diff --git a/CHANGES b/CHANGES index da005a0122..a1fa31387c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +4.1.0-dev.286 | 2021-03-08 11:24:38 +0000 + + * Allow non-TCP based protocols to use SSL analyzer. (Keith Jones) + 4.1.0-dev.284 | 2021-03-05 17:37:03 -0800 * Simplify some copy_string() usages in threading::Field (Jon Siwek, Corelight) diff --git a/VERSION b/VERSION index d8d162473c..2a1e8990f3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -4.1.0-dev.284 +4.1.0-dev.286 diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc index aeaa63a7a0..d5088a6746 100644 --- a/src/analyzer/protocol/ssl/SSL.cc +++ b/src/analyzer/protocol/ssl/SSL.cc @@ -57,8 +57,10 @@ void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig) { analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig); - assert(TCP()); - if ( TCP()->IsPartial() ) + // We purposefully accept protocols other than TCP here. SSL/TLS are a bit special; + // they are wrapped in a lot of other protocols. Some of them are UDP based - and provide + // their own reassembly on top of UDP. + if ( TCP() && TCP()->IsPartial() ) return; if ( had_gap ) diff --git a/src/analyzer/protocol/ssl/SSL.h b/src/analyzer/protocol/ssl/SSL.h index bb1ee98941..12dd2ce57c 100644 --- a/src/analyzer/protocol/ssl/SSL.h +++ b/src/analyzer/protocol/ssl/SSL.h @@ -15,7 +15,7 @@ public: explicit SSL_Analyzer(Connection* conn); ~SSL_Analyzer() override; - // Overriden from Analyzer. + // Overridden from Analyzer. void Done() override; void DeliverStream(int len, const u_char* data, bool orig) override; void Undelivered(uint64_t seq, int len, bool orig) override; @@ -27,7 +27,7 @@ public: // Get the TLS version that the server chose. 0 if not yet known. uint16_t GetNegotiatedVersion() const; - // Overriden from analyzer::tcp::TCP_ApplicationAnalyzer. + // Overridden from analyzer::tcp::TCP_ApplicationAnalyzer. void EndpointEOF(bool is_orig) override; static analyzer::Analyzer* Instantiate(Connection* conn)