Skip to content

JA4 for TLS and QUIC -- v12#10836

Closed
satta wants to merge 3 commits into
OISF:masterfrom
satta:6379-ja4-v12
Closed

JA4 for TLS and QUIC -- v12#10836
satta wants to merge 3 commits into
OISF:masterfrom
satta:6379-ja4-v12

Conversation

@satta
Copy link
Copy Markdown
Contributor

@satta satta commented Apr 14, 2024
edited by victorjulien
Loading

Previous PR: #10829

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/6379

Changes to previous PR:

  • Rebase against current master.
  • Use local copy of JA3 state flag to ensure consistency across multiple dependent checks.

SV_BRANCH=OISF/suricata-verify#1761

@satta satta mentioned this pull request Apr 14, 2024
Closed
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 14, 2024

Codecov Report

Attention: Patch coverage is 83.58209% with 77 lines in your changes are missing coverage. Please review.

Project coverage is 82.73%. Comparing base (365a66a) to head (415f32c).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10836      +/-   ##
==========================================
+ Coverage   82.67%   82.73%   +0.06%     
==========================================
  Files         928      931       +3     
  Lines      247912   248332     +420     
==========================================
+ Hits       204952   205461     +509     
+ Misses      42960    42871      -89
Flag Coverage Δ
fuzzcorpus 64.13% <64.36%> (+0.13%) ⬆️
suricata-verify 62.13% <83.74%> (+0.12%) ⬆️
unittests 62.15% <44.34%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien victorjulien added this to the 8.0 milestone Apr 16, 2024
@victorjulien victorjulien mentioned this pull request Apr 16, 2024
Merged
@victorjulien
Copy link
Copy Markdown
Member

victorjulien commented Apr 16, 2024

Merged in #10856, thanks!

@satta satta deleted the 6379-ja4-v12 branch April 16, 2024 13:09
@catenacyber
Copy link
Copy Markdown
Contributor

catenacyber commented Apr 17, 2024

Thank you Sascha :-)

catenacyber
catenacyber reviewed Apr 17, 2024
View reviewed changes
Comment thread configure.ac
offa pushed a commit to jhnc-oss/meta-security that referenced this pull request Apr 26, 2026
@g-scott-murray
suricata: update 7.0.13 -> 8.0.4
73bf9d4 
8.0.0 [1]:
Increased Rust use (including libhtp, suricatactl, and suricatasc)
More protocols
Lua sandboxed and available by default

8.0.4 [2]: security, performance, accuracy, and stability fixes

Resolve startup warning [3]:
W: af-packet: eth0: AF_PACKET tpacket-v3 is recommended for non-inline
operation

Add "ja4" option for fingerprinting TLS and QUIC clients [4]

CFLAGS modification for (see [5]):
do_package_qa: QA Issue: File /usr/bin/.debug/suricata in package
suricata-dbg contains reference to TMPDIR [buildpaths]

SURICATA_LUA_SYS_HEADER_DST [6]

[1] https://suricata.io/2025/07/08/suricata-8-0-0-released/
[2] https://suricata.io/2026/03/17/suricata-8-0-4-and-7-0-15-released/
[3] https://docs.suricata.io/en/suricata-8.0.4/upgrade.html#id1
[4] OISF/suricata#10836
[5] https://git.openembedded.org/openembedded-core/commit/?id=3239961e35434592c06ec2cae2885ab464d35744
[6] OISF/suricata@3a7eef8

Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
doanac pushed a commit to lmp-mirrors/meta-security that referenced this pull request Apr 28, 2026
@g-scott-murray
suricata: update 7.0.13 -> 8.0.4
1dcf90f 
8.0.0 [1]:
Increased Rust use (including libhtp, suricatactl, and suricatasc)
More protocols
Lua sandboxed and available by default

8.0.4 [2]: security, performance, accuracy, and stability fixes

Resolve startup warning [3]:
W: af-packet: eth0: AF_PACKET tpacket-v3 is recommended for non-inline
operation

Add "ja4" option for fingerprinting TLS and QUIC clients [4]

CFLAGS modification for (see [5]):
do_package_qa: QA Issue: File /usr/bin/.debug/suricata in package
suricata-dbg contains reference to TMPDIR [buildpaths]

SURICATA_LUA_SYS_HEADER_DST [6]

[1] https://suricata.io/2025/07/08/suricata-8-0-0-released/
[2] https://suricata.io/2026/03/17/suricata-8-0-4-and-7-0-15-released/
[3] https://docs.suricata.io/en/suricata-8.0.4/upgrade.html#id1
[4] OISF/suricata#10836
[5] https://git.openembedded.org/openembedded-core/commit/?id=3239961e35434592c06ec2cae2885ab464d35744
[6] OISF/suricata@3a7eef8

Signed-off-by: Clayton Casciato <majortomtosourcecontrol@gmail.com>
(added musl libunwind fix)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@catenacyber catenacyber catenacyber left review comments

@victorjulien victorjulien victorjulien approved these changes

@jasonish jasonish Awaiting requested review from jasonish

@jufajardini jufajardini Awaiting requested review from jufajardini

Assignees

No one assigned

Labels

None yet

Milestone

8.0

Development

Successfully merging this pull request may close these issues.

4 participants

@satta @victorjulien @catenacyber @jasonish