Skip to content

Ssh frames 5734 v5#11475

Closed
catenacyber wants to merge 5 commits intoOISF:masterfrom
catenacyber:ssh-frames-5734-v5
Closed

Ssh frames 5734 v5#11475
catenacyber wants to merge 5 commits intoOISF:masterfrom
catenacyber:ssh-frames-5734-v5

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Jul 10, 2024

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/5734

Describe changes:

  • ssh: add frames support (for clear-text records after banner)
  • detect: run frames detection on packet disabling app-layer because next packets are encrypted
  • ssh: avoid panic in packet path
  • rust/frames: remove unneeded or wrong comments

SV_BRANCH=OISF/suricata-verify#1932

#11451 with better doc

@catenacyber
ssh: frames support
17663ed 
Ticket: 5734

Adds frames for SSH records, that come after banner, and before
the data is encrypted.
These records may contain cipher lists for instance.
@catenacyber
detect: run frames on pseudo flush packets
36164f3 
for SSH packets that mark the end of plaintext
@catenacyber
ssh: avoid panic in packet path
7c32e68 
use debug_validate_bug_on instead
@catenacyber
frames: remove unneeded comments
16d4623 
Used by documentation with the SIP frames only
@catenacyber catenacyber mentioned this pull request Jul 10, 2024
Closed
@codecov
Copy link

codecov bot commented Jul 10, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.56%. Comparing base (090079c) to head (ae36860).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11475      +/-   ##
==========================================
+ Coverage   82.52%   82.56%   +0.03%     
==========================================
  Files         938      938              
  Lines      248297   248351      +54     
==========================================
+ Hits       204917   205057     +140     
+ Misses      43380    43294      -86
Flag Coverage Δ
fuzzcorpus 60.71% <98.59%> (+0.27%) ⬆️
livemode 18.69% <2.81%> (-0.01%) ⬇️
pcap 43.80% <91.54%> (+0.02%) ⬆️
suricata-verify 61.54% <92.95%> (+<0.01%) ⬆️
unittests 59.43% <98.59%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

suricata-qa commented Jul 11, 2024

Information:

ERROR: QA failed on SURI_TLPW2_autofp_suri_time.

ERROR: QA failed on SURI_TLPR1_suri_time.

field baseline test %
SURI_TLPW2_autofp_stats_chk
.uptime 137 142 103.65%
SURI_TLPR1_stats_chk
.uptime 642 671 104.52%

Pipeline 21470

@catenacyber catenacyber marked this pull request as draft July 11, 2024 07:36
@suricata-qa
Copy link

suricata-qa commented Jul 11, 2024

Information: QA ran without warnings.

Pipeline 21479

@catenacyber catenacyber mentioned this pull request Jul 15, 2024
Closed
@catenacyber
Copy link
Contributor Author

catenacyber commented Jul 15, 2024

Rebased in #11505

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish

@jufajardini jufajardini Awaiting requested review from jufajardini

@victorjulien victorjulien Awaiting requested review from victorjulien

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@catenacyber @suricata-qa