change: RDPUDP_CORRELATION_ID_PAYLOAD definition

src/analyzer/protocol/rdp/rdpeudp-analyzer.pac

@@ -25,9 +25,9 @@ refine connection RDPEUDP_Conn += {
 
 	function is_rdpeudp2(): bool
 		%{
-printf("orig synex flags: %d\n", orig_synex_flags_);
-printf("resp synex flags: %d\n", resp_synex_flags_);
-printf("anded synex flags: %d\n", (orig_synex_flags_ & resp_synex_flags_));
+printf("orig synex flags: %#010x\n", orig_synex_flags_);
+printf("resp synex flags: %#010x\n", resp_synex_flags_);
+printf("anded synex flags: %#010x\n", (orig_synex_flags_ & resp_synex_flags_));
 		return ((orig_synex_flags_ & resp_synex_flags_) >= RDPUDP_PROTOCOL_VERSION_3);
 		%}
 

src/analyzer/protocol/rdp/rdpeudp-protocol.pac

@@ -35,8 +35,8 @@ type RDPEUDP_SYN(pdu: RDPEUDP_PDU, is_orig: bool) = record {
 		false -> has_no_synex_payload:		empty;
 	};
 } &let {
-#	proc_rdpeudp_syn: bool = $context.connection.proc_rdpeudp_syn(is_orig, fec_header.uFlags, fec_header.snSourceAck);
-	proc_rdpeudp_syn: bool = $context.connection.proc_rdpeudp_syn(is_orig, fec_header.uFlags, fec_header.snSourceAck, has_synex_payload.uUdpVer);
+	proc_rdpeudp_syn: bool = $context.connection.proc_rdpeudp_syn(is_orig, fec_header.uFlags,
+							fec_header.snSourceAck, has_synex_payload.uUdpVer);
 };
 
 # The tech specs refer to this as RDPUDP_SYNEX_PAYLOAD and RDPUDP_SYNDATAEX_PAYLOAD interchangably
@@ -56,7 +56,7 @@ enum RDPUDP_VERSION_INFO_FLAG {
 };
 
 type RDPUDP_CORRELATION_ID_PAYLOAD = record {
-	uCorrelationId:	uint16;
+	uCorrelationId:	uint8[16];
 	uReserved:	uint16;
 };
 
@@ -78,9 +78,7 @@ type RDPEUDP_SYNACK(pdu: RDPEUDP_PDU, is_orig: bool) = record {
 		false -> has_no_synex_payload:		empty;
 	};
 } &let {
-#	proc_rdpeudp_synack: bool = $context.connection.proc_rdpeudp_synack(is_orig, fec_header.uFlags);
 	proc_rdpeudp_synack: bool = $context.connection.proc_rdpeudp_synack(is_orig, fec_header.uFlags, has_synex_payload.uUdpVer);
-} &let {
 };
 
 enum RDPUDP_FLAG {