Merge remote-tracking branch 'origin/topic/vladg/ssh'

* origin/topic/vladg/ssh: Fix tiny typo in NEWS. Fix SSH direction field being unset (addresses BIT-1365) BIT-1365 #merged
2025-10-02 14:48:21 +00:00 · 2015-04-21 13:37:31 -07:00 · 2015-04-21 13:37:31 -07:00 · a7782b90b2
commit a7782b90b2
parent f244c016e1 ed86a45c0a
4 changed files with 11 additions and 2 deletions
--- a/5
+++ b/5
@ -1,4 +1,9 @@

+2.3-836 | 2015-04-21 13:37:31 -0700
+
+  * Fix SSH direction field being unset. Addresses BIT-1365. (Vlad
+    Grigorescu)
+
 2.3-833 | 2015-04-21 12:38:32 -0700

  * A Kerberos protocol analyzer. (Vlad Grigorescu)
--- a/2
+++ b/2
@ -36,7 +36,7 @@ New Functionality
  logged into pe.log.

 - Bro now features a completely rewritten, enhanced SSH analyzer, with
-  a set of addedd events being generated. A lot more information about
+  a set of added events being generated. A lot more information about
  SSH sessions is logged. The analyzer is able to determine if logins
  failed or succeeded in most circumstances.

--- a/2
+++ b/2
@ -1 +1 @@
-2.3-833
+2.3-836
--- a/scripts/base/protocols/ssh/main.bro
+++ b/scripts/base/protocols/ssh/main.bro
@ -93,6 +93,10 @@ function set_session(c: connection)
 		info$ts  = network_time();
 		info$uid = c$uid;
 		info$id  = c$id;
+
+		# If both hosts are local or non-local, we can't reliably set a direction.
+		if ( Site::is_local_addr(c$id$orig_h) != Site::is_local_addr(c$id$resp_h) )
+			info$direction = Site::is_local_addr(c$id$orig_h) ? OUTBOUND: INBOUND;
 		c$ssh = info;
 		}
 	}
 @ -1 +1 @@
 .3-833
 .3-836