From ca6d2bb6bce8a2c01d4258c16498f5de471e9455 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Thu, 4 Jul 2013 22:32:07 -0400
Subject: [PATCH] Add a call to lookup_connection in SSH scripts to update
 connval.

---
 CHANGES                             | 6 ++++++
 VERSION                             | 2 +-
 scripts/base/protocols/ssh/main.bro | 3 ++-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index b8908bb9b6..4685ece5bb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,10 @@
 
+2.1-784 | 2013-07-04 22:28:48 -0400
+
+  * Add a call to lookup_connection in SSH scripts to update connval. (Seth Hall)
+
+  * Updating submodule(s). (Robin Sommer)
+
 2.1-782 | 2013-07-03 17:00:39 -0700
 
   * Remove the SSL log queueing mechanism that was included with the
diff --git a/VERSION b/VERSION
index 2b31013a2c..f1aa1a9e8e 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.1-782
+2.1-784
diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro
index 8e1c5515b5..ddd3e8b834 100644
--- a/scripts/base/protocols/ssh/main.bro
+++ b/scripts/base/protocols/ssh/main.bro
@@ -118,7 +118,7 @@ function check_ssh_connection(c: connection, done: bool)
 		     # Responder must have sent fewer than 40 packets.
 		     c$resp$num_pkts < 40 &&
 		     # If there was a content gap we can't reliably do this heuristic.
-		     c?$conn && c$conn$missed_bytes == 0)# &&
+		     c?$conn && c$conn$missed_bytes == 0 )# &&
 		     # Only "normal" connections can count.
 		     #c$conn?$conn_state && c$conn$conn_state in valid_states )
 			{
@@ -178,6 +178,7 @@ event ssh_watcher(c: connection)
 	if ( ! connection_exists(id) )
 		return;
 
+	lookup_connection(c$id);
 	check_ssh_connection(c, F);
 	if ( ! c$ssh$done )
 		schedule +15secs { ssh_watcher(c) };