From 0771eb1e0ecd68cb1bf7ec2dbf80bd4ea0928005 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 7 Oct 2019 16:02:16 +0200 Subject: [PATCH] detect/ja3: print error for one rule only Use 'silent error' logic for any other rules using ja3 as well. --- src/detect-tls-ja3-hash.c | 9 +++++++-- src/detect-tls-ja3-string.c | 8 ++++++-- src/detect-tls-ja3s-hash.c | 8 ++++++-- src/detect-tls-ja3s-string.c | 8 ++++++-- src/util-ja3.c | 14 +++++++++----- 5 files changed, 34 insertions(+), 13 deletions(-) diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c index 96cfc02f66..f83a568c6f 100644 --- a/src/detect-tls-ja3-hash.c +++ b/src/detect-tls-ja3-hash.c @@ -114,6 +114,7 @@ void DetectTlsJa3HashRegister(void) * * \retval 0 On success * \retval -1 On failure + * \retval -2 on failure that should be silent after the first */ static int DetectTlsJa3HashSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) { @@ -127,8 +128,12 @@ static int DetectTlsJa3HashSetup(DetectEngineCtx *de_ctx, Signature *s, const ch SSLEnableJA3(); /* Check if JA3 is disabled */ - if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) - return -1; + if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) { + if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3_HASH)) { + SCLogError(SC_WARN_JA3_DISABLED, "ja3 support is not enabled"); + } + return -2; + } return 0; } diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c index 79d2d2769e..199e6e80e8 100644 --- a/src/detect-tls-ja3-string.c +++ b/src/detect-tls-ja3-string.c @@ -117,8 +117,12 @@ static int DetectTlsJa3StringSetup(DetectEngineCtx *de_ctx, Signature *s, const SSLEnableJA3(); /* Check if JA3 is disabled */ - if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) - return -1; + if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) { + if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3_STRING)) { + SCLogError(SC_WARN_JA3_DISABLED, "ja3(s) support is not enabled"); + } + return -2; + } return 0; } diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c index 586b0bbeb8..daddc1bef6 100644 --- a/src/detect-tls-ja3s-hash.c +++ b/src/detect-tls-ja3s-hash.c @@ -126,8 +126,12 @@ static int DetectTlsJa3SHashSetup(DetectEngineCtx *de_ctx, Signature *s, const c SSLEnableJA3(); /* Check if JA3 is disabled */ - if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) - return -1; + if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) { + if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3S_HASH)) { + SCLogError(SC_WARN_JA3_DISABLED, "ja3(s) support is not enabled"); + } + return -2; + } return 0; } diff --git a/src/detect-tls-ja3s-string.c b/src/detect-tls-ja3s-string.c index 85f9696a0f..74af16234d 100644 --- a/src/detect-tls-ja3s-string.c +++ b/src/detect-tls-ja3s-string.c @@ -116,8 +116,12 @@ static int DetectTlsJa3SStringSetup(DetectEngineCtx *de_ctx, Signature *s, const SSLEnableJA3(); /* Check if JA3 is disabled */ - if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) - return -1; + if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) { + if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3S_STRING)) { + SCLogError(SC_WARN_JA3_DISABLED, "ja3(s) support is not enabled"); + } + return -2; + } return 0; } diff --git a/src/util-ja3.c b/src/util-ja3.c index 89ebcc63b1..c937920009 100644 --- a/src/util-ja3.c +++ b/src/util-ja3.c @@ -264,16 +264,20 @@ int Ja3IsDisabled(const char *type) { bool is_enabled = SSLJA3IsEnabled(); if (is_enabled == 0) { - SCLogWarning(SC_WARN_JA3_DISABLED, "JA3 is disabled, skipping %s", - type); + if (strcmp(type, "rule") != 0) { + SCLogWarning(SC_WARN_JA3_DISABLED, "JA3 is disabled, skipping %s", + type); + } return 1; } #ifndef HAVE_NSS else { - SCLogWarning(SC_WARN_NO_JA3_SUPPORT, - "no MD5 calculation support built in (LibNSS), skipping %s", - type); + if (strcmp(type, "rule") != 0) { + SCLogWarning(SC_WARN_NO_JA3_SUPPORT, + "no MD5 calculation support built in (LibNSS), skipping %s", + type); + } return 1; } #endif /* HAVE_NSS */