[prads-devel] unpushed: signature matching for SYNACK
Edward Bjarte Fjellskål
edward.fjellskal at redpill-linpro.com
Thu Feb 11 09:31:36 CET 2010
Kacper Wysocki wrote:
> commit fc4c3c42c447ada489d13decdea5dc6d68c11dc1
> Author: Kacper Wysocki <comotion at users.sf.net>
> Date: Wed Feb 10 00:02:28 2010 +0100
>
> load_sigs into local arrays - incomplete
>
> This commit frobs a lot of code:
> - configuration directives
> - disables collide check
> - creates sig hash inplace
> - small fixes here and there
> .. and the patch is incomplete, because we still need to:
> - frob ipfp/* stuff for sanity
> - walk through find_match() and return the match properly
> - merge diplay_signature() and gen_fp()
> - run find_match on update_asset(_os)
> - run update_asset_os() with a looked-up asset
> - sanity check asset lookups
>
> Note: this is inc0mplete and all sigs will be UNKNOWN at this point. FYI
The patch look great. Some minor details that head no longer is
compatible with your patch. The whole asset_lookup is rewritten,
but we talked about this yesterday. The configuration directives
are "open" and you can play around to fit your needs. The rest
of your patch does not touch anything other than ip/tcp fingerprinting
at the moment, so you can play freely, as Im not touching anything there
until you feel finished :)
If you have time next week, we can sit down and try to merge your patch,
and clean up some code.
E
More information about the prads-devel
mailing list