suricata
detect-tls-ja3-hash.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "debug.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-prefilter.h"
#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-tls-ja3-hash.h"
#include "flow.h"
#include "flow-util.h"
#include "flow-var.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-spm.h"
#include "util-print.h"
#include "util-ja3.h"
#include "stream-tcp.h"
#include "app-layer.h"
#include "app-layer-ssl.h"
#include "util-unittest-helper.h"
Include dependency graph for detect-tls-ja3-hash.c:

Go to the source code of this file.

Functions

void DetectTlsJa3HashRegister (void)
 Registration function for keyword: ja3_hash. More...
 

Detailed Description

Author
Mats Klepsland mats..nosp@m.klep.nosp@m.sland.nosp@m.@gma.nosp@m.il.co.nosp@m.m

Implements support for ja3_hash keyword.

Definition in file detect-tls-ja3-hash.c.

Function Documentation

void DetectTlsJa3HashRegister ( void  )

Registration function for keyword: ja3_hash.

Definition at line 76 of file detect-tls-ja3-hash.c.

References Flow_::alproto, Signature_::alproto, ALPROTO_TLS, Flow_::alstate, AppLayerParserParse(), AppLayerParserThreadCtxAlloc(), AppLayerParserThreadCtxFree(), DetectContentData_::content, DetectContentData_::content_len, SigMatch_::ctx, DE_QUIET, SigTableElmt_::desc, DETECT_AL_TLS_JA3_HASH, DETECT_CONTENT, DETECT_CONTENT_NOCASE, DetectAppLayerInspectEngineRegister2(), DetectAppLayerMpmRegister2(), DetectBufferSetActiveList(), DetectBufferTypeGetByName(), DetectBufferTypeRegisterSetupCallback(), DetectBufferTypeRegisterValidateCallback(), DetectBufferTypeSetDescriptionByName(), DetectEngineAppendSig(), DetectEngineCtxFree(), DetectEngineCtxInit(), DetectEngineInspectBufferGeneric(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtxInit(), DOC_URL, DOC_VERSION, FAIL_IF, FAIL_IF_NOT, FAIL_IF_NULL, FALSE, DetectContentData_::flags, Flow_::flags, Packet_::flags, DetectEngineCtx_::flags, SigTableElmt_::flags, Packet_::flow, FLOW_DESTROY, FLOW_INITIALIZE, FLOW_IPV4, FLOW_PKT_ESTABLISHED, FLOW_PKT_TOSERVER, Packet_::flowflags, FlowGetProtoMapping(), FLOWLOCK_UNLOCK, FLOWLOCK_WRLOCK, SigTableElmt_::Free, Signature_::id, Signature_::init_data, InspectionBuffer::inspect, InspectionBufferApplyTransforms(), InspectionBufferGet(), InspectionBufferSetup(), SSLState_::ja3_hash, Ja3IsDisabled(), SigTableElmt_::Match, mpm_default_matcher, DetectEngineCtx_::mpm_matcher, SigTableElmt_::name, SigMatch_::next, PacketAlertCheck(), PASS, PKT_HAS_FLOW, PKT_STREAM_EST, PrefilterGenericMpmRegister(), Flow_::proto, Flow_::protoctx, Flow_::protomap, SigTableElmt_::RegisterTests, RunmodeIsUnittests(), SC_WARN_POOR_RULE, SCLogWarning, SigTableElmt_::Setup, SIG_FLAG_TOSERVER, SigGroupBuild(), SIGMATCH_NOOPT, sigmatch_table, SigMatchSignatures(), SignatureInitData_::smlists, DetectContentData_::spm_ctx, DetectEngineCtx_::spm_global_thread_ctx, SpmDestroyCtx(), SpmInitCtx(), str, STREAM_TOSERVER, StreamTcpFreeConfig(), StreamTcpInitConfig(), TRUE, SigMatch_::type, SigTableElmt_::url, UTHBuildPacketReal(), UTHFreePacket(), and UtRegisterTest().

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function: