From 1a327cd35512c24018787b448a8ba46af420caff Mon Sep 17 00:00:00 2001
From: Don Appleman <appleman@ncsa.illinois.edu>
Date: Wed, 2 Mar 2011 11:25:24 -0600
Subject: [PATCH] Moved events for filling in connection service field to
 dpd.bro

---
 policy.old/conn.bro                 | 19 -------------------
 policy.old/dpd.bro                  |  5 -----
 policy/dpd.bro                      | 20 ++++++++++++++++++++
 {policy.old => policy}/sigs/dpd.sig |  0
 4 files changed, 20 insertions(+), 24 deletions(-)
 delete mode 100644 policy.old/dpd.bro
 create mode 100644 policy/dpd.bro
 rename {policy.old => policy}/sigs/dpd.sig (100%)

diff --git a/policy.old/conn.bro b/policy.old/conn.bro
index 134ac9db13..5c1b06eccc 100644
--- a/policy.old/conn.bro
+++ b/policy.old/conn.bro
@@ -308,25 +308,6 @@ function record_connection(f: file, c: connection)
 	print f, log_msg;
 	}
 
-event protocol_confirmation(c: connection, atype: count, aid: count)
-	{
-	if ( ! dpd_conn_logs )
-		return;
-
-	delete c$service[fmt("-%s",analyzer_name(atype))];
-	add c$service[analyzer_name(atype)];
-	}
-
-event protocol_violation(c: connection, atype: count, aid: count,
-				reason: string) &priority = 10
-	{
-	if ( ! dpd_conn_logs )
-		return;
-
-	delete c$service[analyzer_name(atype)];
-	add c$service[fmt("-%s",analyzer_name(atype))];
-	}
-
 event connection_established(c: connection)
 	{
 	Hot::check_hot(c, Hot::CONN_ESTABLISHED);
diff --git a/policy.old/dpd.bro b/policy.old/dpd.bro
deleted file mode 100644
index 5963e5e7a3..0000000000
--- a/policy.old/dpd.bro
+++ /dev/null
@@ -1,5 +0,0 @@
-# $Id: dpd.bro,v 1.1.2.1 2006/05/10 02:10:26 sommer Exp $
-#
-# Activates port-independent protocol detection.
-
-redef signature_files += "dpd.sig";
diff --git a/policy/dpd.bro b/policy/dpd.bro
new file mode 100644
index 0000000000..112ada7a53
--- /dev/null
+++ b/policy/dpd.bro
@@ -0,0 +1,20 @@
+# $Id: dpd.bro,v 1.1.2.1 2006/05/10 02:10:26 sommer Exp $
+#
+# Activates port-independent protocol detection.
+
+redef signature_files += "dpd.sig";
+
+
+event protocol_confirmation(c: connection, atype: count, aid: count)
+	{
+	delete c$service[fmt("-%s",analyzer_name(atype))];
+	add c$service[analyzer_name(atype)];
+	}
+
+event protocol_violation(c: connection, atype: count, aid: count,
+				reason: string) &priority = 10
+	{
+	delete c$service[analyzer_name(atype)];
+	add c$service[fmt("-%s",analyzer_name(atype))];
+	}
+
diff --git a/policy.old/sigs/dpd.sig b/policy/sigs/dpd.sig
similarity index 100%
rename from policy.old/sigs/dpd.sig
rename to policy/sigs/dpd.sig