You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems feasible, but not trivial for the general case.
Critical points:
there is no standard way to know if there will be a TLS handshake (unlike FTP where we have AUTH TLS message or IMAP with STARTTLS). We need some kind of heuristic: with some luck we might reuse the ones that we are already using for OpenVPN detection in the first place
fragmentation: TLS messages might be split in fragments (in the same UDP packet, or in different ones). nDPI lacks a generic way to reassemble data
classification results: OpenVPN/TLS? What if we have a TLS subclassification via SNI or certificate? TLS/SUB_PROTOCOL, losing the information about OpenVPN? Please, note that (with the current logic/code) we need to have TLS in the result, because we write to flow->protos.tls_quic
The text was updated successfully, but these errors were encountered:
It seems feasible, but not trivial for the general case.
Critical points:
flow->protos.tls_quicThe text was updated successfully, but these errors were encountered: