suricata
suricata copied to clipboard
OISF
smb: adds fingerprint keyword
Link to redmine ticket: TODO
Describe changes:
- smb: adds fingerprint keyword, Kind of like TLS ja3 or hassh, for SMB
suricata-verify-pr: 844 https://github.com/OISF/suricata-verify/pull/844
Modifies #7499 with comments taken into account
Codecov Report
Merging #7613 (62fcaa8) into master (a2f857e) will decrease coverage by
0.02%. The diff coverage is92.64%.
@@ Coverage Diff @@
## master #7613 +/- ##
==========================================
- Coverage 75.73% 75.71% -0.03%
==========================================
Files 659 661 +2
Lines 185740 185806 +66
==========================================
+ Hits 140669 140680 +11
- Misses 45071 45126 +55
| Flag | Coverage Δ | |
|---|---|---|
| fuzzcorpus | 59.83% <25.00%> (-0.02%) |
:arrow_down: |
| suricata-verify | 52.37% <80.85%> (-0.06%) |
:arrow_down: |
| unittests | 60.71% <83.07%> (-0.01%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Is this hash your own invention or implementation of some kind of standard like ja3/ja3s are?
Idea comes from https://github.com/micrictor/smbfp
Thanks. Wonder if we should reach out to see if we can standardize/formalize things a bit. I worry about incompatibilities between implementations, where the strength would be if things are compatible (like with ja3 but also something like community id)