aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/ja3: print error for one rule only

Browse Source 
Use 'silent error' logic for any other rules using ja3 as well.
pull/4289/head
Victor Julien 6 years ago
parent 4d44ca7739
commit 0771eb1e0e
5 changed files with 34 additions and 13 deletions
Show Stats Download Patch File Download Diff File

9
src/detect-tls-ja3-hash.c
Unescape Escape View File

@ -114,6 +114,7 @@ void DetectTlsJa3HashRegister(void)
* *
* \retval 0 On success * \retval 0 On success
* \retval -1 On failure * \retval -1 On failure
* \retval -2 on failure that should be silent after the first
*/ */
static int DetectTlsJa3HashSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str) static int DetectTlsJa3HashSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str)
{ {
@ -127,8 +128,12 @@ static int DetectTlsJa3HashSetup(DetectEngineCtx *de_ctx, Signature *s, const ch
SSLEnableJA3(); SSLEnableJA3();
/* Check if JA3 is disabled */ /* Check if JA3 is disabled */
if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) {
return -1; if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3_HASH)) {
SCLogError(SC_WARN_JA3_DISABLED, "ja3 support is not enabled");
}
return -2;
}
return 0; return 0;
} }

8
src/detect-tls-ja3-string.c
Unescape Escape View File

@ -117,8 +117,12 @@ static int DetectTlsJa3StringSetup(DetectEngineCtx *de_ctx, Signature *s, const
SSLEnableJA3(); SSLEnableJA3();
/* Check if JA3 is disabled */ /* Check if JA3 is disabled */
if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) {
return -1; if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3_STRING)) {
SCLogError(SC_WARN_JA3_DISABLED, "ja3(s) support is not enabled");
}
return -2;
}
return 0; return 0;
} }

8
src/detect-tls-ja3s-hash.c
Unescape Escape View File

@ -126,8 +126,12 @@ static int DetectTlsJa3SHashSetup(DetectEngineCtx *de_ctx, Signature *s, const c
SSLEnableJA3(); SSLEnableJA3();
/* Check if JA3 is disabled */ /* Check if JA3 is disabled */
if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) {
return -1; if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3S_HASH)) {
SCLogError(SC_WARN_JA3_DISABLED, "ja3(s) support is not enabled");
}
return -2;
}
return 0; return 0;
} }

8
src/detect-tls-ja3s-string.c
Unescape Escape View File

@ -116,8 +116,12 @@ static int DetectTlsJa3SStringSetup(DetectEngineCtx *de_ctx, Signature *s, const
SSLEnableJA3(); SSLEnableJA3();
/* Check if JA3 is disabled */ /* Check if JA3 is disabled */
if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) {
return -1; if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3S_STRING)) {
SCLogError(SC_WARN_JA3_DISABLED, "ja3(s) support is not enabled");
}
return -2;
}
return 0; return 0;
} }

14
src/util-ja3.c
Unescape Escape View File

@ -264,16 +264,20 @@ int Ja3IsDisabled(const char *type)
{ {
bool is_enabled = SSLJA3IsEnabled(); bool is_enabled = SSLJA3IsEnabled();
if (is_enabled == 0) { if (is_enabled == 0) {
SCLogWarning(SC_WARN_JA3_DISABLED, "JA3 is disabled, skipping %s", if (strcmp(type, "rule") != 0) {
type); SCLogWarning(SC_WARN_JA3_DISABLED, "JA3 is disabled, skipping %s",
type);
}
return 1; return 1;
} }
#ifndef HAVE_NSS #ifndef HAVE_NSS
else { else {
SCLogWarning(SC_WARN_NO_JA3_SUPPORT, if (strcmp(type, "rule") != 0) {
"no MD5 calculation support built in (LibNSS), skipping %s", SCLogWarning(SC_WARN_NO_JA3_SUPPORT,
type); "no MD5 calculation support built in (LibNSS), skipping %s",
type);
}
return 1; return 1;
} }
#endif /* HAVE_NSS */ #endif /* HAVE_NSS */

Write Preview
Loading…
Cancel
Save