Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 03:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Moved DPD to each individual event process

Browse source
This commit is contained in:
Josh Liburdi 2015-02-15 22:44:00 -08:00
parent 90bfbf9002
commit 0ef8a106df
1 changed files with 17 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

30
src/analyzer/protocol/rdp/rdp-analyzer.pac
View file

@ -1,16 +1,18 @@
refine flow RDP_Flow += { refine flow RDP_Flow += {
function proc_rdp_client_request(client_request: ClientRequest): bool function proc_rdp_client_request(client_request: Client_Request): bool
%{ %{
BifEvent::generate_rdp_client_request(connection()->bro_analyzer(), connection()->bro_analyzer()->ProtocolConfirmation();
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${client_request.cookie}));
return true; BifEvent::generate_rdp_client_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${client_request.cookie_value}));
return true;
%} %}
function proc_rdp_result(gcc_response: GCC_Server_Create_Response): bool
function proc_rdp_result(gcc_response: GCC_Server_CreateResponse): bool
%{ %{
connection()->bro_analyzer()->ProtocolConfirmation();
BifEvent::generate_rdp_result(connection()->bro_analyzer(), BifEvent::generate_rdp_result(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${gcc_response.result}); ${gcc_response.result});
@ -19,8 +21,9 @@ refine flow RDP_Flow += {
%} %}
function proc_rdp_client_data(ccore: ClientCore): bool function proc_rdp_client_data(ccore: Client_Core_Data): bool
%{ %{
connection()->bro_analyzer()->ProtocolConfirmation();
BifEvent::generate_rdp_client_data(connection()->bro_analyzer(), BifEvent::generate_rdp_client_data(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${ccore.keyboard_layout}, ${ccore.keyboard_layout},
@ -31,8 +34,9 @@ refine flow RDP_Flow += {
return true; return true;
%} %}
function proc_rdp_server_security(ssd: ServerSecurityData): bool function proc_rdp_server_security(ssd: Server_Security_Data): bool
%{ %{
connection()->bro_analyzer()->ProtocolConfirmation();
BifEvent::generate_rdp_server_security(connection()->bro_analyzer(), BifEvent::generate_rdp_server_security(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(), connection()->bro_analyzer()->Conn(),
${ssd.encryption_method}, ${ssd.encryption_method},
@ -42,18 +46,18 @@ refine flow RDP_Flow += {
%} %}
}; };
refine typeattr ClientRequest += &let { refine typeattr Client_Request += &let {
proc: bool = $context.flow.proc_rdp_client_request(this); proc: bool = $context.flow.proc_rdp_client_request(this);
}; };
refine typeattr ClientCore += &let { refine typeattr Client_Core_Data += &let {
proc: bool = $context.flow.proc_rdp_client_data(this); proc: bool = $context.flow.proc_rdp_client_data(this);
}; };
refine typeattr GCC_Server_CreateResponse += &let { refine typeattr GCC_Server_Create_Response += &let {
proc: bool = $context.flow.proc_rdp_result(this); proc: bool = $context.flow.proc_rdp_result(this);
}; };
refine typeattr ServerSecurityData += &let { refine typeattr Server_Security_Data += &let {
proc: bool = $context.flow.proc_rdp_server_security(this); proc: bool = $context.flow.proc_rdp_server_security(this);
}; };