suricata
util-ja3.c File Reference
#include "suricata-common.h"
#include "util-validate.h"
#include "util-ja3.h"
Include dependency graph for util-ja3.c:

Go to the source code of this file.

Macros

#define MD5_STRING_LENGTH   33
 

Functions

JA3BufferJa3BufferInit (void)
 Allocate new buffer. More...
 
void Ja3BufferFree (JA3Buffer **buffer)
 Free allocated buffer. More...
 
int Ja3BufferAppendBuffer (JA3Buffer **buffer1, JA3Buffer **buffer2)
 Append buffer to buffer. More...
 
int Ja3BufferAddValue (JA3Buffer **buffer, uint32_t value)
 Add value to buffer. More...
 
char * Ja3GenerateHash (JA3Buffer *buffer)
 Generate Ja3 hash string. More...
 
int Ja3IsDisabled (const char *type)
 Check if JA3 is disabled. More...
 

Detailed Description

Author
Mats Klepsland mats..nosp@m.klep.nosp@m.sland.nosp@m.@gma.nosp@m.il.co.nosp@m.m

Functions used to generate JA3 fingerprint.

Definition in file util-ja3.c.

Macro Definition Documentation

#define MD5_STRING_LENGTH   33

Definition at line 30 of file util-ja3.c.

Referenced by Ja3GenerateHash().

Function Documentation

int Ja3BufferAddValue ( JA3Buffer **  buffer,
uint32_t  value 
)

Add value to buffer.

Parameters
bufferThe buffer.
valueThe value.
Return values
0on success.
-1on failure.

Definition at line 173 of file util-ja3.c.

References JA3_BUFFER_INITIAL_SIZE, Ja3BufferFree(), SC_ERR_INVALID_ARGUMENT, SC_ERR_MEM_ALLOC, SCLogError, and SCMalloc.

Referenced by SSLVersionToString().

Here is the call graph for this function:

Here is the caller graph for this function:

int Ja3BufferAppendBuffer ( JA3Buffer **  buffer1,
JA3Buffer **  buffer2 
)

Append buffer to buffer.

Append the second buffer to the first and then free it.

Parameters
buffer1The first buffer.
buffer2The second buffer.
Return values
0on success.
-1on failure.

Definition at line 109 of file util-ja3.c.

References Ja3BufferFree(), SC_ERR_INVALID_ARGUMENT, SCFree, SCLogError, and JA3Buffer_::used.

Referenced by SSLVersionToString().

Here is the call graph for this function:

Here is the caller graph for this function:

void Ja3BufferFree ( JA3Buffer **  buffer)

Free allocated buffer.

Parameters
bufferThe buffer to free.

Definition at line 53 of file util-ja3.c.

References JA3Buffer_::data, DEBUG_VALIDATE_BUG_ON, len, SC_ERR_MEM_ALLOC, SCFree, SCLogError, SCRealloc, JA3Buffer_::size, and JA3Buffer_::used.

Referenced by Ja3BufferAddValue(), Ja3BufferAppendBuffer(), and SSLVersionToString().

Here is the caller graph for this function:

JA3Buffer* Ja3BufferInit ( void  )

Allocate new buffer.

Returns
pointer to buffer on success.
NULL on failure.

Definition at line 38 of file util-ja3.c.

References SCCalloc.

Referenced by SSLVersionToString().

Here is the caller graph for this function:

char* Ja3GenerateHash ( JA3Buffer buffer)

Generate Ja3 hash string.

Parameters
bufferThe Ja3 buffer.
Return values
pointerto hash string on success.
NULLon failure.

Definition at line 220 of file util-ja3.c.

References JA3Buffer_::data, MD5_STRING_LENGTH, SC_ERR_INVALID_ARGUMENT, SC_ERR_INVALID_VALUE, SC_ERR_MEM_ALLOC, SCLogError, SCMalloc, and JA3Buffer_::used.

Referenced by SSLVersionToString().

Here is the caller graph for this function:

int Ja3IsDisabled ( const char *  type)

Check if JA3 is disabled.

Issue warning if JA3 is disabled or if we are lacking support for JA3.

Parameters
typeType to add to warning.
Return values
1if disabled.
0otherwise.

Definition at line 266 of file util-ja3.c.

References ConfGetBool(), SC_WARN_JA3_DISABLED, SC_WARN_NO_JA3_SUPPORT, and SCLogWarning.

Referenced by DetectTlsJa3HashRegister(), and DetectTlsJa3StringRegister().

Here is the call graph for this function:

Here is the caller graph for this function: