From e653036699fe3705060a9a9d25574daf44f1dd9e Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <grigorescu@gmail.com>
Date: Fri, 17 Apr 2015 19:55:56 -0400
Subject: [PATCH 1/2] Fix SSH direction field being unset (addresses BIT-1365)

---
 scripts/base/protocols/ssh/main.bro | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro
index a64a4a0e21..803a59c57e 100644
--- a/scripts/base/protocols/ssh/main.bro
+++ b/scripts/base/protocols/ssh/main.bro
@@ -93,6 +93,10 @@ function set_session(c: connection)
 		info$ts  = network_time();
 		info$uid = c$uid;
 		info$id  = c$id;
+
+		# If both hosts are local or non-local, we can't reliably set a direction
+		if ( Site::is_local_addr(c$id$orig_h) != Site::is_local_addr(c$id$resp_h) )
+			info$direction = Site::is_local_addr(c$id$orig_h) ? OUTBOUND: INBOUND;
 		c$ssh = info;
 		}
 	}

From ed86a45c0a24744a6360b4cf58a27410ae7720f9 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <grigorescu@gmail.com>
Date: Fri, 17 Apr 2015 19:56:10 -0400
Subject: [PATCH 2/2] Fix tiny typo in NEWS.

---
 NEWS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 93ffbea5a3..fe0f9069d6 100644
--- a/NEWS
+++ b/NEWS
@@ -30,7 +30,7 @@ New Functionality
 - Bro now has an RDP analyzer.
 
 - Bro now features a completely rewritten, enhanced SSH analyzer, with
-  a set of addedd events being generated. A lot more information about
+  a set of added events being generated. A lot more information about
   SSH sessions is logged. The analyzer is able to determine if logins
   failed or succeeded in most circumstances.