suricata
util-ja3.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2017 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Mats Klepsland <mats.klepsland@gmail.com>
22  */
23 
24 #ifndef __UTIL_JA3_H__
25 #define __UTIL_JA3_H__
26 
27 #define JA3_BUFFER_INITIAL_SIZE 128
28 
29 #include "detect.h"
30 
31 typedef struct JA3Buffer_ {
32  char *data;
33  size_t size;
34  size_t used;
35 } JA3Buffer;
36 
37 JA3Buffer *Ja3BufferInit(void);
38 void Ja3BufferFree(JA3Buffer **);
39 int Ja3BufferAppendBuffer(JA3Buffer **, JA3Buffer **);
40 int Ja3BufferAddValue(JA3Buffer **, uint32_t);
41 char *Ja3GenerateHash(JA3Buffer *);
42 int Ja3IsDisabled(const char *);
43 
44 InspectionBuffer *Ja3DetectGetHash(DetectEngineThreadCtx *det_ctx,
45  const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
46  const int list_id);
47 
48 InspectionBuffer *Ja3DetectGetString(DetectEngineThreadCtx *det_ctx,
49  const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
50  const int list_id);
51 
52 #endif /* __UTIL_JA3_H__ */
53 
JA3Buffer_
Definition: util-ja3.h:31
DetectEngineTransforms
Definition: detect.h:400
JA3Buffer_::size
size_t size
Definition: util-ja3.h:33
Ja3BufferInit
JA3Buffer * Ja3BufferInit(void)
Allocate new buffer.
Definition: util-ja3.c:39
InspectionBuffer
Definition: detect.h:365
Flow_
Flow data structure.
Definition: flow.h:343
JA3Buffer_::data
char * data
Definition: util-ja3.h:32
Ja3IsDisabled
int Ja3IsDisabled(const char *)
Check if JA3 is disabled.
Definition: util-ja3.c:246
JA3Buffer_::used
size_t used
Definition: util-ja3.h:34
Ja3DetectGetString
InspectionBuffer * Ja3DetectGetString(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv, const int list_id)
Definition: util-ja3.c:284
DetectEngineThreadCtx_
Definition: detect.h:1058
detect.h
JA3Buffer
struct JA3Buffer_ JA3Buffer
Ja3BufferFree
void Ja3BufferFree(JA3Buffer **)
Free allocated buffer.
Definition: util-ja3.c:54
Ja3DetectGetHash
InspectionBuffer * Ja3DetectGetHash(DetectEngineThreadCtx *det_ctx, const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv, const int list_id)
Definition: util-ja3.c:259
Ja3GenerateHash
char * Ja3GenerateHash(JA3Buffer *)
Generate Ja3 hash string.
Definition: util-ja3.c:214
Ja3BufferAddValue
int Ja3BufferAddValue(JA3Buffer **, uint32_t)
Add value to buffer.
Definition: util-ja3.c:170
Ja3BufferAppendBuffer
int Ja3BufferAppendBuffer(JA3Buffer **, JA3Buffer **)
Append buffer to buffer.
Definition: util-ja3.c:106