From 4389d188f364a14b720fbb58aef96cb5e92ad584 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E5=AD=A6=E5=88=A9?= <liuxueli@geedgenetworks.com>
Date: Mon, 24 Jul 2023 07:17:02 +0000
Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=E4=B8=8D=E4=BE=9D=E8=B5=96ss?=
 =?UTF-8?q?l=E8=A7=A3=E6=9E=90=E5=B1=82=E7=94=9F=E6=88=90ja3=5Ffingerprint?=
 =?UTF-8?q?=EF=BC=8C=E5=A2=9E=E5=8A=A0=E6=98=AF=E5=90=A6=E7=94=9F=E6=88=90?=
 =?UTF-8?q?ja3=5Ffingerprint=E7=9A=84=E5=BC=80=E5=85=B3,=20GENERATE=5FJA3?=
 =?UTF-8?q?=5FFINGERPRINT=3D1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitlab-ci.yml                  |   2 +-
 src/CMakeLists.txt              |   4 +-
 src/tsg_bridge.cpp              |   6 +-
 src/tsg_bridge.h                |   2 +-
 src/tsg_entry.cpp               |  33 +-
 src/tsg_ssl_ja3_fingerprint.cpp | 610 ++++++++++++++++++++++++++++++++
 {inc => src}/tsg_ssl_utils.h    |   3 +
 src/tsg_variable.h              |   1 +
 test/src/CMakeLists.txt         |   7 +-
 test/src/gtest_common.cpp       |   5 -
 10 files changed, 644 insertions(+), 29 deletions(-)
 create mode 100644 src/tsg_ssl_ja3_fingerprint.cpp
 rename {inc => src}/tsg_ssl_utils.h (82%)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 756118e..10d9c8a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,7 +4,7 @@ variables:
   BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
   BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
   INSTALL_PREFIX: "/home/mesasoft/sapp_run/"
-  INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaat4-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel-1.0.10.ab7166e libfieldstat3-devel
+  INSTALL_DEPENDENCY_LIBRARY: systemd-devel libbreakpad_mini numactl-devel zlib-devel vim-common libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp sapp-devel framework_env libMESA_prof_load-devel http-devel dns-devel ftp-devel mail-devel ssl-devel librdkafka-devel libmaat4-devel quic-devel mesa_sip-devel gtp-devel libMESA_htable-devel libasan mrzcpd rapidjson-devel libMESA_jump_layer-devel stratum-devel rdp-devel dtls-devel-1.0.10.ab7166e libfieldstat3-devel openssl-devel
 
 stages:
 - analysis
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 93f3482..7a9857e 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -2,13 +2,13 @@ cmake_minimum_required(VERSION 2.8)
 
 add_definitions(-fPIC)
 
-set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp tsg_sync_state.cpp tsg_variable.cpp tsg_proxy.cpp mpack.c tsg_stat.cpp)
+set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp tsg_gtp_signaling.cpp tsg_action.cpp tsg_leaky_bucket.cpp tsg_dns.cpp tsg_icmp.cpp tsg_tamper.cpp tsg_bridge.cpp tsg_sync_state.cpp tsg_variable.cpp tsg_proxy.cpp mpack.c tsg_stat.cpp tsg_ssl_ja3_fingerprint.cpp)
 
 include_directories(${CMAKE_SOURCE_DIR}/inc)
 include_directories(/opt/MESA/include/MESA/)
 include_directories(/usr/include/)
 
-set(TSG_MASTER_DEPEND_DYN_LIB  MESA_handle_logger MESA_prof_load maat4 pthread rdkafka cjson MESA_jump_layer fieldstat3)
+set(TSG_MASTER_DEPEND_DYN_LIB  MESA_handle_logger MESA_prof_load maat4 pthread rdkafka cjson MESA_jump_layer fieldstat3 crypto)
 
 set(CMAKE_INSTALL_PREFIX /home/mesasoft/sapp_run)
 
diff --git a/src/tsg_bridge.cpp b/src/tsg_bridge.cpp
index eb324b8..700793b 100644
--- a/src/tsg_bridge.cpp
+++ b/src/tsg_bridge.cpp
@@ -355,12 +355,14 @@ int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_a
 	return 0;
 }
 
