diff --git a/scripts/base/protocols/ftp/gridftp.bro b/scripts/base/protocols/ftp/gridftp.bro index 73bd656544..0e09db006d 100644 --- a/scripts/base/protocols/ftp/gridftp.bro +++ b/scripts/base/protocols/ftp/gridftp.bro @@ -4,20 +4,20 @@ ##! that successfully negotiate the GSSAPI method of an AUTH request ##! and for which the exchange involved an encoded TLS/SSL handshake, ##! indicating the GSI mechanism for GSSAPI was used. This analysis -##! is all supported internally, this script simple adds the "gridftp" +##! is all supported internally, this script simply adds the "gridftp" ##! label to the *service* field of the control channel's ##! :bro:type:`connection` record. ##! ##! GridFTP data channels are identified by a heuristic that relies on ##! the fact that default settings for GridFTP clients typically -##! mutally authenticate the data channel with TLS/SSL and negotiate a +##! mutually authenticate the data channel with TLS/SSL and negotiate a ##! NULL bulk cipher (no encryption). Connections with those ##! attributes are then polled for two minutes with decreasing frequency ##! to check if the transfer sizes are large enough to indicate a -##! GridFTP data channel that would be undesireable to analyze further +##! GridFTP data channel that would be undesirable to analyze further ##! (e.g. stop TCP reassembly). A side effect is that true connection ##! sizes are not logged, but at the benefit of saving CPU cycles that -##! otherwise go to analyzing the large (and likely benign) connections. +##! would otherwise go to analyzing the large (and likely benign) connections. @load ./info @load ./main @@ -59,8 +59,8 @@ export { ## been exceeded. This is called in a :bro:see:`ssl_established` event ## handler and by default looks for both a client and server certificate ## and for a NULL bulk cipher. One way in which this function could be - ## redefined is to make it also consider client/server certificate issuer - ## subjects. + ## redefined is to make it also consider client/server certificate + ## issuer subjects. ## ## c: The connection which may possibly be a GridFTP data channel. ## diff --git a/scripts/base/protocols/ftp/info.bro b/scripts/base/protocols/ftp/info.bro index f6fceb071e..a9db7ba6a0 100644 --- a/scripts/base/protocols/ftp/info.bro +++ b/scripts/base/protocols/ftp/info.bro @@ -18,7 +18,8 @@ export { orig_h: addr &log; ## The host that will be accepting the data connection. resp_h: addr &log; - ## The port at which the acceptor is listening for the data connection. + ## The port at which the acceptor is listening for the data + ## connection. resp_p: port &log; }; @@ -38,7 +39,8 @@ export { ## Argument for the command if one is given. arg: string &log &optional; - ## Libmagic "sniffed" file type if the command indicates a file transfer. + ## Libmagic "sniffed" file type if the command indicates a file + ## transfer. mime_type: string &log &optional; ## Size of the file if the command indicates a file transfer. file_size: count &log &optional; @@ -59,8 +61,8 @@ export { ## Command that is currently waiting for a response. cmdarg: CmdArg &optional; - ## Queue for commands that have been sent but not yet responded to - ## are tracked here. + ## Queue for commands that have been sent but not yet responded + ## to are tracked here. pending_commands: PendingCmds; ## Indicates if the session is in active or passive mode. diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro index 254dca7d42..9bc1f0d0f1 100644 --- a/scripts/base/protocols/ftp/main.bro +++ b/scripts/base/protocols/ftp/main.bro @@ -26,7 +26,7 @@ export { const guest_ids = { "anonymous", "ftp", "ftpuser", "guest" } &redef; ## This record is to hold a parsed FTP reply code. For example, for the - ## 201 status code, the digits would be parsed as: x->2, y->0, z=>1. + ## 201 status code, the digits would be parsed as: x->2, y->0, z->1. type ReplyCode: record { x: count; y: count; diff --git a/scripts/base/protocols/ftp/utils.bro b/scripts/base/protocols/ftp/utils.bro index 313280b904..74aeaa1e03 100644 --- a/scripts/base/protocols/ftp/utils.bro +++ b/scripts/base/protocols/ftp/utils.bro @@ -11,14 +11,14 @@ export { ## ## rec: An :bro:type:`FTP::Info` record. ## - ## Returns: A URL, not prefixed by "ftp://". + ## Returns: A URL, not prefixed by ``"ftp://"``. global build_url: function(rec: Info): string; ## Creates a URL from an :bro:type:`FTP::Info` record. ## ## rec: An :bro:type:`FTP::Info` record. ## - ## Returns: A URL prefixed with "ftp://". + ## Returns: A URL prefixed with ``"ftp://"``. global build_url_ftp: function(rec: Info): string; ## Create an extremely shortened representation of a log line.