util-ja3: add function to check if JA3 is disabled

7 years ago · d4af90032e
parent 0c16cd0120
commit d4af90032e
2 changed files with 37 additions and 0 deletions
--- a/src/util-ja3.c
+++ b/src/util-ja3.c
@ -247,3 +247,38 @@ char *Ja3GenerateHash(JA3Buffer *buffer)
 #endif /* HAVE_NSS */

 }
+
+/**
+ * \brief Check if JA3 is disabled.
+ *
+ * Issue warning if JA3 is disabled or if we are lacking support for JA3.
+ *
+ * \param type Type to add to warning.
+ *
+ * \retval 1 if disabled.
+ * \retval 0 otherwise.
+ */
+int Ja3IsDisabled(const char *type)
+{
+    int is_enabled = 0;
+
+    /* Check if JA3 is enabled */
+    ConfGetBool("app-layer.protocols.tls.ja3-fingerprints", &is_enabled);
+
+    if (is_enabled == 0) {
+        SCLogWarning(SC_WARN_JA3_DISABLED, "JA3 is disabled, skipping %s",
+                     type);
+        return 1;
+    }
+
+#ifndef HAVE_NSS
+    else {
+        SCLogWarning(SC_WARN_NO_JA3_SUPPORT,
+                     "no MD5 calculation support build in, skipping %s",
+                     type);
+        return 1;
+    }
+#endif /* HAVE_NSS */
+
+    return 0;
+}
--- a/src/util-ja3.h
+++ b/src/util-ja3.h
@ -37,5 +37,7 @@ void Ja3BufferFree(JA3Buffer *);
 int Ja3BufferAppendBuffer(JA3Buffer *, JA3Buffer *);
 int Ja3BufferAddValue(JA3Buffer *, uint32_t);
 char *Ja3GenerateHash(JA3Buffer *);
+int Ja3IsDisabled(const char *);

 #endif /* __UTIL_JA3_H__ */
+