From ed6ece983b6e8b6c4e1e82746108f266c4a0837a Mon Sep 17 00:00:00 2001 From: syncpark Date: Mon, 22 Apr 2024 15:07:59 +0900 Subject: [PATCH] Modify Tls structure - client_cipher_suites, client_extensions, extensions --- CHANGELOG.md | 8 ++++++++ src/ingest/network.rs | 8 +++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c3ea93..4bcbb4d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,13 @@ file is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [Unreleased] + +### Changed + +- Modified tls event structure to store: `client_cipher_suites`, `client_extensions`, +`extensions` + ## [0.16.0] - 2024-02-16 ### Changed @@ -225,6 +232,7 @@ Versioning](https://semver.org/spec/v2.0.0.html). - Move from giganto +[Unreleased]: https://github.com/aicers/giganto-client/compare/0.16.0...main [0.16.0]: https://github.com/aicers/giganto-client/compare/0.15.2...0.16.0 [0.15.2]: https://github.com/aicers/giganto-client/compare/0.15.1...0.15.2 [0.15.1]: https://github.com/aicers/giganto-client/compare/0.15.0...0.15.1 diff --git a/src/ingest/network.rs b/src/ingest/network.rs index 5819d85..3fbc3d1 100644 --- a/src/ingest/network.rs +++ b/src/ingest/network.rs @@ -730,7 +730,10 @@ pub struct Tls { pub alpn_protocol: String, pub ja3: String, pub version: String, + pub client_cipher_suites: Vec, + pub client_extensions: Vec, pub cipher: u16, + pub extensions: Vec, pub ja3s: String, pub serial: String, pub subject_country: String, @@ -750,7 +753,7 @@ impl Display for Tls { fn fmt(&self, f: &mut Formatter) -> std::fmt::Result { write!( f, - "{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}", + "{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}", self.orig_addr, self.orig_port, self.resp_addr, @@ -761,7 +764,10 @@ impl Display for Tls { as_str_or_default(&self.alpn_protocol), as_str_or_default(&self.ja3), as_str_or_default(&self.version), + vec_to_string_or_default(&self.client_cipher_suites), + vec_to_string_or_default(&self.client_extensions), self.cipher, + vec_to_string_or_default(&self.extensions), as_str_or_default(&self.ja3s), as_str_or_default(&self.serial), as_str_or_default(&self.subject_country),