-int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint)
+int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint, int ja3_fingerprint_len)
 {
 	struct session_runtime_attribute *srt_attribute=(struct session_runtime_attribute *)session_runtime_attribute_new(a_stream);
 	if(srt_attribute)
 	{
-		srt_attribute->ja3_fingerprint=ja3_fingerprint;
+		srt_attribute->ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_fingerprint_len+1);
+		memcpy((void *)srt_attribute->ja3_fingerprint, ja3_fingerprint, ja3_fingerprint_len);
+		((char *)srt_attribute->ja3_fingerprint)[ja3_fingerprint_len]='\0';
 		return 1;
 	}
 	
diff --git a/src/tsg_bridge.h b/src/tsg_bridge.h
index bf017fd..8e2d754 100644
--- a/src/tsg_bridge.h
+++ b/src/tsg_bridge.h
@@ -196,7 +196,7 @@ const struct session_runtime_attribute *session_runtime_attribute_new(const stru
 int srt_attribute_set_protocol(const struct streaminfo * a_stream, TSG_PROTOCOL protocol);
 int srt_attribute_set_flags(const struct streaminfo * a_stream, unsigned long s_flags);
 int srt_attribute_set_establish_latecy(const struct streaminfo * a_stream);
-int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint);
+int srt_attribute_set_ja3_fingprint(const struct streaminfo *a_stream, const char *ja3_fingerprint, int ja3_fingerprint_len);
 int srt_attribute_set_reponse_size(const struct streaminfo *a_stream, int http_action_file_size);
 
 void srt_attribute_free_proxy_tcp_option(const struct streaminfo *a_stream);
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 5109a21..74c0a85 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -1443,9 +1443,8 @@ int session_l7_protocol_identify(const struct streaminfo *a_stream, struct sessi
 					return 1;
 				}
 			}
-
-			if(g_tsg_para.proto_flag&(1<<PROTO_SSL))  //ssl
-			{
+			
+			{//ssl
 				enum chello_parse_result chello_status = CHELLO_PARSE_INVALID_FORMAT;
 				struct ssl_chello *chello = NULL;
 
@@ -2042,6 +2041,19 @@ int session_flags_identify_result_cb(const struct streaminfo *a_stream, int brid
 	return 0;
 }
 
+static int session_ssl_ja3_fingerprint_generate(const struct streaminfo *a_stream)
+{
+	char ja3_fingerprint[64]={0};
+	int ja3_fingerprint_len=tsg_ssl_ja3_fingerprint_generate((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, ja3_fingerprint, sizeof(ja3_fingerprint), a_stream->threadnum);
+	if(ja3_fingerprint_len>0)
+	{
+		srt_attribute_set_ja3_fingprint(a_stream, ja3_fingerprint, ja3_fingerprint_len);
+		return 1;
+	}
+
+	return 0;
+}
+
 size_t session_pending_state_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *matched_rules, int n_matched_rules, void *a_packet)
 {
 	size_t matched_cnt=0;
@@ -2058,19 +2070,9 @@ size_t session_pending_state_deal(const struct streaminfo *a_stream, struct sess
 		srt_process_context->is_app_link=FLAG_TRUE;
 		srt_attribute_set_protocol(a_stream, srt_process_context->proto);
 
-		if(srt_process_context->proto==PROTO_SSL)
+		if(srt_process_context->proto==PROTO_SSL && g_tsg_para.generate_ja3_fingerprint==1)
 		{
-			struct ssl_ja3_info *ja3_info=ssl_get_ja3_fingerprint((struct streaminfo *)a_stream, (unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen, a_stream->threadnum);
-			if(ja3_info!=NULL)
-			{
-				if(ja3_info->fp!=NULL && ja3_info->fp_len>0)
-				{
-					char *ja3_fingerprint=(char *)dictator_malloc(a_stream->threadnum, ja3_info->fp_len+1);
-					memcpy(ja3_fingerprint, ja3_info->fp, ja3_info->fp_len);
-					ja3_fingerprint[ja3_info->fp_len]='\0';
-					srt_attribute_set_ja3_fingprint(a_stream, ja3_fingerprint);
-				}
-			}
+			session_ssl_ja3_fingerprint_generate(a_stream);
 		}
 		
 		int table_idx=tsg_domain_table_idx_get(srt_process_context->proto);
@@ -2543,6 +2545,7 @@ extern "C" int TSG_MASTER_INIT()
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "PROXY_SID", &g_tsg_para.intercept_sid, 0);
 
