Actions
Bug #4511
closedSSH bypass is not working
Affected Versions:
Effort:
Difficulty:
Label:
Description
Since SSH parser is in rust.
This is because constants between Rust and C are not in sync.
In Rust we have APP_LAYER_PARSER_BYPASS_READY : u8 = 0b1000; that means 8
In C we have #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) that means 16
There may be other implications
Updated by Shivani Bhardwaj over 3 years ago
- Copied from Bug #4508: SSH bypass is not working added
Updated by Shivani Bhardwaj over 3 years ago
Please note that this is fixed by https://github.com/OISF/suricata/pull/6166 but the changes will not apply directly as the code from parser.rs in 5.0.x was moved to applayer.rs in later versions. So, the affected file in case of 5.0.x is parser.rs
Updated by Jeff Lucovsky over 3 years ago
I don't think this affects 5.0.x
From rust/src/parser.rs
180 pub const APP_LAYER_PARSER_EOF : u8 = 0b0; 181 pub const APP_LAYER_PARSER_NO_INSPECTION : u8 = 0b1; 182 pub const APP_LAYER_PARSER_NO_REASSEMBLY : u8 = 0b10; 183 pub const APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD : u8 = 0b100; 184 pub const APP_LAYER_PARSER_BYPASS_READY : u8 = 0b1000;
From src/app-layer-parser.h
33 /* Flags for AppLayerParserState. */ 34 #define APP_LAYER_PARSER_EOF BIT_U8(0) 35 #define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1) 36 #define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2) 37 #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3) 38 #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4)
Updated by Jeff Lucovsky over 3 years ago
- Status changed from Assigned to Rejected
See previous comment -- this issue does not apply to 5.0.x
Actions