Skip to content

Comments

Ssh frames 5734 v6#11505

Closed
catenacyber wants to merge 4 commits intoOISF:masterfrom
catenacyber:ssh-frames-5734-v6
Closed

Ssh frames 5734 v6#11505
catenacyber wants to merge 4 commits intoOISF:masterfrom
catenacyber:ssh-frames-5734-v6

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Jul 15, 2024

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/5734

Describe changes:

  • ssh: add frames support (for clear-text records after banner)
  • detect: run frames detection on packet disabling app-layer because next packets are encrypted
  • ssh: avoid panic in packet path
  • rust/frames: remove unneeded or wrong comments

SV_BRANCH=OISF/suricata-verify#1932

#11475 with needed rebase

@catenacyber
ssh: frames support
3c1660f 
Ticket: 5734

Adds frames for SSH records, that come after banner, and before
the data is encrypted.
These records may contain cipher lists for instance.
@catenacyber
detect: run frames on pseudo flush packets
43ada62 
for SSH packets that mark the end of plaintext
@catenacyber
ssh: avoid panic in packet path
d015c74 
use debug_validate_bug_on instead
@catenacyber
frames: remove unneeded comments
089522d 
Used by documentation with the SIP frames only
@catenacyber catenacyber mentioned this pull request Jul 15, 2024
Closed
@codecov
Copy link

codecov bot commented Jul 15, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.64%. Comparing base (223a419) to head (089522d).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11505      +/-   ##
==========================================
+ Coverage   82.56%   82.64%   +0.08%     
==========================================
  Files         938      938              
  Lines      248247   248301      +54     
==========================================
+ Hits       204961   205218     +257     
+ Misses      43286    43083     -203
Flag Coverage Δ
fuzzcorpus 60.85% <98.59%> (+0.18%) ⬆️
livemode 18.69% <2.81%> (+<0.01%) ⬆️
pcap 43.80% <91.54%> (+0.14%) ⬆️
suricata-verify 61.60% <92.95%> (+0.03%) ⬆️
unittests 59.44% <98.59%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

suricata-qa commented Jul 15, 2024

Information: QA ran without warnings.

Pipeline 21554

@victorjulien victorjulien added this to the 8.0 milestone Jul 30, 2024
This was referenced Jul 31, 2024
Closed
Merged
@victorjulien
Copy link
Member

victorjulien commented Aug 1, 2024

Merged in #11595, thanks!

@catenacyber catenacyber mentioned this pull request Aug 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien victorjulien approved these changes

@jasonish jasonish Awaiting requested review from jasonish

@jufajardini jufajardini Awaiting requested review from jufajardini

Assignees

No one assigned

Labels

None yet

Milestone

8.0

Development

Successfully merging this pull request may close these issues.

3 participants

@catenacyber @suricata-qa @victorjulien