rule_sslprofiler.tcl

when RULE_INIT {
    set static::DEBUG_PMAP_SSL 0
}

when CLIENT_ACCEPTED {
    virtual vs_jefjos_443
    TCP::collect
    set clientside_datahitcounter 0
    set serverside_datahitcounter 0

    array set pmap [call ProtocolProfilerInit::init_ssl]
}

when CLIENT_DATA {
    set clientrecord_counter 0
    incr clientside_datahitcounter

    set client_payload_in_hex ""
    binary scan [TCP::payload] H* client_payload_in_hex

    # Split the payload by SSL records (put them in an array named 'potential_records')
    for { set i 0 } { $i < [string length $client_payload_in_hex] } { set i [expr {$i + 2}] } {
        set clientside_potential_sslcontenttype "0x[substr $client_payload_in_hex $i 2]"
        if { [info exists static::tmap_contenttype($clientside_potential_sslcontenttype)] } {
            set clientside_potential_sslversion "0x[substr $client_payload_in_hex [expr {$i+2}] 4]"
            if { [info exists static::tmap_version($clientside_potential_sslversion)] } {
                set clientside_potential_ssllength "[expr 0x[substr $client_payload_in_hex [expr {$i+6}] 4]]"
                set clientside_potential_sslmessage "0x[substr $client_payload_in_hex [expr {$i+10}] 2]"
                set clientside_potential_fullrecord "[substr $client_payload_in_hex $i [expr {10+$clientside_potential_ssllength*2}]]"
                set clientside_potential_records($clientrecord_counter) $clientside_potential_fullrecord
                incr clientrecord_counter
            }
        }
    }

    # Run through the detected SSL records
    for { set clientrecord_index 0 } { $clientrecord_index < $clientrecord_counter } { incr clientrecord_index } {
        #log local0. $clientside_potential_records($clientrecord_index)
        log -noname local0. "C->S"
        call ProtocolProfilerProcs::mapProtocol 0 $clientside_potential_records($clientrecord_index) 0 {} "" [array get pmap] $static::DEBUG_PMAP_SSL
        log -noname local0. ""
        log -noname local0. ""
        log -noname local0. ""
    }

    if { [LB::status] == "up" } {
        serverside { TCP::collect }
    }
    TCP::release
    TCP::collect
}

when SERVER_CONNECTED {
    TCP::collect
}

when SERVER_DATA {
    set serverrecord_counter 0
    incr serverside_datahitcounter

    set server_payload_in_hex ""
    binary scan [TCP::payload] H* server_payload_in_hex

    # Split the payload by SSL records (put them in an array named 'potential_records')
    for { set i 0 } { $i < [string length $server_payload_in_hex] } { set i [expr {$i + 2}] } {
        set serverside_potential_sslcontenttype "0x[substr $server_payload_in_hex $i 2]"
        if { [info exists static::tmap_contenttype($serverside_potential_sslcontenttype)] } {
            set serverside_potential_sslversion "0x[substr $server_payload_in_hex [expr {$i+2}] 4]"
            if { [info exists static::tmap_version($serverside_potential_sslversion)] } {
                set serverside_potential_ssllength "[expr 0x[substr $server_payload_in_hex [expr {$i+6}] 4]]"
                set serverside_potential_sslmessage "0x[substr $server_payload_in_hex [expr {$i+10}] 2]"
                set serverside_potential_fullrecord "[substr $server_payload_in_hex $i [expr {10+$serverside_potential_ssllength*2}]]"
                set serverside_potential_records($serverrecord_counter) $serverside_potential_fullrecord
                incr serverrecord_counter
            }
        }
    }

    # Run through the detected SSL records
    for { set serverrecord_index 0 } { $serverrecord_index < $serverrecord_counter } { incr serverrecord_index } {
        #log local0. $serverside_potential_records($serverrecord_index)
        log -noname local0. "S->C"
        call ProtocolProfilerProcs::mapProtocol 0 $serverside_potential_records($serverrecord_index) 0 {} "" [array get pmap] $static::DEBUG_PMAP_SSL
        log -noname local0. ""
        log -noname local0. ""
        log -noname local0. ""
    }

    TCP::release
    clientside { TCP::collect }
    TCP::collect
}