ssh: Revert half-duplex robustness

This reverts part of commit a0888b7e36 due to inhibiting analyzer violations when parsing non SSH traffic when the &restofdata path is entered. @J-Gras reported the analyzer not being disabled when sending HTTP traffic on port 22. This adds the verbose analyzer.log baselines such that future improvements of these scenarios become visible.
2025-10-11 11:08:20 +00:00 · 2024-06-12 14:23:44 +02:00 · 2024-06-12 14:23:44 +02:00 · 5dfff4492c
commit 5dfff4492c
parent a7f10df4f7
5 changed files with 254 additions and 3 deletions
--- a/testing/btest/scripts/base/protocols/ssh/half-duplex-client.zeek
+++ b/testing/btest/scripts/base/protocols/ssh/half-duplex-client.zeek
@ -2,7 +2,7 @@
 # analyzer.log output.

 # @TEST-EXEC: zeek -r $TRACES/ssh/ssh.client-side-half-duplex.pcap %INPUT
-# @TEST-EXEC: test ! -e analyzer.log
+# @TEST-EXEC: btest-diff analyzer.log
 # @TEST-EXEC: btest-diff ssh.log
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff .stdout
--- a/testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek
+++ b/testing/btest/scripts/base/protocols/ssh/half-duplex-server.zeek
@ -2,7 +2,7 @@
 # analyzer.log output.

 # @TEST-EXEC: zeek -r $TRACES/ssh/ssh.server-side-half-duplex.pcap %INPUT
-# @TEST-EXEC: test ! -e analyzer.log
+# @TEST-EXEC: btest-diff analyzer.log
 # @TEST-EXEC: btest-diff ssh.log
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff .stdout