[Bro-Dev] [JIRA] (BIT-1365) direction field of SSH::Info no longer populated

Vlad Grigorescu (JIRA) jira at bro-tracker.atlassian.net
Fri Apr 17 17:29:00 PDT 2015


    [ https://bro-tracker.atlassian.net/browse/BIT-1365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20319#comment-20319 ] 

Vlad Grigorescu commented on BIT-1365:
--------------------------------------

This is fixed in topic/vladg/ssh.

When fixing this, I found a bug with the old implementation. The documentation states that: "If a client was a local host logging into an external host, this would be OUTBOUND. INBOUND would be set for the opposite situation." However, only Site::is_local_addr(c$id$orig_h) was being checked, so local-local would always be OUTBOUND and remote-remote (which could happen if, for example, you haven't set local_nets) would always be INBOUND.

I was torn between restoring the old implementation, or doing what the documentation states. I decided to implement what's documented. The field will be unset for local-local or remote-remote conns.

> direction field of SSH::Info no longer populated
> ------------------------------------------------
>
>                 Key: BIT-1365
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1365
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Jon Siwek
>            Assignee: Vlad Grigorescu
>             Fix For: 2.4
>
>
> Here's the bug report:
> {quote}
> Reporter::ERROR	field value missing
> [SSH::c$ssh$direction]	/usr/local/bro/share/bro/policy/protocols/ssh/geo-da
> ta.bro, line 29
> Reporter::WARNING	non-void function returns without a value:
> SSH::get_location	(empty)
> Tracing this back, it looks like the SSH::c$ssh$direction is not being
> populated. I checked the /base/protocols/ssh/main.bro file and it looks
> like the function is missing.
> Looking at https://www.bro.org/sphinx/_downloads/main32.bro and
> https://github.com/bro/bro/blob/master/scripts/base/protocols/ssh/main.bro
> it looks like the function that determined the direction was removed at
> one point, which looks like it causes the
> /usr/local/bro/share/bro/policy/protocols/ssh/geo-data.bro script to fail
> {quote}



--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)


More information about the bro-dev mailing list