From abded4200a39c28e9adaa352eb9d2bd66a3aa271 Mon Sep 17 00:00:00 2001
From: Anoop Saldanha <anoopsaldanha@gmail.com>
Date: Wed, 23 Oct 2013 11:25:46 +0530
Subject: [PATCH] Disabling the ssh parser temporarily, since we are moving
 away from some of the archaic features we use in the app layer. We will
 reintroduce this parser shortly. Also do note that keywords that rely on the
 ssh parser would now be disabled.

---
 src/app-layer-parser.c            | 6 ++++++
 src/app-layer-ssh.c               | 8 ++++++++
 src/detect-ssh-proto-version.c    | 6 ++++++
 src/detect-ssh-software-version.c | 6 ++++++
 src/detect.c                      | 8 +++++++-
 src/runmode-unittests.c           | 6 ++++++
 6 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/src/app-layer-parser.c b/src/app-layer-parser.c
index 78f0b6b7b0..ed8f18db10 100644
--- a/src/app-layer-parser.c
+++ b/src/app-layer-parser.c
@@ -1453,7 +1453,13 @@ void RegisterAppLayerParsers(void)
     RegisterDCERPCParsers();
     RegisterDCERPCUDPParsers();
     RegisterFTPParsers();
+    /* we are disabling the ssh parser temporarily, since we are moving away
+     * from some of the archaic features we use in the app layer.  We will
+     * reintroduce this parser.  Also do note that keywords that rely on
+     * the ssh parser would now be disabled */
+#if 0
     RegisterSSHParsers();
+#endif
     RegisterSMTPParsers();
     RegisterDNSUDPParsers();
     RegisterDNSTCPParsers();
diff --git a/src/app-layer-ssh.c b/src/app-layer-ssh.c
index c915af5adf..ecd0252cec 100644
--- a/src/app-layer-ssh.c
+++ b/src/app-layer-ssh.c
@@ -1,3 +1,9 @@
+/* we are disabling the ssh parser temporarily, since we are moving away
+ * from some of the archaic features we use in the app layer.  We will
+ * reintroduce this parser.  Also do note that keywords that rely on
+ * the ssh parser would now be disabled */
+#if 0
+
 /* Copyright (C) 2007-2010 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
@@ -1853,3 +1859,5 @@ void SSHParserRegisterTests(void) {
     UtRegisterTest("SSHParserTest14 - ToClient 4 chunks", SSHParserTest14, 1);
 #endif /* UNITTESTS */
 }
+
+#endif /* #if 0 */
diff --git a/src/detect-ssh-proto-version.c b/src/detect-ssh-proto-version.c
index e66be0f902..1a7f856b58 100644
--- a/src/detect-ssh-proto-version.c
+++ b/src/detect-ssh-proto-version.c
@@ -1,3 +1,8 @@
+/* we are disabling the ssh parser temporarily, since we are moving away
+ * from some of the archaic features we use in the app layer.  We will
+ * reintroduce this parser.  Also do note that keywords that rely on
+ * the ssh parser would now be disabled */
+#if 0
 /* Copyright (C) 2007-2010 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
@@ -681,3 +686,4 @@ void DetectSshVersionRegisterTests(void) {
 #endif /* UNITTESTS */
 }
 
+#endif /* #if 0 */
diff --git a/src/detect-ssh-software-version.c b/src/detect-ssh-software-version.c
index bcde214b87..b07b0108fa 100644
--- a/src/detect-ssh-software-version.c
+++ b/src/detect-ssh-software-version.c
@@ -1,3 +1,8 @@
+/* we are disabling the ssh parser temporarily, since we are moving away
+ * from some of the archaic features we use in the app layer.  We will
+ * reintroduce this parser.  Also do note that keywords that rely on
+ * the ssh parser would now be disabled */
+#if 0
 /* Copyright (C) 2007-2010 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
@@ -654,3 +659,4 @@ void DetectSshSoftwareVersionRegisterTests(void) {
 #endif /* UNITTESTS */
 }
 
+#endif /* #if 0 */
diff --git a/src/detect.c b/src/detect.c
index 682c8bb4ff..e19d85ddb9 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -4735,9 +4735,15 @@ void SigTableSetup(void) {
     DetectHttpUriRegister();
     DetectHttpRawUriRegister();
     DetectAsn1Register();
+/* we are disabling the ssh parser temporarily, since we are moving away
+ * from some of the archaic features we use in the app layer.  We will
+ * reintroduce this parser.  Also do note that keywords that rely on
+ * the ssh parser would now be disabled */
+#if 0
     DetectSshVersionRegister();
-    DetectSslStateRegister();
     DetectSshSoftwareVersionRegister();
+#endif
+    DetectSslStateRegister();
     DetectHttpStatCodeRegister();
     DetectSslVersionRegister();
     DetectByteExtractRegister();
diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c
index b58abcbd8c..60b93d5cce 100644
--- a/src/runmode-unittests.c
+++ b/src/runmode-unittests.c
@@ -188,7 +188,13 @@ int RunUnittests(int list_unittests, char *regex_arg)
     DecodePPPRegisterTests();
     DecodeVLANRegisterTests();
     HTPParserRegisterTests();
+/* we are disabling the ssh parser temporarily, since we are moving away
+ * from some of the archaic features we use in the app layer.  We will
+ * reintroduce this parser.  Also do note that keywords that rely on
+ * the ssh parser would now be disabled */
+#if 0
     SSHParserRegisterTests();
+#endif
     SMBParserRegisterTests();
     DCERPCParserRegisterTests();
     DCERPCUDPParserRegisterTests();