add information about server chosen protocol to ssl.log, if provided by alpn.

This is e.g. used to negotiate spdy or http/2
2025-10-14 04:28:20 +00:00 · 2014-08-04 22:16:09 -07:00 · 2014-08-04 22:16:09 -07:00 · 14d265482a
commit 14d265482a
parent 026233d1f2
1 changed files with 14 additions and 0 deletions
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@ -41,6 +41,9 @@ export {
 		client_key_exchange_seen: bool     &default=F;
 		## Last alert that was seen during the connection.
 		last_alert:       string           &log &optional;
+		## Next protocol the server chose using the application layer
+		## next protocol extension, if present.
+		next_protocol:    string           &log &optional;

 		## The analyzer ID used for the analyzer instance attached
 		## to each connection.  It is not used for logging since it's a
@ -199,6 +202,17 @@ event ssl_extension_server_name(c: connection, is_orig: bool, names: string_vec)
 		}
 	}

+event ssl_extension_application_layer_protocol_negotiation(c: connection, is_orig: bool, protocols: string_vec)
+	{
+	set_session(c);
+
+	if ( is_orig )
+		return;
+
+	if ( |protocols| > 0 )
+		c$ssl$next_protocol = protocols[0];
+	}
+
 event ssl_handshake_message(c: connection, is_orig: bool, msg_type: count, length: count) &priority=5
 	{
 	set_session(c);