From 902d52e261069addbf6647537b1a5db9a171f79d Mon Sep 17 00:00:00 2001
From: Bernhard Amann <bernhard@icsi.berkeley.edu>
Date: Tue, 8 Apr 2014 08:43:38 -0700
Subject: [PATCH] add is_orig to heartbeat event

---
 src/analyzer/protocol/ssl/events.bif       | 2 +-
 src/analyzer/protocol/ssl/ssl-analyzer.pac | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/analyzer/protocol/ssl/events.bif b/src/analyzer/protocol/ssl/events.bif
index c85e911ee8..3f780bdd60 100644
--- a/src/analyzer/protocol/ssl/events.bif
+++ b/src/analyzer/protocol/ssl/events.bif
@@ -139,4 +139,4 @@ event ssl_alert%(c: connection, is_orig: bool, level: count, desc: count%);
 ##    ssl_alert
 event ssl_session_ticket_handshake%(c: connection, ticket_lifetime_hint: count, ticket: string%);
 
-event ssl_heartbeat%(c: connection, length: count%);
+event ssl_heartbeat%(c: connection, is_orig: bool, length: count%);
diff --git a/src/analyzer/protocol/ssl/ssl-analyzer.pac b/src/analyzer/protocol/ssl/ssl-analyzer.pac
index e6ea1628a1..1730ce8ce5 100644
--- a/src/analyzer/protocol/ssl/ssl-analyzer.pac
+++ b/src/analyzer/protocol/ssl/ssl-analyzer.pac
@@ -308,7 +308,7 @@ refine connection SSL_Conn += {
 		%{
 		if ( ${rec.content_type} == HEARTBEAT )
 			BifEvent::generate_ssl_heartbeat(bro_analyzer(),
-				bro_analyzer()->Conn(), ${rec.length});
+				bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length});
 
 		if ( state_ == STATE_TRACK_LOST )
 			bro_analyzer()->ProtocolViolation(fmt("unexpected ciphertext record from %s in state %s",
@@ -328,7 +328,7 @@ refine connection SSL_Conn += {
 	function proc_heartbeat(rec : SSLRecord) : bool
 		%{
 		BifEvent::generate_ssl_heartbeat(bro_analyzer(),
-			bro_analyzer()->Conn(), ${rec.length});
+			bro_analyzer()->Conn(), ${rec.is_orig}, ${rec.length});
 
 		return true;
 		%}