suricata
detect-tls-ja3s-hash.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "debug.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-prefilter.h"
#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-tls-ja3s-hash.h"
#include "flow.h"
#include "flow-util.h"
#include "flow-var.h"
#include "conf.h"
#include "conf-yaml-loader.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-spm.h"
#include "util-print.h"
#include "util-ja3.h"
#include "stream-tcp.h"
#include "app-layer.h"
#include "app-layer-ssl.h"
#include "util-unittest-helper.h"
#include "tests/detect-tls-ja3s-hash.c"
Include dependency graph for detect-tls-ja3s-hash.c:

Go to the source code of this file.

Functions

void DetectTlsJa3SHashRegister (void)
 Registration function for keyword: ja3s.hash. More...
 

Detailed Description

Author
Mats Klepsland mats..nosp@m.klep.nosp@m.sland.nosp@m.@gma.nosp@m.il.co.nosp@m.m

Implements support for ja3s.hash keyword.

Definition in file detect-tls-ja3s-hash.c.

Function Documentation

void DetectTlsJa3SHashRegister ( void  )

Registration function for keyword: ja3s.hash.

Definition at line 78 of file detect-tls-ja3s-hash.c.

References ALPROTO_TLS, Flow_::alstate, DetectContentData_::content, DetectContentData_::content_len, SigMatch_::ctx, SigTableElmt_::desc, DETECT_AL_TLS_JA3S_HASH, DETECT_CONTENT, DETECT_CONTENT_NOCASE, DetectAppLayerInspectEngineRegister2(), DetectAppLayerMpmRegister2(), DetectBufferSetActiveList(), DetectBufferTypeGetByName(), DetectBufferTypeRegisterSetupCallback(), DetectBufferTypeRegisterValidateCallback(), DetectBufferTypeSetDescriptionByName(), DetectEngineInspectBufferGeneric(), DetectSignatureSetAppProto(), DOC_URL, DOC_VERSION, FALSE, DetectContentData_::flags, SigTableElmt_::flags, Signature_::id, Signature_::init_data, InspectionBuffer::inspect, InspectionBufferApplyTransforms(), InspectionBufferGet(), InspectionBufferSetup(), SSLStateConnp_::ja3_hash, Ja3IsDisabled(), SigTableElmt_::name, SigMatch_::next, PrefilterGenericMpmRegister(), SigTableElmt_::RegisterTests, RunmodeIsUnittests(), SC_ERR_INVALID_RULE_ARGUMENT, SC_WARN_JA3_DISABLED, SC_WARN_POOR_RULE, SCLogError, SCLogWarning, SSLState_::server_connp, SigTableElmt_::Setup, SIG_FLAG_TOCLIENT, SIGMATCH_INFO_STICKY_BUFFER, SIGMATCH_NOOPT, sigmatch_table, SigMatchSilentErrorEnabled(), SignatureInitData_::smlists, DetectContentData_::spm_ctx, DetectEngineCtx_::spm_global_thread_ctx, SpmDestroyCtx(), SpmInitCtx(), SSLEnableJA3(), str, TRUE, SigMatch_::type, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the call graph for this function:

Here is the caller graph for this function: