Browse code

tls: add timestamp and sni info for a session

Stefan Mititelu authored on 14/07/2022 09:02:37
Showing 3 changed files
... ...
@@ -220,6 +220,7 @@ typedef struct tcp_connection {
220 220
 	enum tcp_conn_states state; /* connection state */
221 221
 	void* extra_data; /* extra data associated to the connection, 0 for tcp*/
222 222
 	struct timer_ln timer;
223
+	time_t timestamp;/* connection creation timestamp */
223 224
 	ticks_t timeout;/* connection timeout, after this it will be removed*/
224 225
 	ticks_t lifetime;/* connection lifetime */
225 226
 	unsigned id_hash; /* hash index in the id_hash */
... ...
@@ -1220,6 +1220,7 @@ struct tcp_connection* tcpconn_new(int sock, union sockaddr_union* su,
1220 1220
 	c->rcv.proto_reserved2=0;
1221 1221
 	c->state=state;
1222 1222
 	c->extra_data=0;
1223
+	c->timestamp=time(NULL);
1223 1224
 #ifdef USE_TLS
1224 1225
 	if (type==PROTO_TLS){
1225 1226
 		if (tls_tcpconn_init(c, sock)==-1) goto error;
... ...
@@ -115,6 +115,9 @@ static void tls_list(rpc_t* rpc, void* c)
115 115
 	struct tls_extra_data* tls_d;
116 116
 	struct tcp_connection* con;
117 117
 	int i, len, timeout;
118
+	struct tm timestamp;
119
+	char timestamp_s[128];
120
+	const char* sni;
118 121
 
119 122
 	TCPCONN_LOCK;
120 123
 	for(i = 0; i < TCP_ID_HASH_SIZE; i++) {
... ...
@@ -132,14 +135,29 @@ static void tls_list(rpc_t* rpc, void* c)
132 135
 				BUG("failed to convert destination ip");
133 136
 			dst_ip[len] = 0;
134 137
 			timeout = TICKS_TO_S(con->timeout - get_ticks_raw());
135
-			rpc->struct_add(handle, "ddsdsd",
138
+			timestamp = *localtime(&con->timestamp);
139
+			if (snprintf(timestamp_s, 128, "%d-%02d-%02d %02d:%02d:%02d", timestamp.tm_year + 1900,
140
+					timestamp.tm_mon + 1, timestamp.tm_mday, timestamp.tm_hour,
141
+					timestamp.tm_min, timestamp.tm_sec) < 0) {
142
+				timestamp_s[0] = 'N';
143
+				timestamp_s[1] = '/';
144
+				timestamp_s[2] = 'A';
145
+				timestamp_s[3] = '\0';
146
+			}
147
+			rpc->struct_add(handle, "dsdsdsd",
136 148
 					"id", con->id,
149
+					"timestamp", timestamp_s,
137 150
 					"timeout", timeout,
138 151
 					"src_ip", src_ip,
139 152
 					"src_port", con->rcv.src_port,
140 153
 					"dst_ip", dst_ip,
141 154
 					"dst_port", con->rcv.dst_port);
142 155
 			if (tls_d) {
156
+				sni = SSL_get_servername(tls_d->ssl, TLSEXT_NAMETYPE_host_name);
157
+				if (sni == NULL) {
158
+					sni = "N/A";
159
+				}
160
+
143 161
 				if(SSL_get_current_cipher(tls_d->ssl)) {
144 162
 					tls_info = SSL_CIPHER_description(
145 163
 									SSL_get_current_cipher(tls_d->ssl),
... ...
@@ -166,7 +184,8 @@ static void tls_list(rpc_t* rpc, void* c)
166 184
 							state = "established";
167 185
 							break;
168 186
 					}
169
-					rpc->struct_add(handle, "sddds",
187
+					rpc->struct_add(handle, "ssddds",
188
+							"sni", sni,
170 189
 							"cipher", tls_info,
171 190
 							"ct_wq_size", tls_d->ct_wq?
172 191
 											tls_d->ct_wq->queued:0,