zeek/testing at topic/awelzel/ssh-invalid-version - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00

History

Arne Welzel 4f084b0b9a ssh: Fallback to client or server selected version for parsing In half-duplex setups (or when client/server coalesce the SSH version line with the KEX packet, get_version() would return UNK as version, causing a protocol violation. Make this slightly more robust by using and setting the version which either side had set to continue parsing. For the special case of SSH-1.99, select SSH-2.0. We could try to peak into the payload following the packet length field and check for a KEX_INIT type byte to select SSH2 as a heuristic, but not sure how to accomplish this. Slight regression fix for `3769ed6c66` which started to require visibility for client and server version rather than just the client's version.		2024-06-12 16:30:18 +02:00
..
benchmark/broker	Port Zeek to latest Broker API	2022-04-27 23:02:27 +02:00
btest	ssh: Fallback to client or server selected version for parsing	2024-06-12 16:30:18 +02:00
builtin-plugins	Reformat Zeek in Spicy style	2023-10-30 09:40:55 +01:00
coverage	CI: Revert part of `2bde82ffa2` to fix coverage builds	2024-05-28 09:01:21 -07:00
external	make SSH analyzer robust to half-duplex connections	2024-05-07 11:40:47 -07:00
scripts	spicy/diff-remove-timestamp: Fix missing -e	2024-01-31 14:06:32 +01:00
.gitignore
CMakeLists.txt	Integrate the Spicy plugin into Zeek proper.	2023-05-16 10:17:45 +02:00
Makefile
README

README

This directory contains suites for testing for Zeek's correct
operation:

    btest/
        An ever-growing set of small unit tests testing Zeek's
        functionality.

    external/
        A framework for downloading additional test sets that run more
        complex Zeek configuration on larger traces files. Due to their
        size, these are not included directly. See the README for more
        information. 

    scripts/
        Helpers scripts used by some tests.