detect/ja3: print error for one rule only

author Victor Julien <victor@inliniac.net>

Mon, 7 Oct 2019 14:02:16 +0000 (16:02 +0200)

committer Victor Julien <victor@inliniac.net>

Wed, 9 Oct 2019 13:26:59 +0000 (15:26 +0200)
author Victor Julien <victor@inliniac.net>
Mon, 7 Oct 2019 14:02:16 +0000 (16:02 +0200)
committer Victor Julien <victor@inliniac.net>
Wed, 9 Oct 2019 13:26:59 +0000 (15:26 +0200)
diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c

index 96cfc02f66b8b1edbe305b9c2d3a2f7e99628cae..f83a568c6f520be2506b234b3115ac5737f0ab9e 100644 (file)
--- a/src/detect-tls-ja3-hash.c
+++ b/src/detect-tls-ja3-hash.c
@@ -114,6 +114,7 @@ void DetectTlsJa3HashRegister(void)
   *
   * \retval 0  On success
   * \retval -1 On failure
+ * \retval -2 on failure that should be silent after the first
   */
  static int DetectTlsJa3HashSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str)
  {
@@ -127,8 +128,12 @@ static int DetectTlsJa3HashSetup(DetectEngineCtx *de_ctx, Signature *s, const ch
      SSLEnableJA3();
  
      /* Check if JA3 is disabled */
-    if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
-        return -1;
+    if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) {
+        if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3_HASH)) {
+            SCLogError(SC_WARN_JA3_DISABLED, "ja3 support is not enabled");
+        }
+        return -2;
+    }
  
      return 0;
  }
diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c

index 79d2d2769e6bf6cc4228abd4f436a6dc581ff0d3..199e6e80e847e4673149d2c2c95f05faed74bdf7 100644 (file)
--- a/src/detect-tls-ja3-string.c
+++ b/src/detect-tls-ja3-string.c
@@ -117,8 +117,12 @@ static int DetectTlsJa3StringSetup(DetectEngineCtx *de_ctx, Signature *s, const
      SSLEnableJA3();
  
      /* Check if JA3 is disabled */
-    if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
-        return -1;
+    if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) {
+        if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3_STRING)) {
+            SCLogError(SC_WARN_JA3_DISABLED, "ja3(s) support is not enabled");
+        }
+        return -2;
+    }
  
      return 0;
  }
diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c

index 586b0bbeb81c0bac04cc6ec37f60c39988ff082b..daddc1bef6eff10305ed18a52a7b0f9196069960 100644 (file)
--- a/src/detect-tls-ja3s-hash.c
+++ b/src/detect-tls-ja3s-hash.c
@@ -126,8 +126,12 @@ static int DetectTlsJa3SHashSetup(DetectEngineCtx *de_ctx, Signature *s, const c
      SSLEnableJA3();
  
      /* Check if JA3 is disabled */
-    if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
-        return -1;
+    if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) {
+        if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3S_HASH)) {
+            SCLogError(SC_WARN_JA3_DISABLED, "ja3(s) support is not enabled");
+        }
+        return -2;
+    }
  
      return 0;
  }
diff --git a/src/detect-tls-ja3s-string.c b/src/detect-tls-ja3s-string.c

index 85f9696a0fe095dfac013b2d2cb42f0db94fa1b8..74af16234d0bcdf9f84442d29e4de7b54ef77bab 100644 (file)
--- a/src/detect-tls-ja3s-string.c
+++ b/src/detect-tls-ja3s-string.c
@@ -116,8 +116,12 @@ static int DetectTlsJa3SStringSetup(DetectEngineCtx *de_ctx, Signature *s, const
      SSLEnableJA3();
  
      /* Check if JA3 is disabled */
-    if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
-        return -1;
+    if (!RunmodeIsUnittests() && Ja3IsDisabled("rule")) {
+        if (!SigMatchSilentErrorEnabled(de_ctx, DETECT_AL_TLS_JA3S_STRING)) {
+            SCLogError(SC_WARN_JA3_DISABLED, "ja3(s) support is not enabled");
+        }
+        return -2;
+    }
  
      return 0;
  }
diff --git a/src/util-ja3.c b/src/util-ja3.c

index 89ebcc63b1c6c31b1f51ba730ef8456aec9ed55a..c937920009717ccbca0cee129731dc710fab4575 100644 (file)
--- a/src/util-ja3.c
+++ b/src/util-ja3.c
@@ -264,16 +264,20 @@ int Ja3IsDisabled(const char *type)
  {
      bool is_enabled = SSLJA3IsEnabled();
      if (is_enabled == 0) {
-        SCLogWarning(SC_WARN_JA3_DISABLED, "JA3 is disabled, skipping %s",
-                     type);
+        if (strcmp(type, "rule") != 0) {
+            SCLogWarning(SC_WARN_JA3_DISABLED, "JA3 is disabled, skipping %s",
+                    type);
+        }
          return 1;
      }
  
  #ifndef HAVE_NSS
      else {
-        SCLogWarning(SC_WARN_NO_JA3_SUPPORT,
-                     "no MD5 calculation support built in (LibNSS), skipping %s",
-                     type);
+        if (strcmp(type, "rule") != 0) {
+            SCLogWarning(SC_WARN_NO_JA3_SUPPORT,
+                    "no MD5 calculation support built in (LibNSS), skipping %s",
+                    type);
+        }
          return 1;
      }
  #endif /* HAVE_NSS */
author	Victor Julien <victor@inliniac.net>
	Mon, 7 Oct 2019 14:02:16 +0000 (16:02 +0200)
committer	Victor Julien <victor@inliniac.net>
	Wed, 9 Oct 2019 13:26:59 +0000 (15:26 +0200)
src/detect-tls-ja3-hash.c		patch \| blob \| blame \| history
src/detect-tls-ja3-string.c		patch \| blob \| blame \| history
src/detect-tls-ja3s-hash.c		patch \| blob \| blame \| history
src/detect-tls-ja3s-string.c		patch \| blob \| blame \| history
src/util-ja3.c		patch \| blob \| blame \| history