Project

General

Profile

Actions

Bug #4511

closed

SSH bypass is not working

Added by Shivani Bhardwaj over 3 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
High
Assignee:
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Since SSH parser is in rust.
This is because constants between Rust and C are not in sync.

In Rust we have APP_LAYER_PARSER_BYPASS_READY : u8 = 0b1000; that means 8
In C we have #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) that means 16

There may be other implications


Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4508: SSH bypass is not workingClosedPhilippe AntoineActions
Actions #1

Updated by Shivani Bhardwaj over 3 years ago

  • Copied from Bug #4508: SSH bypass is not working added
Actions #2

Updated by Shivani Bhardwaj over 3 years ago

Please note that this is fixed by https://github.com/OISF/suricata/pull/6166 but the changes will not apply directly as the code from parser.rs in 5.0.x was moved to applayer.rs in later versions. So, the affected file in case of 5.0.x is parser.rs

Actions #3

Updated by Jeff Lucovsky over 3 years ago

I don't think this affects 5.0.x

From rust/src/parser.rs

180 pub const APP_LAYER_PARSER_EOF : u8 = 0b0;
181 pub const APP_LAYER_PARSER_NO_INSPECTION : u8 = 0b1;
182 pub const APP_LAYER_PARSER_NO_REASSEMBLY : u8 = 0b10;
183 pub const APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD : u8 = 0b100;
184 pub const APP_LAYER_PARSER_BYPASS_READY : u8 = 0b1000;

From src/app-layer-parser.h

 33 /* Flags for AppLayerParserState. */
 34 #define APP_LAYER_PARSER_EOF                    BIT_U8(0)
 35 #define APP_LAYER_PARSER_NO_INSPECTION          BIT_U8(1)
 36 #define APP_LAYER_PARSER_NO_REASSEMBLY          BIT_U8(2)
 37 #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD  BIT_U8(3)
 38 #define APP_LAYER_PARSER_BYPASS_READY           BIT_U8(4)

Actions #4

Updated by Jeff Lucovsky over 3 years ago

  • Status changed from Assigned to Rejected

See previous comment -- this issue does not apply to 5.0.x

Actions #5

Updated by Victor Julien over 3 years ago

  • Target version deleted (5.0.7)
Actions

Also available in: Atom PDF