Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 12:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

add information about server chosen protocol to ssl.log, if provided by alpn.

Browse source 
This is e.g. used to negotiate spdy or http/2
This commit is contained in:
Johanna Amann 2014-08-04 22:16:09 -07:00
parent 026233d1f2
commit 14d265482a
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
scripts/base/protocols/ssl/main.bro
View file

@ -41,6 +41,9 @@ export {
client_key_exchange_seen: bool &default=F; client_key_exchange_seen: bool &default=F;
## Last alert that was seen during the connection. ## Last alert that was seen during the connection.
last_alert: string &log &optional; last_alert: string &log &optional;
## Next protocol the server chose using the application layer
## next protocol extension, if present.
next_protocol: string &log &optional;
## The analyzer ID used for the analyzer instance attached ## The analyzer ID used for the analyzer instance attached
## to each connection. It is not used for logging since it's a ## to each connection. It is not used for logging since it's a
@ -199,6 +202,17 @@ event ssl_extension_server_name(c: connection, is_orig: bool, names: string_vec)
} }
} }
event ssl_extension_application_layer_protocol_negotiation(c: connection, is_orig: bool, protocols: string_vec)
{
set_session(c);
if ( is_orig )
return;
if ( |protocols| > 0 )
c$ssl$next_protocol = protocols[0];
}
event ssl_handshake_message(c: connection, is_orig: bool, msg_type: count, length: count) &priority=5 event ssl_handshake_message(c: connection, is_orig: bool, msg_type: count, length: count) &priority=5
{ {
set_session(c); set_session(c);