quic: ja3 getter function uses direction

so that future lua code can specify a direction
3 months ago · 06ad72e83e
parent d1bca4a9b9
commit 06ad72e83e
2 changed files with 14 additions and 10 deletions
--- a/rust/src/quic/detect.rs
+++ b/rust/src/quic/detect.rs
@ -15,7 +15,7 @@
 * 02110-1301, USA.
 */

-use crate::core::DetectEngineThreadCtx;
+use crate::core::{DetectEngineThreadCtx, STREAM_TOCLIENT, STREAM_TOSERVER};
 use crate::quic::quic::QuicTransaction;
 use std::os::raw::c_void;
 use std::ptr;
@ -52,17 +52,21 @@ pub unsafe extern "C" fn SCQuicTxGetSni(

 #[no_mangle]
 pub unsafe extern "C" fn SCQuicTxGetJa3(
-    tx: &QuicTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
-) -> u8 {
+    tx: &QuicTransaction, dir: u8, buffer: *mut *const u8, buffer_len: *mut u32,
+) -> bool {
+    if tx.client {
+        if dir & STREAM_TOSERVER == 0 {
+            return false;
+        }
+    } else if dir & STREAM_TOCLIENT == 0 {
+        return false;
+    }
    if let Some(ja3) = &tx.ja3 {
        *buffer = ja3.as_ptr();
        *buffer_len = ja3.len() as u32;
-        1
-    } else {
-        *buffer = ptr::null();
-        *buffer_len = 0;
-        0
+        return true;
    }
+    return false;
 }

 #[no_mangle]
--- a/src/util-ja3.c
+++ b/src/util-ja3.c
@ -267,7 +267,7 @@ InspectionBuffer *Ja3DetectGetHash(DetectEngineThreadCtx *det_ctx,
        uint32_t b_len = 0;
        const uint8_t *b = NULL;

-        if (SCQuicTxGetJa3(txv, &b, &b_len) != 1)
+        if (!SCQuicTxGetJa3(txv, STREAM_TOSERVER | STREAM_TOCLIENT, &b, &b_len))
            return NULL;
        if (b == NULL || b_len == 0)
            return NULL;
@ -292,7 +292,7 @@ InspectionBuffer *Ja3DetectGetString(DetectEngineThreadCtx *det_ctx,
        uint32_t b_len = 0;
        const uint8_t *b = NULL;

-        if (SCQuicTxGetJa3(txv, &b, &b_len) != 1)
+        if (!SCQuicTxGetJa3(txv, STREAM_TOSERVER | STREAM_TOCLIENT, &b, &b_len))
            return NULL;
        if (b == NULL || b_len == 0)
            return NULL;