fix: failed to sniff tls1.2 traffic in some cases (#135)

component/sniffing/tls.go

@@ -21,9 +21,8 @@ const (
 )
 
 var (
-	Version_Tls1_0  = []byte{0x03, 0x01}
-	Version_Tls1_2  = []byte{0x03, 0x03}
-	HandShakePrefix = []byte{ContentType_HandShake, Version_Tls1_0[0], Version_Tls1_0[1]}
+	Version_Tls1_0 = []byte{0x03, 0x01}
+	Version_Tls1_2 = []byte{0x03, 0x03}
 )
 
 // SniffTls only supports tls1.2, tls1.3
@@ -35,7 +34,7 @@ func (s *Sniffer) SniffTls() (d string, err error) {
 		return "", NotApplicableError
 	}
 
-	if !bytes.Equal(s.buf[:3], HandShakePrefix) {
+	if s.buf[0] != ContentType_HandShake || (!bytes.Equal(s.buf[1:3], Version_Tls1_0) && !bytes.Equal(s.buf[1:3], Version_Tls1_2)) {
 		return "", NotApplicableError
 	}
 

component/sniffing/tls_test.go

@@ -12,16 +12,30 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-var tlsStream, _ = hex.DecodeString("1603010200010001fc0303d90fdf25b0c7a11c3eb968604a065157a149407c139c22ed32f5c6f486ed2c04206c51c32da7f83c3c19766be60d45d264e898c77504e34915c44caa69513c2221003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100017500000013001100000e7777772e676f6f676c652e636f6d000b000403000102000a00160014001d0017001e00190018010001010102010301040010000e000c02683208687474702f312e31001600000017000000310000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b0009080304030303020301002d00020101003300260024001d00207fe08226bdc4fb1715e477506b6afe8f3abe2d20daa1f8c78c5483f1a90a9b19001500af00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
+var tlsStreamGoogle, _ = hex.DecodeString("1603010200010001fc0303d90fdf25b0c7a11c3eb968604a065157a149407c139c22ed32f5c6f486ed2c04206c51c32da7f83c3c19766be60d45d264e898c77504e34915c44caa69513c2221003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100017500000013001100000e7777772e676f6f676c652e636f6d000b000403000102000a00160014001d0017001e00190018010001010102010301040010000e000c02683208687474702f312e31001600000017000000310000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b0009080304030303020301002d00020101003300260024001d00207fe08226bdc4fb1715e477506b6afe8f3abe2d20daa1f8c78c5483f1a90a9b19001500af00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
+var tlsStreamWindowsOdinGame, _ = hex.DecodeString("16030300b8010000b403036484b04b0f87a95364166094aa611bb989a6886b4ca4f23480cfd31a1c683e8400002ac02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a010000610000001700150000126f64696e2e67616d652e6461756d2e6e6574000500050100000000000a00080006001d00170018000b00020100000d001a00180804080508060401050102010403050302030202060106030023000000170000ff01000100")
 
-func TestName(t *testing.T) {
+func TestSniffer_SniffTls(t *testing.T) {
+	tests := []struct {
+		Domain string
+		Stream []byte ""
+	}{{
+		Domain: "www.google.com",
+		Stream: tlsStreamGoogle,
+	}, {
+		Domain: "odin.game.daum.net",
+		Stream: tlsStreamWindowsOdinGame,
+	}}
 	logrus.SetLevel(logrus.DebugLevel)
-	sniffer := NewPacketSniffer(tlsStream)
-	d, err := sniffer.SniffTls()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if d == "" {
-		t.Fatal(d)
+	for _, test := range tests {
+		sniffer := NewPacketSniffer(test.Stream)
+		d, err := sniffer.SniffTls()
+		if err != nil {
+			t.Fatal(err)
+		}
+		if d != test.Domain {
+			t.Fatal(d)
+		}
+		t.Log(d)
 	}
 }