From 0ef8a106df3f23d5946b7e934400dfcea472b6f4 Mon Sep 17 00:00:00 2001
From: Josh Liburdi <josh.liburdi@crowdstrike.com>
Date: Sun, 15 Feb 2015 22:44:00 -0800
Subject: [PATCH] Moved DPD to each individual event process

---
 src/analyzer/protocol/rdp/rdp-analyzer.pac | 30 ++++++++++++----------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac
index 04d64409bd..28fb4afa6a 100644
--- a/src/analyzer/protocol/rdp/rdp-analyzer.pac
+++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac
@@ -1,16 +1,18 @@
 refine flow RDP_Flow += {
-        function proc_rdp_client_request(client_request: ClientRequest): bool
+        function proc_rdp_client_request(client_request: Client_Request): bool
                 %{
-                  BifEvent::generate_rdp_client_request(connection()->bro_analyzer(),
-                                                        connection()->bro_analyzer()->Conn(),
-                                                        bytestring_to_val(${client_request.cookie}));
+                connection()->bro_analyzer()->ProtocolConfirmation();
 
-                  return true;
+                BifEvent::generate_rdp_client_request(connection()->bro_analyzer(),
+                                                      connection()->bro_analyzer()->Conn(),
+                                                      bytestring_to_val(${client_request.cookie_value}));
+
+                return true;
                 %}
 
-
-        function proc_rdp_result(gcc_response: GCC_Server_CreateResponse): bool
+        function proc_rdp_result(gcc_response: GCC_Server_Create_Response): bool
                 %{
+                connection()->bro_analyzer()->ProtocolConfirmation();
                 BifEvent::generate_rdp_result(connection()->bro_analyzer(),
                                               connection()->bro_analyzer()->Conn(),
 					      ${gcc_response.result});
@@ -19,8 +21,9 @@ refine flow RDP_Flow += {
 		%}
 
 
-        function proc_rdp_client_data(ccore: ClientCore): bool
+        function proc_rdp_client_data(ccore: Client_Core_Data): bool
                 %{
+                connection()->bro_analyzer()->ProtocolConfirmation();
                 BifEvent::generate_rdp_client_data(connection()->bro_analyzer(),
                                                    connection()->bro_analyzer()->Conn(),
                                                    ${ccore.keyboard_layout},
@@ -31,8 +34,9 @@ refine flow RDP_Flow += {
                 return true;
                 %}
 
-        function proc_rdp_server_security(ssd: ServerSecurityData): bool
+        function proc_rdp_server_security(ssd: Server_Security_Data): bool
                 %{
+                connection()->bro_analyzer()->ProtocolConfirmation();
                 BifEvent::generate_rdp_server_security(connection()->bro_analyzer(),
                                                        connection()->bro_analyzer()->Conn(),
                                                        ${ssd.encryption_method},
@@ -42,18 +46,18 @@ refine flow RDP_Flow += {
                 %}
 };
 
-refine typeattr ClientRequest += &let {
+refine typeattr Client_Request += &let {
         proc: bool = $context.flow.proc_rdp_client_request(this);
 };
 
-refine typeattr ClientCore += &let {
+refine typeattr Client_Core_Data += &let {
   proc: bool = $context.flow.proc_rdp_client_data(this);
 };
 
-refine typeattr GCC_Server_CreateResponse += &let {
+refine typeattr GCC_Server_Create_Response += &let {
         proc: bool = $context.flow.proc_rdp_result(this);
 };
 
-refine typeattr ServerSecurityData += &let {
+refine typeattr Server_Security_Data += &let {
         proc: bool = $context.flow.proc_rdp_server_security(this);
 };