 	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "SCAN_IN_PACKET_STATE", &g_tsg_para.scan_in_pkt_state, 1);
+	MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "GENERATE_JA3_FINGERPRINT", &g_tsg_para.generate_ja3_fingerprint, 0);
 
 	ret=MESA_load_profile_int_def(tsg_conffile, "SYSTEM", "DEVICE_SEQ_IN_DATA_CENTER", &g_tsg_para.device_seq_in_dc, 0);
 	if(ret<0)
diff --git a/src/tsg_ssl_ja3_fingerprint.cpp b/src/tsg_ssl_ja3_fingerprint.cpp
new file mode 100644
index 0000000..0d2bdee
--- /dev/null
+++ b/src/tsg_ssl_ja3_fingerprint.cpp
@@ -0,0 +1,610 @@
+#include <ctype.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/md5.h>
+
+#ifndef MIN
+#define MIN(a, b) ((a) > (b) ? (b) : (a))
+#endif
+
+#define BSB_INIT(b, buffer, size)                     \
+    do                                                \
+    {                                                 \
+        (b).buf = (unsigned char *)buffer;            \
+        (b).ptr = (unsigned char *)buffer;            \
+        int s = (int)size;                            \
+        if ((buffer == NULL) || (s < 0))              \
+            (b).end = 0;                              \
+        else                                          \
+            (b).end = (unsigned char *)buffer + size; \
+    } while (0)
+
+#define BSB_SET_ERROR(b) ((b).end = NULL)
+#define BSB_IS_ERROR(b) ((b).end == NULL)
+#define BSB_NOT_ERROR(b) ((b).end != NULL)
+#define BSB_LENGTH(b) ((b).ptr - (b).buf)
+#define BSB_POSITION BSB_LENGTH
+#define BSB_SIZE(b) ((b).end - (b).buf)
+#define BSB_REMAINING(b) ((b).end ? (b).end - (b).ptr : 0)
+#define BSB_WORK_PTR(b) ((b).ptr)
+
+#define BSB_EXPORT_u08(b, x)                   \
+    do                                         \
+    {                                          \
+        if ((b).ptr && (b).ptr + 1 <= (b).end) \
+        {                                      \
+            *(((b).ptr)++) = (unsigned char)x; \
+        }                                      \
+        else                                   \
+            BSB_SET_ERROR(b);                  \
+    } while (0)
+
+#define BSB_EXPORT_u16(b, x)                    \
+    do                                          \
+    {                                           \
+        if ((b).ptr && (b).ptr + 2 <= (b).end)  \
+        {                                       \
+            uint16_t t = (uint16_t)x;           \
+            *(((b).ptr)++) = (t & 0xff00) >> 8; \
+            *(((b).ptr)++) = (t & 0x00ff);      \
+        }                                       \
+        else                                    \
+            BSB_SET_ERROR(b);                   \
+    } while (0)
+
+#define BSB_EXPORT_u32(b, x)                         \
+    do                                               \
+    {                                                \
+        if ((b).ptr && (b).ptr + 4 <= (b).end)       \
+        {                                            \
+            uint32_t t = x;                          \
+            *(((b).ptr)++) = (t & 0xff000000) >> 24; \
+            *(((b).ptr)++) = (t & 0x00ff0000) >> 16; \
+            *(((b).ptr)++) = (t & 0x0000ff00) >> 8;  \
+            *(((b).ptr)++) = (t & 0x000000ff);       \
+        }                                            \
+        else                                         \
+            BSB_SET_ERROR(b);                        \
+    } while (0)
+
+#define BSB_EXPORT_ptr(b, x, size)       \
+    do                                   \
+    {                                    \
+        if ((x || size == 0) &&          \
+            (b).ptr + size <= (b).end && \
+            (b).ptr + size >= (b).buf)   \
+        {                                \
+            memcpy((b).ptr, x, size);    \
+            (b).ptr += size;             \
+        }                                \
+        else                             \
+            BSB_SET_ERROR(b);            \
+    } while (0)
+
+#define BSB_EXPORT_ptr_some(b, x, size)           \
+    do                                            \
+    {                                             \
+        if ((b).ptr + size <= (b).end)            \
+        {                                         \
+            memcpy((b).ptr, x, size);             \
+            (b).ptr += size;                      \
+        }                                         \
+        else if (BSB_NOT_ERROR(b))                \
+        {                                         \
+            memcpy((b).ptr, x, BSB_REMAINING(b)); \
+            (b).ptr += BSB_REMAINING(b);          \
+        }                                         \
+    } while (0)
+
+#define BSB_EXPORT_cstr(b, x)          \
+    do                                 \
+    {                                  \
+        const int size = sizeof x - 1; \
+        if ((b).ptr + size <= (b).end) \
+        {                              \
+            memcpy((b).ptr, x, size);  \
+            (b).ptr += size;           \
+        }                              \
+        else                           \
+            BSB_SET_ERROR(b);          \
+    } while (0)
+
+#define BSB_EXPORT_skip(b, size)         \
+    do                                   \
+    {                                    \
+        if ((b).ptr + size <= (b).end && \
+            (b).ptr + size >= (b).buf)   \
+        {                                \
+            (b).ptr += size;             \
+            if ((b).ptr < (b).buf)       \
+                (b).end = 0;             \
+        }                                \
+        else                             \
+            BSB_SET_ERROR(b);            \
+    } while (0)
+
+#define BSB_EXPORT_rewind(b, size)       \
+    do                                   \
+    {                                    \
+        if ((b).ptr - size <= (b).end && \
+            (b).ptr - size >= (b).buf)   \
+        {                                \
+            (b).ptr -= size;             \
+            if ((b).ptr < (b).buf)       \
+                (b).end = 0;             \
+        }                                \
+        else                             \
+        {                                \
+            BSB_SET_ERROR(b);            \
+        }                                \
+    } while (0)
+
+#if defined(C9X)
+
+#define BSB_EXPORT_sprintf(b, ...)              \
+    do                                          \
+    {                                           \
+        if ((b).end != 0)                       \
+        {                                       \
+            int l = snprintf((char *)(b).ptr,   \
+                             (b).end - (b).ptr, \
+                             __VA_ARGS__);      \
+            if (l <= (b).end - (b).ptr)         \
+            {                                   \
+                (b).ptr += l;                   \
+            }                                   \
+            else                                \
+            {                                   \
+                BSB_SET_ERROR(b);               \
+            }                                   \
+        }                                       \
+    } while (0)
+
+#else
+
+#define BSB_EXPORT_sprintf(b, args...)          \
+    do                                          \
+    {                                           \
+        if ((b).end != 0)                       \
+        {                                       \
+            int l = snprintf((char *)(b).ptr,   \
+                             (b).end - (b).ptr, \
+                             ##args);           \
+            if (l <= (b).end - (b).ptr)         \
+            {                                   \
+                (b).ptr += l;                   \
+            }                                   \
+            else                                \
+            {                                   \
+                BSB_SET_ERROR(b);               \
+            }                                   \
+        }                                       \
+    } while (0)
+#endif
+
+#define BSB_IMPORT_u08(b, x)                   \
+    do                                         \
+    {                                          \
+        if ((b).ptr && (b).ptr + 1 <= (b).end) \
+        {                                      \
+            x = *(((b).ptr)++);                \
+        }                                      \
+        else                                   \
+            BSB_SET_ERROR(b);                  \
+    } while (0)
+
+#define BSB_IMPORT_u16(b, x)                    \
+    do                                          \
+    {                                           \
+        if ((b).ptr && (b).ptr + 2 <= (b).end)  \
+        {                                       \
+            x = ((uint16_t)((b).ptr)[0]) << 8 | \
+                ((uint16_t)((b).ptr)[1]);       \
+            (b).ptr += 2;                       \
+        }                                       \
+        else                                    \
+            BSB_SET_ERROR(b);                   \
+    } while (0)
+
+#define BSB_IMPORT_u24(b, x)                     \
+    do                                           \
+    {                                            \
+        if ((b).ptr && (b).ptr + 3 <= (b).end)   \
+        {                                        \
+            x = ((uint32_t)((b).ptr)[0]) << 16 | \
+                ((uint32_t)((b).ptr)[1]) << 8 |  \
+                ((uint32_t)((b).ptr)[2]);        \
+            (b).ptr += 3;                        \
+        }                                        \
+        else                                     \
+            BSB_SET_ERROR(b);                    \
+    } while (0)
+
+#define BSB_IMPORT_u32(b, x)                     \
+    do                                           \
+    {                                            \
+        if ((b).ptr && (b).ptr + 4 <= (b).end)   \
+        {                                        \
+            x = ((uint32_t)((b).ptr)[0]) << 24 | \
+                ((uint32_t)((b).ptr)[1]) << 16 | \
+                ((uint32_t)((b).ptr)[2]) << 8 |  \
+                ((uint32_t)((b).ptr)[3]);        \
+            (b).ptr += 4;                        \
+        }                                        \
+        else                                     \
+            BSB_SET_ERROR(b);                    \
+    } while (0)
+
+#define BSB_LEXPORT_u08(b, x) BSB_EXPORT_u08(b, x)
+
+#define BSB_LEXPORT_u16(b, x)                   \
+    do                                          \
+    {                                           \
+        if ((b).ptr + 2 <= (b).end)             \
+        {                                       \
+            uint16_t t = (uint16_t)x;           \
+            *(((b).ptr)++) = (t & 0x00ff);      \
+            *(((b).ptr)++) = (t & 0xff00) >> 8; \
+        }                                       \
+        else                                    \
+            BSB_SET_ERROR(b);                   \
+    } while (0)
+
+#define BSB_LEXPORT_u32(b, x)                        \
+    do                                               \
+    {                                                \
+        if ((b).ptr + 4 <= (b).end)                  \
+        {                                            \
+            uint32_t t = x;                          \
+            *(((b).ptr)++) = (t & 0x000000ff);       \
+            *(((b).ptr)++) = (t & 0x0000ff00) >> 8;  \
+            *(((b).ptr)++) = (t & 0x00ff0000) >> 16; \
+            *(((b).ptr)++) = (t & 0xff000000) >> 24; \
+        }                                            \
+        else                                         \
+            BSB_SET_ERROR(b);                        \
+    } while (0)
+
+#define BSB_LIMPORT_u08(b, x) BSB_IMPORT_u08(b, x)
+
+#define BSB_LIMPORT_u16(b, x)                   \
+    do                                          \
+    {                                           \
+        if ((b).ptr + 2 <= (b).end)             \
+        {                                       \
+            x = ((uint16_t)((b).ptr)[1]) << 8 | \
+                ((uint16_t)((b).ptr)[0]);       \
+            (b).ptr += 2;                       \
+        }                                       \
+        else                                    \
+            BSB_SET_ERROR(b);                   \
+    } while (0)
+
+#define BSB_LIMPORT_u24(b, x)                    \
+    do                                           \
+    {                                            \
+        if ((b).ptr + 3 <= (b).end)              \
+        {                                        \
+            x = ((uint32_t)((b).ptr)[2]) << 16 | \
+                ((uint32_t)((b).ptr)[1]) << 8 |  \
+                ((uint32_t)((b).ptr)[0]);        \
+            (b).ptr += 3;                        \
+        }                                        \
+        else                                     \
+            BSB_SET_ERROR(b);                    \
+    } while (0)
+
+#define BSB_LIMPORT_u32(b, x)                    \
+    do                                           \
+    {                                            \
+        if ((b).ptr + 4 <= (b).end)              \
+        {                                        \
+            x = ((uint32_t)((b).ptr)[3]) << 24 | \
+                ((uint32_t)((b).ptr)[2]) << 16 | \
+                ((uint32_t)((b).ptr)[1]) << 8 |  \
+                ((uint32_t)((b).ptr)[0]);        \
+            (b).ptr += 4;                        \
+        }                                        \
+        else                                     \
+            BSB_SET_ERROR(b);                    \
+    } while (0)
+
+#define BSB_IMPORT_ptr(b, x, size)       \
+    do                                   \
+    {                                    \
+        if ((b).ptr + size <= (b).end && \
+            (b).ptr + size >= (b).buf)   \
+        {                                \
+            (x) = (b).ptr;               \
+            (b).ptr += size;             \
+        }                                \
+        else                             \
+        {                                \
+            BSB_SET_ERROR(b);            \
+            x = 0;                       \
+        }                                \
+    } while (0)
+
+#define BSB_LIMPORT_ptr BSB_IMPORT_ptr
+#define BSB_IMPORT_skip BSB_EXPORT_skip
+#define BSB_LIMPORT_skip BSB_EXPORT_skip
+#define BSB_IMPORT_rewind BSB_EXPORT_rewind
+#define BSB_LIMPORT_rewind BSB_EXPORT_rewind
+
+#define BSB_memchr(b, ch, pos)                                 \
+    do                                                         \
+    {                                                          \
+        if (BSB_IS_ERROR(b))                                   \
+        {                                                      \
+            pos = 0;                                           \
+            break;                                             \
+        }                                                      \
+        char *s = memchr((char *)b.ptr, ch, BSB_REMAINING(b)); \
+        if (s)                                                 \
+            pos = (char *)s - (char *)b.ptr;                   \
+        else                                                   \
+            pos = 0;                                           \
+    } while (0)
+
+#define BSB_memcmp(str, b, len) ((b).ptr + len <= (b).end ? memcmp(str, b.ptr, len) : -1)
+
+#define BSB_PEEK(b) ((b).ptr + 1 <= (b).end ? *b.ptr : -1)
+
+#define BSB_IMPORT_zbyte(b, x, size)   \
+    do                                 \
+    {                                  \
+        if ((b).ptr + size <= (b).end) \
+        {                              \
+            memcpy(x, b, size);        \
+            (x)[size] = 0;             \
+            (b).ptr += size;           \
+        }                              \
+        else                           \
+        {                              \
+            BSB_SET_ERROR(b);          \
+            (x)[0] = 0;                \
+        }                              \
+    } while (0)
+
+/* Private data structure */
+typedef struct bsb
+{
+    unsigned char *buf;
+    unsigned char *ptr;
+    unsigned char *end;
+} BSB;
+
+int ja3_md5sum(const char *str, int len, char *buf, int size)
+{
+    int n;
+    int ret = 0;
+    MD5_CTX ctx;
+    unsigned char tmp[MD5_DIGEST_LENGTH];
+
+    MD5_Init(&ctx);
+    MD5_Update(&ctx, str, len);
+    MD5_Final(tmp, &ctx);
+
+    for (n = 0; n < MD5_DIGEST_LENGTH; n++)
+    {
+        ret += snprintf(buf + ret, size - ret, "%.2x", tmp[n]);
+    }
+
+    return ret;
+}
+
+
+// https://tools.ietf.org/html/draft-davidben-tls-grease-00
+static int tls_is_grease_value(uint32_t val)
+{
+    if ((val & 0x0f) != 0x0a)
+        return 0;
+
+    if ((val & 0xff) != ((val >> 8) & 0xff))
+        return 0;
+
+    return 1;
+}
+
+static int ssl_generate_ja3_fingerprint(const unsigned char *data, int len, char *ja3_fp, int ja3_fp_len, char *sni_buff, int sni_buff_len)
+{
+    BSB sslbsb;
+    //char ja3[30000];
+    BSB ja3bsb;
+    char ecfja3[1000];
+    BSB ecfja3bsb;
+    char eja3[10000];
+    BSB eja3bsb;
+    char ecja3[10000];
+    BSB ecja3bsb;
+
+    BSB_INIT(sslbsb, data, len);
+    BSB_INIT(ja3bsb, ja3_fp, ja3_fp_len);
+    BSB_INIT(ecja3bsb, ecja3, sizeof(ecja3));
+    BSB_INIT(ecfja3bsb, ecfja3, sizeof(ecfja3));
+    BSB_INIT(eja3bsb, eja3, sizeof(eja3));
+
+    if (BSB_REMAINING(sslbsb) > 5)
+    {
+        unsigned char *ssldata = BSB_WORK_PTR(sslbsb);
+        int ssllen = MIN(BSB_REMAINING(sslbsb) - 5, ssldata[3] << 8 | ssldata[4]);
+
+        BSB pbsb;
+        BSB_INIT(pbsb, ssldata + 5, ssllen);
+
+        if (BSB_REMAINING(pbsb) > 7)
+        {
+            unsigned char *pdata = BSB_WORK_PTR(pbsb);
+            int plen = MIN(BSB_REMAINING(pbsb) - 4, pdata[2] << 8 | pdata[3]);
+
+            uint16_t ver = 0;
+            BSB_IMPORT_skip(pbsb, 4); // type + len
+            BSB_IMPORT_u16(pbsb, ver);
+
+            BSB_EXPORT_sprintf(ja3bsb, "%d,", ver);
+
+            BSB cbsb;
+            BSB_INIT(cbsb, pdata + 6, plen - 2); // The - 4 for plen is done above, confusing
+
+            if (BSB_REMAINING(cbsb) > 32)
+            {
+                BSB_IMPORT_skip(cbsb, 32); // Random
+
+                int skiplen = 0;
+                BSB_IMPORT_u08(cbsb, skiplen); // Session Id Length
+                if (skiplen > 0 && BSB_REMAINING(cbsb) > skiplen)
+                {
+                    // unsigned char *ptr = BSB_WORK_PTR(cbsb);
+                    // char sessionId[513];
+                    // int i;
+
+                    // for (i = 0; i < skiplen; i++)
+                    // {
+                    //     sessionId[i * 2] = moloch_char_to_hexstr[ptr[i]][0];
+                    //     sessionId[i * 2 + 1] = moloch_char_to_hexstr[ptr[i]][1];
+                    // }
+                    // sessionId[skiplen * 2] = 0;
+                    // moloch_field_string_add(srcIdField, session, sessionId, skiplen * 2, TRUE);
+                }
+                BSB_IMPORT_skip(cbsb, skiplen); // Session Id
+
+                BSB_IMPORT_u16(cbsb, skiplen); // Ciper Suites Length
+                while (BSB_NOT_ERROR(cbsb) && skiplen > 0)
+                {
+                    uint16_t c = 0;
+                    BSB_IMPORT_u16(cbsb, c);
+                    if (!tls_is_grease_value(c))
+                    {
+                        BSB_EXPORT_sprintf(ja3bsb, "%d-", c);
+                    }
+                    skiplen -= 2;
+                }
+                BSB_EXPORT_rewind(ja3bsb, 1); // Remove last -
+                BSB_EXPORT_u08(ja3bsb, ',');
+
+                BSB_IMPORT_u08(cbsb, skiplen);  // Compression Length
+                BSB_IMPORT_skip(cbsb, skiplen); // Compressions
+
+                if (BSB_REMAINING(cbsb) > 6)
+                {
+                    int etotlen = 0;
+                    BSB_IMPORT_u16(cbsb, etotlen); // Extensions Length
+
+                    etotlen = MIN(etotlen, BSB_REMAINING(cbsb));
+
+                    BSB ebsb;
+                    BSB_INIT(ebsb, BSB_WORK_PTR(cbsb), etotlen);
+
+                    while (BSB_REMAINING(ebsb) > 4)
+                    {
+                        uint16_t etype = 0, elen = 0;
+
+                        BSB_IMPORT_u16(ebsb, etype);
+                        BSB_IMPORT_u16(ebsb, elen);
+
+                        if (!tls_is_grease_value(etype))
+                            BSB_EXPORT_sprintf(eja3bsb, "%d-", etype);
+
+                        if (elen > BSB_REMAINING(ebsb))
+                            break;
+
+                        if (etype == 0)
+                        { // SNI
+                            BSB snibsb;
+                            BSB_INIT(snibsb, BSB_WORK_PTR(ebsb), elen);
+                            BSB_IMPORT_skip(ebsb, elen);
+
+                            int sni = 0;
+                            BSB_IMPORT_u16(snibsb, sni); // list len
+                            if (sni != BSB_REMAINING(snibsb))
+                                continue;
+
+                            BSB_IMPORT_u08(snibsb, sni); // type
+                            if (sni != 0)
+                                continue;
+
+                            BSB_IMPORT_u16(snibsb, sni); // len
+                            if (sni != BSB_REMAINING(snibsb))
+                                continue;
+
+							memcpy(sni_buff, (char *)BSB_WORK_PTR(snibsb), (sni>sni_buff_len ? sni_buff_len : sni));
+                            // moloch_field_string_add(hostField, session, (char *)BSB_WORK_PTR(snibsb), sni, TRUE);
+                        }
+                        else if (etype == 0x000a)
+                        { // Elliptic Curves
+                            BSB bsb;
+                            BSB_INIT(bsb, BSB_WORK_PTR(ebsb), elen);
+                            BSB_IMPORT_skip(ebsb, elen);
+
+                            uint16_t llen = 0;
+                            BSB_IMPORT_u16(bsb, llen); // list len
+                            while (llen > 0 && !BSB_IS_ERROR(bsb))
+                            {
+                                uint16_t c = 0;
+                                BSB_IMPORT_u16(bsb, c);
+                                if (!tls_is_grease_value(c))
+                                {
+                                    BSB_EXPORT_sprintf(ecja3bsb, "%d-", c);
+                                }
+                                llen -= 2;
+                            }
+                            BSB_EXPORT_rewind(ecja3bsb, 1); // Remove last -
+                        }
+                        else if (etype == 0x000b)
+                        { // Elliptic Curves point formats
+                            BSB bsb;
+                            BSB_INIT(bsb, BSB_WORK_PTR(ebsb), elen);
+                            BSB_IMPORT_skip(ebsb, elen);
+
+                            uint16_t llen = 0;
+                            BSB_IMPORT_u08(bsb, llen); // list len
+                            while (llen > 0 && !BSB_IS_ERROR(bsb))
+                            {
+                                uint8_t c = 0;
+                                BSB_IMPORT_u08(bsb, c);
+                                BSB_EXPORT_sprintf(ecfja3bsb, "%d-", c);
+                                llen -= 1;
+                            }
+                            BSB_EXPORT_rewind(ecfja3bsb, 1); // Remove last -
+                        }
+                        else
+                        {
+                            BSB_IMPORT_skip(ebsb, elen);
+                        }
+                    }
+                    BSB_EXPORT_rewind(eja3bsb, 1); // Remove last -
+                }
+            }
+        }
+        BSB_IMPORT_skip(sslbsb, ssllen + 5);
+
+        if (BSB_LENGTH(ja3bsb) > 0 && BSB_NOT_ERROR(ja3bsb) && BSB_NOT_ERROR(ecja3bsb) && BSB_NOT_ERROR(eja3bsb) && BSB_NOT_ERROR(ecfja3bsb))
+        {
+            BSB_EXPORT_sprintf(ja3bsb, "%.*s,%.*s,%.*s", (int)BSB_LENGTH(eja3bsb), eja3, (int)BSB_LENGTH(ecja3bsb), ecja3, (int)BSB_LENGTH(ecfja3bsb), ecfja3);
+        }
+		return 1;
+    }
+
+    return 0;
+}
+
+int tsg_ssl_ja3_fingerprint_generate(const unsigned char *buff, int buff_len, char *ja3_fingerprint, int n_ja3_fingerprint, int thread_seq)
+{
+    if(n_ja3_fingerprint<(2*MD5_DIGEST_LENGTH+1) || buff_len<=0 || buff==NULL)
+    {
+        return 0;
+    }
+
+	char ja3_fp[8192]={0};
+	char sni_buff[1024]={0};
+	
+	int ret=ssl_generate_ja3_fingerprint(buff, buff_len, ja3_fp, sizeof(ja3_fp), sni_buff, sizeof(sni_buff));
+	if(ret==1 && strlen(ja3_fp)>0)
+	{
+        return ja3_md5sum(ja3_fp, strlen(ja3_fp), ja3_fingerprint, n_ja3_fingerprint);
+	}
+
+	return 0;
+}
\ No newline at end of file
diff --git a/inc/tsg_ssl_utils.h b/src/tsg_ssl_utils.h
similarity index 82%
rename from inc/tsg_ssl_utils.h
rename to src/tsg_ssl_utils.h
index 1d39b47..2d425e7 100644
--- a/inc/tsg_ssl_utils.h
+++ b/src/tsg_ssl_utils.h
@@ -35,3 +35,6 @@ struct ssl_chello
 struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, enum chello_parse_result* result);
 
