From b92a68e2bd7042e1cee83bce1183eb62dac3fa66 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Thu, 5 Mar 2015 11:37:37 -0500 Subject: [PATCH] Adds some comments and fixes a broxygen warning. --- scripts/base/protocols/rdp/main.bro | 2 +- src/analyzer/protocol/rdp/rdp-protocol.pac | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.bro index f8fb15382d..04ca05ba87 100644 --- a/scripts/base/protocols/rdp/main.bro +++ b/scripts/base/protocols/rdp/main.bro @@ -218,7 +218,7 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori { if ( c?$rdp && f$source == "RDP" ) { - ## Count up X509 certs. + # Count up X509 certs. ++c$rdp$cert_count; Files::add_analyzer(f, Files::ANALYZER_X509); diff --git a/src/analyzer/protocol/rdp/rdp-protocol.pac b/src/analyzer/protocol/rdp/rdp-protocol.pac index 32f59bd75f..0d5475c8be 100644 --- a/src/analyzer/protocol/rdp/rdp-protocol.pac +++ b/src/analyzer/protocol/rdp/rdp-protocol.pac @@ -80,6 +80,8 @@ type Connect_Request(cotp: COTP) = record { cookie_mstshash: RE/Cookie: mstshash\=/; cookie_value: RE/[^\x0d]*/; cookie_terminator: RE/\x0d\x0a/; + # Terrifying little case statement to figure out if there + # is any data left in the COTP structure. switch1: case (offsetof(switch1) + 2 - cotp.cotp_len - 1) of { 0 -> none: empty; default -> rdp_neg_req: RDP_Negotiation_Request; @@ -106,6 +108,8 @@ type Connect_Confirm(cotp: COTP) = record { destination_reference: uint16; source_reference: uint16; flags: uint8; + # Terrifying little case statement to figure out if there + # is any data left in the COTP structure. switch1: case (offsetof(switch1) + 2 - cotp.cotp_len - 1) of { 0 -> none1: empty; default -> response: Connect_Confirm_Record;