Implement protocol confirmation

Do not set the service field in the bro script but
use the protocol confirmation paradigm.

Protocol is considered confirmed if both a
succesful client and server banner have been
parsed.

scripts/base/protocols/rfb/main.bro

@@ -106,7 +106,6 @@ event rfb_server_version(c: connection, major_version: string, minor_version: st
 	set_session(c);
 	c$rfb_state$server_major_version = major_version;
 	c$rfb_state$server_minor_version = minor_version;
-	add c$service["rfb"];
 	}
 
 event rfb_authentication_type(c: connection, authtype: count)

src/analyzer/protocol/rfb/rfb-analyzer.pac

@@ -1,5 +1,3 @@
-# Generated by binpac_quickstart
-
 refine flow RFB_Flow += {
 	function proc_rfb_message(msg: RFB_PDU): bool
 		%{
@@ -7,16 +5,13 @@ refine flow RFB_Flow += {
 		return true;
 		%}
 
-	function proc_rfb_client_version(major: bytestring, minor: bytestring) : bool
-		%{
-		BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor));
-		return true;
-		%}
-
 	function proc_rfb_version(client: bool, major: bytestring, minor: bytestring) : bool
 		%{
 		if (client) {
 			BifEvent::generate_rfb_client_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor));
+
+			connection()->bro_analyzer()->ProtocolConfirmation();
+
 		} else {
 			BifEvent::generate_rfb_server_version(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), bytestring_to_val(major), bytestring_to_val(minor));
 		}