lua: add Ja3GetString function

Add Ja3GetString() to return the content of the JA3 string buffer from the
TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3_string.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3_string = Ja3GetString()
      if ja3_string == nil then
          return
      end

      file:write(ja3_string .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end

diff --git a/src/util-lua-ja3.c b/src/util-lua-ja3.c
index 962e6e8aa44c8075acbee9888f05119adbba8550..28c90a2f48aac6051163771e527a1a424cf20062 100644 (file)
--- a/src/util-lua-ja3.c
+++ b/src/util-lua-ja3.c
@@ -80,12 +80,37 @@ static int Ja3GetHash(lua_State *luastate)
                                strlen(ssl_state->ja3_hash));
 }
 
+static int Ja3GetString(lua_State *luastate)
+{
+    if (!(LuaStateNeedProto(luastate, ALPROTO_TLS)))
+        return LuaCallbackError(luastate, "error: protocol is not tls");
+
+    Flow *f = LuaStateGetFlow(luastate);
+    if (f == NULL)
+        return LuaCallbackError(luastate, "internal error: no flow");
+
+    void *state = FlowGetAppState(f);
+    if (state == NULL)
+        return LuaCallbackError(luastate, "error: no app layer state");
+
+    SSLState *ssl_state = (SSLState *)state;
+
+    if (ssl_state->ja3_str == NULL || ssl_state->ja3_str->data == NULL)
+        return LuaCallbackError(luastate, "error: no JA3 str");
+
+    return LuaPushStringBuffer(luastate, (uint8_t *)ssl_state->ja3_str->data,
+                               ssl_state->ja3_str->used);
+}
+
 /** *\brief Register JA3 Lua extensions */
 int LuaRegisterJa3Functions(lua_State *luastate)
 {
     lua_pushcfunction(luastate, Ja3GetHash);
     lua_setglobal(luastate, "Ja3GetHash");
 
+    lua_pushcfunction(luastate, Ja3GetString);
+    lua_setglobal(luastate, "Ja3GetString");
+
     return 0;
 }