mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Fix ssl-log-ext omitting data in some cases
ssl-log-ext had a bug that caused data present in the SSL connection to not be logged in some cases. Specifically, the script relied on the base ssl script to initialize some data structures; however, this means that protocol messages that arrive before a message is handled by the base ssl script are not logged. This commit changes the ssl-log-ext script to also initialize the data structures; now messages are correctly included in the log in all cases.
This commit is contained in:
Johanna Amann
parent
28b33b5c0d
commit
46e54bab76
3 changed files with 26 additions and 24 deletions
|
|
@ -4,6 +4,8 @@
|
|||
|
||||
@load base/protocols/ssl
|
||||
|
||||
module SSL;
|
||||
|
||||
redef record SSL::Info += {
|
||||
## Numeric version of the server in the server hello
|
||||
server_version: count &log &optional;
|
||||
|
|
@ -48,8 +50,7 @@ redef record SSL::Info += {
|
|||
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
return;
|
||||
set_session(c);
|
||||
|
||||
c$ssl$client_ciphers = ciphers;
|
||||
c$ssl$client_version = version;
|
||||
|
|
@ -58,8 +59,7 @@ event ssl_client_hello(c: connection, version: count, record_version: count, pos
|
|||
|
||||
event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count)
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
return;
|
||||
set_session(c);
|
||||
|
||||
c$ssl$server_version = version;
|
||||
c$ssl$comp_method = comp_method;
|
||||
|
|
@ -67,16 +67,14 @@ event ssl_server_hello(c: connection, version: count, record_version: count, pos
|
|||
|
||||
event ssl_session_ticket_handshake(c: connection, ticket_lifetime_hint: count, ticket: string)
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
return;
|
||||
set_session(c);
|
||||
|
||||
c$ssl$ticket_lifetime_hint = ticket_lifetime_hint;
|
||||
}
|
||||
|
||||
event ssl_extension(c: connection, is_client: bool, code: count, val: string)
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
return;
|
||||
set_session(c);
|
||||
|
||||
if ( is_client )
|
||||
{
|
||||
|
|
@ -94,24 +92,27 @@ event ssl_extension(c: connection, is_client: bool, code: count, val: string)
|
|||
|
||||
event ssl_extension_ec_point_formats(c: connection, is_client: bool, point_formats: index_vec)
|
||||
{
|
||||
if ( ! c?$ssl || ! is_client )
|
||||
if ( ! is_client )
|
||||
return;
|
||||
|
||||
set_session(c);
|
||||
|
||||
c$ssl$point_formats = point_formats;
|
||||
}
|
||||
|
||||
event ssl_extension_elliptic_curves(c: connection, is_client: bool, curves: index_vec)
|
||||
{
|
||||
if ( ! c?$ssl || ! is_client )
|
||||
if ( ! is_client )
|
||||
return;
|
||||
|
||||
set_session(c);
|
||||
|
||||
c$ssl$client_curves = curves;
|
||||
}
|
||||
|
||||
event ssl_extension_application_layer_protocol_negotiation(c: connection, is_client: bool, names: string_vec)
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
return;
|
||||
set_session(c);
|
||||
|
||||
if ( is_client )
|
||||
c$ssl$orig_alpn = names;
|
||||
|
|
@ -119,8 +120,7 @@ event ssl_extension_application_layer_protocol_negotiation(c: connection, is_cli
|
|||
|
||||
event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string)
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
return;
|
||||
set_session(c);
|
||||
|
||||
local key_length = |Ys| * 8; # key length in bits
|
||||
c$ssl$dh_param_size = key_length;
|
||||
|
|
@ -128,8 +128,7 @@ event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string)
|
|||
|
||||
event ssl_extension_supported_versions(c: connection, is_client: bool, versions: index_vec)
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
return;
|
||||
set_session(c);
|
||||
|
||||
if ( is_client )
|
||||
c$ssl$client_supported_versions = versions;
|
||||
|
|
@ -139,16 +138,17 @@ event ssl_extension_supported_versions(c: connection, is_client: bool, versions:
|
|||
|
||||
event ssl_extension_psk_key_exchange_modes(c: connection, is_client: bool, modes: index_vec)
|
||||
{
|
||||
if ( ! c?$ssl || ! is_client )
|
||||
if ( ! is_client )
|
||||
return;
|
||||
|
||||
set_session(c);
|
||||
|
||||
c$ssl$psk_key_exchange_modes = modes;
|
||||
}
|
||||
|
||||
event ssl_extension_key_share(c: connection, is_client: bool, curves: index_vec)
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
return;
|
||||
set_session(c);
|
||||
|
||||
if ( is_client )
|
||||
c$ssl$client_key_share_groups = curves;
|
||||
|
|
@ -158,9 +158,11 @@ event ssl_extension_key_share(c: connection, is_client: bool, curves: index_vec)
|
|||
|
||||
event ssl_extension_signature_algorithm(c: connection, is_client: bool, signature_algorithms: signature_and_hashalgorithm_vec)
|
||||
{
|
||||
if ( ! c?$ssl || ! is_client )
|
||||
if ( ! is_client )
|
||||
return;
|
||||
|
||||
set_session(c);
|
||||
|
||||
local sigalgs: index_vec = vector();
|
||||
local hashalgs: index_vec = vector();
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue