suricata
suricata copied to clipboard
smb: adds fingerprint keyword
Link to redmine ticket: TODO
Describe changes:
- smb: adds fingerprint keyword, Kind of like TLS ja3 or hassh, for SMB
suricata-verify-pr: 844 https://github.com/OISF/suricata-verify/pull/844
Modifies #7499 with comments taken into account
Codecov Report
Merging #7613 (62fcaa8) into master (a2f857e) will decrease coverage by
0.02%
. The diff coverage is92.64%
.
@@ Coverage Diff @@
## master #7613 +/- ##
==========================================
- Coverage 75.73% 75.71% -0.03%
==========================================
Files 659 661 +2
Lines 185740 185806 +66
==========================================
+ Hits 140669 140680 +11
- Misses 45071 45126 +55
Flag | Coverage Δ | |
---|---|---|
fuzzcorpus | 59.83% <25.00%> (-0.02%) |
:arrow_down: |
suricata-verify | 52.37% <80.85%> (-0.06%) |
:arrow_down: |
unittests | 60.71% <83.07%> (-0.01%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
Information: QA ran without warnings.
Pipeline 8127
Is this hash your own invention or implementation of some kind of standard like ja3/ja3s are?
Idea comes from https://github.com/micrictor/smbfp
Idea comes from https://github.com/micrictor/smbfp
Thanks. Wonder if we should reach out to see if we can standardize/formalize things a bit. I worry about incompatibilities between implementations, where the strength would be if things are compatible (like with ja3 but also something like community id)
Information: QA ran without warnings.
Pipeline 8127
Information: QA ran without warnings.
Pipeline 8127