From 4c15616f5cd4cb730df99438ae414ed64d430717 Mon Sep 17 00:00:00 2001
From: ales stibal <astib@mag0.net>
Date: Tue, 12 Nov 2024 13:26:48 +0100
Subject: [PATCH] ja4 - support JA4 IGNORE_SNI option

- smithproxy will complain in webhook messages
  that value is non-standard!
---
 src/policy/profiles.hpp       | 1 +
 src/proxy/mitmproxy.cpp       | 2 ++
 src/proxy/mitmproxy.hpp       | 1 +
 src/service/cfgapi/cfgapi.cpp | 7 +++++++
 src/service/cfgapi/cfgapi.hpp | 2 +-
 5 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/policy/profiles.hpp b/src/policy/profiles.hpp
index 2f18366..1830b41 100644
--- a/src/policy/profiles.hpp
+++ b/src/policy/profiles.hpp
@@ -159,6 +159,7 @@ class ProfileContent  : public socle::sobject, public CfgElement {
     bool webhook_enable = false;
     bool webhook_lock_traffic = false;
     bool ja4_tls_ch = false;
+    bool ja4_tls_ch_ignore_sni = false;
     bool ja4_tls_sh = false;
     bool ja4_http = false;
 
diff --git a/src/proxy/mitmproxy.cpp b/src/proxy/mitmproxy.cpp
index 9c24638..e34b400 100644
--- a/src/proxy/mitmproxy.cpp
+++ b/src/proxy/mitmproxy.cpp
@@ -310,6 +310,7 @@ void MitmProxy::webhook_session_stop() const {
                   { "bytes_up", uB },
                   { "bytes_down", dB },
                   { "ja4_ch", ja4.ClientHello },
+                  { "ja4_ch_ignore_sni", acct_opts.ja4_clienthello_ignore_sni },
                   { "ja4_sh", ja4.ServerHello },
     };
 
@@ -811,6 +812,7 @@ bool MitmProxy::handle_com_response_ssl(MitmHostCX* mh)
         // we are always left context
         if (scom && !scom->client_hello_buffer().empty()) {
             sx::ja4::TLSClientHello ch;
+            ch.ignore_sni = acct_opts.ja4_clienthello_ignore_sni;
             auto const &ch_buf = scom->client_hello_buffer();
 
             // yes, some copying :( - in c++20 is span, but we are still at c++17
diff --git a/src/proxy/mitmproxy.hpp b/src/proxy/mitmproxy.hpp
index 06e5ad0..eb7f8d3 100644
--- a/src/proxy/mitmproxy.hpp
+++ b/src/proxy/mitmproxy.hpp
@@ -130,6 +130,7 @@ class MitmProxy : public baseProxy, public socle::sobject, public IOController {
     struct Opts_Accounting {
         bool details = true;
         bool ja4_clienthello = false;
+        bool ja4_clienthello_ignore_sni = false;
         bool ja4_serverhello = false;
         bool ja4_http = false;
     } acct_opts;
diff --git a/src/service/cfgapi/cfgapi.cpp b/src/service/cfgapi/cfgapi.cpp
index 804b63b..54102b2 100644
--- a/src/service/cfgapi/cfgapi.cpp
+++ b/src/service/cfgapi/cfgapi.cpp
@@ -515,6 +515,10 @@ bool CfgFactory::upgrade_schema(int upgrade_to_num) {
         log.event(INF, "added content_profile.[x].ja4_http");
         return true;
     }
+    else if(upgrade_to_num == 1038) {
+        log.event(INF, "added content_profile.[x].ja4_tls_ch_ignore_sni");
+        return true;
+    }
 
 
     return false;
@@ -2139,6 +2143,7 @@ int CfgFactory::load_db_prof_content () {
         load_if_exists(cur_object, "webhook_enable", new_profile->webhook_enable);
         load_if_exists(cur_object, "webhook_lock_traffic", new_profile->webhook_lock_traffic);
         load_if_exists(cur_object, "ja4_tls_ch", new_profile->ja4_tls_ch);
+        load_if_exists(cur_object, "ja4_tls_ch_ignore_sni", new_profile->ja4_tls_ch_ignore_sni);
 
         load_if_exists(cur_object, "ja4_tls_sh", new_profile->ja4_tls_sh);
         // I's quite costy (2x dynamic casts) to set this per-connection.
@@ -2643,6 +2648,7 @@ bool CfgFactory::prof_content_apply (baseHostCX *originator, MitmProxy *mitm_pro
             mitm_proxy->writer_opts()->webhook_lock_traffic = pc->webhook_lock_traffic;
 
             mitm_proxy->acct_opts.ja4_clienthello = pc->ja4_tls_ch;
+            mitm_proxy->acct_opts.ja4_clienthello_ignore_sni = pc->ja4_tls_ch_ignore_sni;
             mitm_proxy->acct_opts.ja4_serverhello = pc->ja4_tls_sh;
             mitm_proxy->acct_opts.ja4_http = pc->ja4_http;
             auto* mh = MitmHostCX::from_baseHostCX(originator);
@@ -3926,6 +3932,7 @@ int CfgFactory::save_content_profiles(Config& ex) const {
         item.add("webhook_enable", Setting::TypeBoolean) = obj->webhook_enable;
         item.add("webhook_lock_traffic", Setting::TypeBoolean) = obj->webhook_lock_traffic;
         item.add("ja4_tls_ch", Setting::TypeBoolean) = obj->ja4_tls_ch;
+        item.add("ja4_tls_ch_ignore_sni", Setting::TypeBoolean) = obj->ja4_tls_ch_ignore_sni;
         item.add("ja4_tls_sh", Setting::TypeBoolean) = obj->ja4_tls_sh;
         item.add("ja4_http", Setting::TypeBoolean) = obj->ja4_http;
         item.add("rules_session_filter", Setting::TypeString) = obj->rules_session_filter;
diff --git a/src/service/cfgapi/cfgapi.hpp b/src/service/cfgapi/cfgapi.hpp
index 92df00f..de0828a 100644
--- a/src/service/cfgapi/cfgapi.hpp
+++ b/src/service/cfgapi/cfgapi.hpp
@@ -202,7 +202,7 @@ class CfgFactory : public CfgFactoryBase {
 public:
     // Each version bump implies a config upgrade - we start on 1000
     // see upgrade_schema() - control config upgrade
-    constexpr static inline const int SCHEMA_VERSION  = 1037;
+    constexpr static inline const int SCHEMA_VERSION  = 1038;
 
     static inline std::atomic_bool LOAD_ERRORS = false;