 void ssl_chello_free(struct ssl_chello* chello);
+
+
+int tsg_ssl_ja3_fingerprint_generate(const unsigned char *buff, int buff_len, char *ja3_fingerprint, int n_ja3_fingerprint, int thread_seq);
diff --git a/src/tsg_variable.h b/src/tsg_variable.h
index 9a9d31d..af865bc 100644
--- a/src/tsg_variable.h
+++ b/src/tsg_variable.h
@@ -73,6 +73,7 @@ struct tsg_rt_para
 	int intercept_sid;
 	int send_resetall;
 	int scan_in_pkt_state;
+	int generate_ja3_fingerprint;
 	int app_metric_update_interval_ms;
 	enum DEPLOY_MODE deploy_mode;
 	int scan_time_interval;
diff --git a/test/src/CMakeLists.txt b/test/src/CMakeLists.txt
index 76ef411..c30b649 100644
--- a/test/src/CMakeLists.txt
+++ b/test/src/CMakeLists.txt
@@ -43,18 +43,19 @@ set(TSG_MASTER_SRC ${PROJECT_SOURCE_DIR}/src/tsg_entry.cpp
 	${PROJECT_SOURCE_DIR}/src/tsg_proxy.cpp
 	${PROJECT_SOURCE_DIR}/src/mpack.c
 	${PROJECT_SOURCE_DIR}/src/tsg_stat.cpp
+	${PROJECT_SOURCE_DIR}/src/tsg_ssl_ja3_fingerprint.cpp
 )
 
