SSH: increase client's maximum payload length from 100 to 500

According to RFC4253, a client may send additional data right after its identification string (before receiving the server's identification string). For instance, PuTTY sends supported ciphers. This exceeds 100 bytes and nDPI fails to detect such SSH sessions.
author: Alexander Gozman <a.gozman@securitycode.ru> 2018-05-04 07:15:58 +0000
committer: Alexander Gozman <a.gozman@securitycode.ru> 2018-05-04 07:17:17 +0000
commit: 11898f02683308aedaee0bf07959f852aeb702de (patch)
tree: 28b6abffe36c9621363696b79667c92a88693e11 /src/lib/protocols/ssh.c
parent: 78176d2b7b082af39ba1bb6c7a23bfb62a842a84 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c
index bfd1c387e..0045fe69e 100644
--- a/src/lib/protocols/ssh.c
+++ b/src/lib/protocols/ssh.c
@@ -63,7 +63,7 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc
       return;
     }
   } else if (flow->l4.tcp.ssh_stage == (2 - packet->packet_direction)) {
-    if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100
+    if (packet->payload_packet_len > 7 && packet->payload_packet_len < 500
 	&& memcmp(packet->payload, "SSH-", 4) == 0) {
       int len = ndpi_min(sizeof(flow->protos.ssh.server_signature)-1, packet->payload_packet_len);
       strncpy(flow->protos.ssh.server_signature, (const char *)packet->payload, len);
author	Alexander Gozman <a.gozman@securitycode.ru>	2018-05-04 07:15:58 +0000
committer	Alexander Gozman <a.gozman@securitycode.ru>	2018-05-04 07:17:17 +0000
commit	11898f02683308aedaee0bf07959f852aeb702de (patch)
tree	28b6abffe36c9621363696b79667c92a88693e11 /src/lib/protocols/ssh.c
parent	78176d2b7b082af39ba1bb6c7a23bfb62a842a84 (diff)