Bug #4511
closed
SSH bypass is not working
Added by Shivani Bhardwaj over 3 years ago.
Updated over 3 years ago.
Description
Since SSH parser is in rust.
This is because constants between Rust and C are not in sync.
In Rust we have APP_LAYER_PARSER_BYPASS_READY : u8 = 0b1000; that means 8
In C we have #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4) that means 16
There may be other implications
- Copied from Bug #4508: SSH bypass is not working added
Please note that this is fixed by https://github.com/OISF/suricata/pull/6166 but the changes will not apply directly as the code from parser.rs in 5.0.x was moved to applayer.rs in later versions. So, the affected file in case of 5.0.x is parser.rs
I don't think this affects 5.0.x
From rust/src/parser.rs
180 pub const APP_LAYER_PARSER_EOF : u8 = 0b0;
181 pub const APP_LAYER_PARSER_NO_INSPECTION : u8 = 0b1;
182 pub const APP_LAYER_PARSER_NO_REASSEMBLY : u8 = 0b10;
183 pub const APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD : u8 = 0b100;
184 pub const APP_LAYER_PARSER_BYPASS_READY : u8 = 0b1000;
From src/app-layer-parser.h
33 /* Flags for AppLayerParserState. */
34 #define APP_LAYER_PARSER_EOF BIT_U8(0)
35 #define APP_LAYER_PARSER_NO_INSPECTION BIT_U8(1)
36 #define APP_LAYER_PARSER_NO_REASSEMBLY BIT_U8(2)
37 #define APP_LAYER_PARSER_NO_INSPECTION_PAYLOAD BIT_U8(3)
38 #define APP_LAYER_PARSER_BYPASS_READY BIT_U8(4)
- Status changed from Assigned to Rejected
See previous comment -- this issue does not apply to 5.0.x
- Target version deleted (
5.0.7)
Also available in: Atom
PDF