Packet* p, uint8_t direction)
{
const char* version_stringp = (const char*)p->data;
- uint8_t version;
const char* version_end;
/* Get the version. */
&& (version_stringp[7] == '9'))
{
/* SSH 1.99 which is the same as SSH2.0 */
- version = SSH_VERSION_2;
+ sessionp->version = SSH_VERSION_2;
}
else
{
- version = SSH_VERSION_1;
+ sessionp->version = SSH_VERSION_1;
}
/* CAN-2002-0159 */
else if ( p->dsize >= 6 &&
!strncasecmp(version_stringp, "SSH-2.", 6))
{
- version = SSH_VERSION_2;
+ sessionp->version = SSH_VERSION_2;
}
else
{
+ /* unknown version */
+ sessionp->version = SSH_VERSION_UNKNOWN;
+
+ DetectionEngine::queue_event(GID_SSH, SSH_EVENT_VERSION);
+
return 0;
}
break;
}
- sessionp->version = version;
version_end = (char*)memchr(version_stringp, '\n', p->dsize);
if (version_end)
return ((version_end - version_stringp) + 1);
}
else
{
- {
- /* Unrecognized version. */
- DetectionEngine::queue_event(GID_SSH, SSH_EVENT_VERSION);
- }
-
return 0;
}
#include "flow/flow.h"
-// Per-session data block containing current state
-// of the SSH preprocessor for the session.
-struct SSHData
-{
- uint8_t version; // Version of SSH detected for this session
- uint16_t num_enc_pkts; // encrypted packets seen on this session
- uint16_t num_client_bytes; // bytes of encrypted data sent by client without a server response
- uint32_t state_flags; // Bit vector describing the current state of the session
-};
-
-class SshFlowData : public snort::FlowData
-{
-public:
- SshFlowData();
- ~SshFlowData() override;
-
- static void init()
- { inspector_id = snort::FlowData::create_flow_data_id(); }
-
-public:
- static unsigned inspector_id;
- SSHData session;
-};
-
// FIXIT-L move these to ssh.cc
// Session state flags for SSHData::state_flags
#define SSH_FLG_CLEAR (0x0)
#define SSH_VERSION_1 (0x1)
#define SSH_VERSION_2 (0x2)
+// Per-session data block containing current state
+// of the SSH preprocessor for the session.
+struct SSHData
+{
+ uint8_t version = SSH_VERSION_UNKNOWN; // Version of SSH detected for this session
+ uint16_t num_enc_pkts; // encrypted packets seen on this session
+ uint16_t num_client_bytes; // bytes of encrypted data sent by client without a server response
+ uint32_t state_flags; // Bit vector describing the current state of the session
+};
+
+class SshFlowData : public snort::FlowData
+{
+public:
+ SshFlowData();
+ ~SshFlowData() override;
+
+ static void init()
+ { inspector_id = snort::FlowData::create_flow_data_id(); }
+
+public:
+ static unsigned inspector_id;
+ SSHData session;
+};
+
// Length of SSH2 header, in bytes.
#define SSH2_HEADERLEN (5)
#define SSH2_PACKET_MAX_SIZE (256 * 1024)
projects / thirdparty / snort3.git / commitdiff
