Merge branch 'rdp_client_cluster_data' of https://github.com/neslog/zeek

* 'rdp_client_cluster_data' of https://github.com/neslog/zeek: Fixing types. Correcting types. Removing misc data from Client Cluster data trying to assign values. Adding options field to RDP::ClientChannelDef Adding Client Cluster Data Adjustments: - Reformatting - Added comments - Changed the REDIRECTED_SESSIONID_FIELD_VALID field to a bool
2025-10-02 06:38:20 +00:00 · 2019-06-20 20:36:08 -07:00 · 2019-06-20 20:36:08 -07:00 · d72f5458f1
commit d72f5458f1
parent 6ccf1f928b 3a19af86c5
11 changed files with 123 additions and 14 deletions
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -4279,6 +4279,8 @@ export {
 	type RDP::ClientChannelDef: record {
 		## A unique name for the channel
 		name:           string;
+		## Channel Def raw options as count
+		options:	count;
 		## Absence of this flag indicates that this channel is
 		## a placeholder and that the server MUST NOT set it up.
 		initialized:    bool;
@ -4304,6 +4306,30 @@ export {
 		persistent:     bool;
 	};

+	## The TS_UD_CS_CLUSTER data block is sent by the client to the server
+	## either to advertise that it can support the Server Redirection PDUs
+	## or to request a connection to a given session identifier.
+	type RDP::ClientClusterData: record {
+		## Cluster information flags.
+		flags:                          count;
+		## If the *redir_sessionid_field_valid* flag is set, this field
+		## contains a valid session identifier to which the client requests
+		## to connect.
+		redir_session_id:               count;
+		## The client can receive server session redirection packets.
+		## If this flag is set, the *svr_session_redir_version_mask*
+		## field MUST contain the server session redirection version that
+		## the client supports.
+		redir_supported:                bool;
+		## The server session redirection version that the client supports.
+		svr_session_redir_version_mask: count;
+		## Whether the *redir_session_id* field identifies a session on
+		## the server to associate with the connection.
+		redir_sessionid_field_valid:    bool;
+		## The client logged on with a smart card.
+		redir_smartcard:                bool;
+	};
+
 	## The list of channels requested by the client.
 	type RDP::ClientChannelList: vector of ClientChannelDef;
 }