer).

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
14 years ago
Anoop Saldanha 109662450d Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs 14 years ago
Nikolay Denev 139768dd58 Do not use underscored config vars internally. 14 years ago
Anoop Saldanha 420befb180 Changed my email address to anoopsaldanha at gmail dot com from my current one 14 years ago
Anoop Saldanha 9a6aef459e modify all relevant app layer API calls to accomodate passing parser local storage argument 14 years ago
Victor Julien 06904c9024 App Layer cleanup
Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate.
Various cleanups and dead code removal from the app layer API.
Should safe 100+ bytes memory per flow on 64 bit.
Updated lots of unittests to reflect these changes.
14 years ago
Anoop Saldanha 4650bf7170 minor code cleanup. remove commented out code 14 years ago
Anoop Saldanha 78e6a7f713 enable toclient alproto detection. Detection all current alproto toclient PMP patterns 14 years ago
Victor Julien 0cc9f39200 Move TlsConfig structure out of app-layer-protos.h and rename it to SslConfig. 14 years ago
Anoop Saldanha 000ce98cd1 push all proto detection code into their respective app parser register functions for every alproto 14 years ago
Anoop Saldanha 1f7e4bada1 add tls.no_reassemble use for sslv2 which we missed previously. Also some cleanup 15 years ago
Victor Julien 71d0eabdec Add a few extra safety checks in new SSL code. 15 years ago
Anoop Saldanha 013d3aea1c update ssl parser test. Some minor indentation changes 15 years ago
Anoop Saldanha 7a2046328c some naming changes in ssl parser and ssl related keywords 15 years ago
Anoop Saldanha b639718787 replace the contents of app-layer-ssl.[ch] with the contents from app-layer-tls.[ch] 15 years ago
Anoop Saldanha 4e8de99dcd tls/ssl parser modifications/fixes. We now have just one file doing all the ssl parsing stuff, i.e. app-layer-tls.[ch], instead of app-layer-ssl.[ch] and app-layer-tls.[ch] 15 years ago
Victor Julien 1681705e62 Don't print errors/warnings based on malformed traffic. 15 years ago
Gurvinder Singh 8f8b1212af support for ssl_version keyword 15 years ago
Victor Julien ef27234959 Comment out broken SSLParserTest03 test. 15 years ago
Pablo Rincon 8f9bcef0e2 This patch for app-layer-ssl fix the bug #198 (SSLParserTest01). It seems that with -O2 and -O3, the compiler doesn't handle the initialization correctly (weird..) 15 years ago
William Metcalf 0e4235cc94 FLOW_DESTROY added to clean-up UT's that init flow 15 years ago
Pablo Rincon 8cc525c939 UDP support at AppLayer message handling 15 years ago
William Metcalf cc76aa4bc6 properly init flows inside of unit-tests caused lock-up when falling back to using mutex locks 15 years ago
Victor Julien 10a3d7343d Remove unnecessary header inclusion in app layer ssl. 15 years ago
Victor Julien 98c3f0149c Improve SSL input validation. 15 years ago
Gurvinder Singh 5fe1dc1d24 support for sslv2/sslv3 their unit tests and better stream no reassembly flag handling 15 years ago