Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-13 12:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Moved DPD to each individual event process

Browse source
This commit is contained in:
Josh Liburdi 2015-02-15 22:44:00 -08:00
parent 90bfbf9002
commit 0ef8a106df
1 changed files with 17 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

30
src/analyzer/protocol/rdp/rdp-analyzer.pac
View file

@ -1,16 +1,18 @@
refine flow RDP_Flow += {
function proc_rdp_client_request(client_request: ClientRequest): bool
function proc_rdp_client_request(client_request: Client_Request): bool
%{
BifEvent::generate_rdp_client_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${client_request.cookie}));
connection()->bro_analyzer()->ProtocolConfirmation();
return true;
BifEvent::generate_rdp_client_request(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
bytestring_to_val(${client_request.cookie_value}));
return true;
%}
function proc_rdp_result(gcc_response: GCC_Server_CreateResponse): bool
function proc_rdp_result(gcc_response: GCC_Server_Create_Response): bool
%{
connection()->bro_analyzer()->ProtocolConfirmation();
BifEvent::generate_rdp_result(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
${gcc_response.result});
@ -19,8 +21,9 @@ refine flow RDP_Flow += {
%}
function proc_rdp_client_data(ccore: ClientCore): bool
function proc_rdp_client_data(ccore: Client_Core_Data): bool
%{
connection()->bro_analyzer()->ProtocolConfirmation();
BifEvent::generate_rdp_client_data(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
${ccore.keyboard_layout},
@ -31,8 +34,9 @@ refine flow RDP_Flow += {
return true;
%}
function proc_rdp_server_security(ssd: ServerSecurityData): bool
function proc_rdp_server_security(ssd: Server_Security_Data): bool
%{
connection()->bro_analyzer()->ProtocolConfirmation();
BifEvent::generate_rdp_server_security(connection()->bro_analyzer(),
connection()->bro_analyzer()->Conn(),
${ssd.encryption_method},
@ -42,18 +46,18 @@ refine flow RDP_Flow += {
%}
};
refine typeattr ClientRequest += &let {
refine typeattr Client_Request += &let {
proc: bool = $context.flow.proc_rdp_client_request(this);
};
refine typeattr ClientCore += &let {
refine typeattr Client_Core_Data += &let {
proc: bool = $context.flow.proc_rdp_client_data(this);
};
refine typeattr GCC_Server_CreateResponse += &let {
refine typeattr GCC_Server_Create_Response += &let {
proc: bool = $context.flow.proc_rdp_result(this);
};
refine typeattr ServerSecurityData += &let {
refine typeattr Server_Security_Data += &let {
proc: bool = $context.flow.proc_rdp_server_security(this);
};