Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Adds some comments and fixes a broxygen warning.

Browse source
This commit is contained in:
Seth Hall 2015-03-05 11:37:37 -05:00
parent 6909d0de87
commit b92a68e2bd
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/protocols/rdp/main.bro
View file

@ -218,7 +218,7 @@ event file_over_new_connection(f: fa_file, c: connection, is_orig: bool) &priori
{
if ( c?$rdp && f$source == "RDP" )
{
## Count up X509 certs.
# Count up X509 certs.
++c$rdp$cert_count;
Files::add_analyzer(f, Files::ANALYZER_X509);

4
src/analyzer/protocol/rdp/rdp-protocol.pac
View file

@ -80,6 +80,8 @@ type Connect_Request(cotp: COTP) = record {
cookie_mstshash: RE/Cookie: mstshash\=/;
cookie_value: RE/[^\x0d]*/;
cookie_terminator: RE/\x0d\x0a/;
# Terrifying little case statement to figure out if there
# is any data left in the COTP structure.
switch1: case (offsetof(switch1) + 2 - cotp.cotp_len - 1) of {
0 -> none: empty;
default -> rdp_neg_req: RDP_Negotiation_Request;
@ -106,6 +108,8 @@ type Connect_Confirm(cotp: COTP) = record {
destination_reference: uint16;
source_reference: uint16;
flags: uint8;
# Terrifying little case statement to figure out if there
# is any data left in the COTP structure.
switch1: case (offsetof(switch1) + 2 - cotp.cotp_len - 1) of {
0 -> none1: empty;
default -> response: Connect_Confirm_Record;