From 06ad72e83ed06068dbb3fae2e388591763005f38 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 2 May 2025 14:32:22 +0200
Subject: [PATCH] quic: ja3 getter function uses direction

so that future lua code can specify a direction
---
 rust/src/quic/detect.rs | 20 ++++++++++++--------
 src/util-ja3.c          |  4 ++--
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/rust/src/quic/detect.rs b/rust/src/quic/detect.rs
index f8be705340..3c2e6c78d5 100644
--- a/rust/src/quic/detect.rs
+++ b/rust/src/quic/detect.rs
@@ -15,7 +15,7 @@
  * 02110-1301, USA.
  */
 
-use crate::core::DetectEngineThreadCtx;
+use crate::core::{DetectEngineThreadCtx, STREAM_TOCLIENT, STREAM_TOSERVER};
 use crate::quic::quic::QuicTransaction;
 use std::os::raw::c_void;
 use std::ptr;
@@ -52,17 +52,21 @@ pub unsafe extern "C" fn SCQuicTxGetSni(
 
 #[no_mangle]
 pub unsafe extern "C" fn SCQuicTxGetJa3(
-    tx: &QuicTransaction, buffer: *mut *const u8, buffer_len: *mut u32,
-) -> u8 {
+    tx: &QuicTransaction, dir: u8, buffer: *mut *const u8, buffer_len: *mut u32,
+) -> bool {
+    if tx.client {
+        if dir & STREAM_TOSERVER == 0 {
+            return false;
+        }
+    } else if dir & STREAM_TOCLIENT == 0 {
+        return false;
+    }
     if let Some(ja3) = &tx.ja3 {
         *buffer = ja3.as_ptr();
         *buffer_len = ja3.len() as u32;
-        1
-    } else {
-        *buffer = ptr::null();
-        *buffer_len = 0;
-        0
+        return true;
     }
+    return false;
 }
 
 #[no_mangle]
diff --git a/src/util-ja3.c b/src/util-ja3.c
index 4fe4302060..dbb787cfff 100644
--- a/src/util-ja3.c
+++ b/src/util-ja3.c
@@ -267,7 +267,7 @@ InspectionBuffer *Ja3DetectGetHash(DetectEngineThreadCtx *det_ctx,
         uint32_t b_len = 0;
         const uint8_t *b = NULL;
 
-        if (SCQuicTxGetJa3(txv, &b, &b_len) != 1)
+        if (!SCQuicTxGetJa3(txv, STREAM_TOSERVER | STREAM_TOCLIENT, &b, &b_len))
             return NULL;
         if (b == NULL || b_len == 0)
             return NULL;
@@ -292,7 +292,7 @@ InspectionBuffer *Ja3DetectGetString(DetectEngineThreadCtx *det_ctx,
         uint32_t b_len = 0;
         const uint8_t *b = NULL;
 
-        if (SCQuicTxGetJa3(txv, &b, &b_len) != 1)
+        if (!SCQuicTxGetJa3(txv, STREAM_TOSERVER | STREAM_TOCLIENT, &b, &b_len))
             return NULL;
         if (b == NULL || b_len == 0)
             return NULL;