 add_executable(gtest_master ${TSG_MASTER_SRC} gtest_kafka.cpp gtest_common.cpp gtest_master.cpp)
-target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 MESA_htable fieldstat3)
+target_link_libraries(gtest_master gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 MESA_htable fieldstat3 crypto)
 
 add_executable(gtest_sync_state ${PROJECT_SOURCE_DIR}/src/tsg_sync_state.cpp ${PROJECT_SOURCE_DIR}/src/mpack.c ${PROJECT_SOURCE_DIR}/src/tsg_stat.cpp gtest_common.cpp gtest_sync_state.cpp)
 target_link_libraries(gtest_sync_state gtest-static cjson ctemplate-static MESA_prof_load MESA_handle_logger fieldstat3)
 
 add_executable(gtest_fieldstat3 ${TSG_MASTER_SRC} gtest_common.cpp gtest_kafka.cpp gtest_fieldstat3.cpp)
-target_link_libraries(gtest_fieldstat3 gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 MESA_htable fieldstat3)
+target_link_libraries(gtest_fieldstat3 gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 MESA_htable fieldstat3 crypto)
 
 add_executable(gtest_proxy ${TSG_MASTER_SRC} gtest_common.cpp gtest_proxy.cpp)
-target_link_libraries(gtest_proxy gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 rdkafka MESA_htable fieldstat3 pcap)
+target_link_libraries(gtest_proxy gtest-static ctemplate-static cjson MESA_prof_load MESA_handle_logger MESA_jump_layer MESA_field_stat2 maat4 rdkafka MESA_htable fieldstat3 pcap crypto)
 
 file(COPY ../pcap/ DESTINATION ./pcap/)
diff --git a/test/src/gtest_common.cpp b/test/src/gtest_common.cpp
index 71614f9..6c680f9 100644
--- a/test/src/gtest_common.cpp
+++ b/test/src/gtest_common.cpp
@@ -327,8 +327,3 @@ extern "C" bool dtls_identifyStream(struct streaminfo *a_udp)
 {
 	return 0;
 }
-
-struct ssl_ja3_info *ssl_get_ja3_fingerprint(struct streaminfo *stream, unsigned char *payload, int payload_len, int thread_seq)
-{
-	return NULL;
-}