suricata
Data Structures | Macros | Typedefs | Functions
util-ja3.h File Reference
#include "detect.h"
Include dependency graph for util-ja3.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  JA3Buffer_
 

Macros

#define JA3_BUFFER_INITIAL_SIZE   128
 

Typedefs

typedef struct JA3Buffer_ JA3Buffer
 

Functions

JA3BufferJa3BufferInit (void)
 Allocate new buffer. More...
 
void Ja3BufferFree (JA3Buffer **)
 Free allocated buffer. More...
 
int Ja3BufferAppendBuffer (JA3Buffer **, JA3Buffer **)
 Append buffer to buffer. More...
 
int Ja3BufferAddValue (JA3Buffer **, uint32_t)
 Add value to buffer. More...
 
char * Ja3GenerateHash (JA3Buffer *)
 Generate Ja3 hash string. More...
 
int Ja3IsDisabled (const char *)
 Check if JA3 is disabled. More...
 
InspectionBufferJa3DetectGetHash (DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv, const int list_id)
 
InspectionBufferJa3DetectGetString (DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv, const int list_id)
 

Detailed Description

Author
Mats Klepsland mats..nosp@m.klep.nosp@m.sland.nosp@m.@gma.nosp@m.il.co.nosp@m.m

Definition in file util-ja3.h.

Macro Definition Documentation

◆ JA3_BUFFER_INITIAL_SIZE

#define JA3_BUFFER_INITIAL_SIZE   128

Definition at line 28 of file util-ja3.h.

Typedef Documentation

◆ JA3Buffer

typedef struct JA3Buffer_ JA3Buffer

Function Documentation

◆ Ja3BufferAddValue()

int Ja3BufferAddValue ( JA3Buffer **  buffer,
uint32_t  value 
)

Add value to buffer.

Parameters
bufferThe buffer.
valueThe value.
Return values
0on success.
-1on failure.

Definition at line 170 of file util-ja3.c.

References JA3_BUFFER_INITIAL_SIZE, Ja3BufferFree(), SCLogError, and SCMalloc.

Here is the call graph for this function:

◆ Ja3BufferAppendBuffer()

int Ja3BufferAppendBuffer ( JA3Buffer **  buffer1,
JA3Buffer **  buffer2 
)

Append buffer to buffer.

Append the second buffer to the first and then free it.

Parameters
buffer1The first buffer.
buffer2The second buffer.
Return values
0on success.
-1on failure.

Definition at line 106 of file util-ja3.c.

References SCFree, and SCLogError.

◆ Ja3BufferFree()

void Ja3BufferFree ( JA3Buffer **  buffer)

Free allocated buffer.

Parameters
bufferThe buffer to free.

Definition at line 54 of file util-ja3.c.

References DEBUG_VALIDATE_BUG_ON, and SCFree.

Referenced by Ja3BufferAddValue().

Here is the caller graph for this function:

◆ Ja3BufferInit()

JA3Buffer* Ja3BufferInit ( void  )

Allocate new buffer.

Returns
pointer to buffer on success.
NULL on failure.

Definition at line 39 of file util-ja3.c.

References SCCalloc.

◆ Ja3DetectGetHash()

InspectionBuffer* Ja3DetectGetHash ( DetectEngineThreadCtx det_ctx,
const DetectEngineTransforms transforms,
Flow _f,
const uint8_t  _flow_flags,
void *  txv,
const int  list_id 
)

Definition at line 259 of file util-ja3.c.

References InspectionBuffer::inspect, InspectionBufferApplyTransforms(), InspectionBufferCopy(), InspectionBufferGet(), InspectionBufferSetup(), and SC_MD5_HEX_LEN.

Here is the call graph for this function:

◆ Ja3DetectGetString()

InspectionBuffer* Ja3DetectGetString ( DetectEngineThreadCtx det_ctx,
const DetectEngineTransforms transforms,
Flow _f,
const uint8_t  _flow_flags,
void *  txv,
const int  list_id 
)

Definition at line 284 of file util-ja3.c.

References InspectionBuffer::inspect, InspectionBufferApplyTransforms(), InspectionBufferGet(), and InspectionBufferSetup().

Here is the call graph for this function:

◆ Ja3GenerateHash()

char* Ja3GenerateHash ( JA3Buffer buffer)

Generate Ja3 hash string.

Parameters
bufferThe Ja3 buffer.
Return values
pointerto hash string on success.
NULLon failure.

Definition at line 214 of file util-ja3.c.

References JA3Buffer_::data, SC_MD5_HEX_LEN, SCLogError, SCMalloc, and JA3Buffer_::used.

◆ Ja3IsDisabled()

int Ja3IsDisabled ( const char *  type)

Check if JA3 is disabled.

Issue warning if JA3 is disabled or if we are lacking support for JA3.

Parameters
typeType to add to warning.
Return values
1if disabled.
0otherwise.

Definition at line 246 of file util-ja3.c.

References SCLogWarning, SSLJA3IsEnabled(), and type.

Here is the call graph for this function: