func()

in pcap-cli/internal/transformer/json_tls_translator.go [108:152]

• 36 lines of code
• 9 McCabe index (conditional complexity)

func (t *JSONPcapTranslator) decodeTLSRecords(it uint8, data []byte, TLS *gabs.Container) error {
	if len(data) < 5 {
		return errors.New("TLS record too short")
	}

	var h layers.TLSRecordHeader
	h.ContentType = layers.TLSType(data[0])
	h.Version = layers.TLSVersion(binary.BigEndian.Uint16(data[1:3]))
	h.Length = binary.BigEndian.Uint16(data[3:5])

	if h.ContentType.String() == "Unknown" {
		return errors.New("unknown TLS record type")
	}

	hl := 5 // header length
	tl := hl + int(h.Length)

	if len(data) < tl {
		return errors.New("TLS packet length mismatch")
	}

	switch h.ContentType {
	default:
		return errors.New("unknown TLS record type")
	case layers.TLSChangeCipherSpec, layers.TLSAlert, layers.TLSHandshake:
		b := data[hl:tl]
		hs := cryptobyte.String(b)
		var messageType uint8
		if !hs.ReadUint8(&messageType) {
			return errors.New("failed to decode TLS layer")
		}
		// `ClientHello` and `ApplicationData` are the only full layers we have access to;
		// see: https://github.com/google/gopacket/blob/v1.1.19/layers/tls.go#L136-L139
		// reason: when `gopacket` decodes `TLS`, it repaces content by the last layer parsed
		if messageType == 1 {
			t.translateTLSLayer_decodeClientHello(hs, TLS)
		}
	case layers.TLSApplicationData:
	}

	if len(data) == tl {
		return nil
	}
	return t.decodeTLSRecords(it+1, data[tl:], TLS)
}