Merge remote-tracking branch 'origin/topic/johanna/ssh-server-banners-can-be-wild'

* origin/topic/johanna/ssh-server-banners-can-be-wild:
  SSH analyzer - tiny aesthetic fixes
  SSH: make banner parsing more robust
  SSH: split banner into client/server parts

testing/btest/scripts/base/protocols/ssh/http-port-22.test

@@ -0,0 +1,7 @@
+# Validate that a text-based protocol pn port 22 does not generate a ssh logfile.
+
+# @TEST-EXEC: zeek -r $TRACES/http/http-single-conn-22.pcap %INPUT
+# @TEST-EXEC: test ! -f ssh.log
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff analyzer.log

testing/btest/scripts/base/protocols/ssh/pre-banner.test

@@ -0,0 +1,11 @@
+# This tests a trace that has data before the banner.
+
+# @TEST-EXEC: zeek -r $TRACES/ssh/server-pre-banner-data.pcap %INPUT
+# @TEST-EXEC: btest-diff ssh.log
+# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff .stdout
+
+event ssh_server_pre_banner_data(c: connection, data: string)
+	{
+	print data;
+	}