Skip to content

Ssh frames 5734 v4#11451

Closed
catenacyber wants to merge 4 commits intoOISF:masterfrom
catenacyber:ssh-frames-5734-v4
Closed

Ssh frames 5734 v4#11451
catenacyber wants to merge 4 commits intoOISF:masterfrom
catenacyber:ssh-frames-5734-v4

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Jul 9, 2024

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/5734

Describe changes:

  • ssh: add frames support (for clear-text records after banner)
  • detect: run frames detection on packet disabling app-layer because next packets are encrypted
  • ssh: avoid panic in packet path
  • rust/frames: remove unneeded or wrong comments

SV_BRANCH=OISF/suricata-verify#1932

#11415 with commit removing wrong comments

@catenacyber
ssh: frames support
eb4ce95 
Ticket: 5734

Adds frames for SSH records, that come after banner, and before
the data is encrypted.
These records may contain cipher lists for instance.
@catenacyber
detect: run frames on pseudo flush packets
8875fc6 
for SSH packets that mark the end of plaintext
@catenacyber
ssh: avoid panic in packet path
c8932bb 
use debug_validate_bug_on instead
@catenacyber
frames: remove unneeded comments
b846269 
Used by documentation with the SIP frames only
@catenacyber catenacyber mentioned this pull request Jul 9, 2024
Closed
@codecov
Copy link

codecov bot commented Jul 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.50%. Comparing base (eeec609) to head (b846269).
Report is 5 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11451      +/-   ##
==========================================
+ Coverage   82.44%   82.50%   +0.05%     
==========================================
  Files         938      938              
  Lines      248068   248122      +54     
==========================================
+ Hits       204513   204705     +192     
+ Misses      43555    43417     -138
Flag Coverage Δ
fuzzcorpus 60.54% <98.59%> (+0.44%) ⬆️
livemode 18.70% <2.81%> (-0.01%) ⬇️
pcap 43.77% <91.54%> (+0.05%) ⬆️
suricata-verify 61.45% <92.95%> (+0.03%) ⬆️
unittests 59.44% <98.59%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

victorjulien
victorjulien reviewed Jul 9, 2024
View reviewed changes
doc/userguide/rules/ssh-keywords.rst

* ssh.record_hdr
* ssh.record_data
* ssh.record_pdu
Copy link
Member

@victorjulien victorjulien Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this get some more explanation and some examples too perhaps?

Copy link
Contributor Author

@catenacyber catenacyber Jul 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trying something

@catenacyber catenacyber mentioned this pull request Jul 10, 2024
Closed
@catenacyber
Copy link
Contributor Author

catenacyber commented Jul 10, 2024

Continues in #11475

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien victorjulien left review comments

@jasonish jasonish Awaiting requested review from jasonish

@jufajardini jufajardini Awaiting requested review from jufajardini

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@catenacyber @victorjulien