refine connection SMB_Conn += { function proc_smb2_session_setup_request(h: SMB2_Header, val: SMB2_session_setup_request): bool %{ if ( smb2_session_setup_request ) { RecordVal* req = new RecordVal(BifType::Record::SMB2::SessionSetupRequest); req->Assign(0, new Val(${val.security_mode}, TYPE_COUNT)); BifEvent::generate_smb2_session_setup_request(bro_analyzer(), bro_analyzer()->Conn(), BuildSMB2HeaderVal(h), req); } return true; %} function proc_smb2_session_setup_response(h: SMB2_Header, val: SMB2_session_setup_response): bool %{ if ( smb2_session_setup_response ) { RecordVal* flags = new RecordVal(BifType::Record::SMB2::SessionSetupFlags); flags->Assign(0, new Val(${val.flag_guest}, TYPE_BOOL)); flags->Assign(1, new Val(${val.flag_anonymous}, TYPE_BOOL)); flags->Assign(2, new Val(${val.flag_encrypt}, TYPE_BOOL)); RecordVal* resp = new RecordVal(BifType::Record::SMB2::SessionSetupResponse); resp->Assign(0, flags); BifEvent::generate_smb2_session_setup_response(bro_analyzer(), bro_analyzer()->Conn(), BuildSMB2HeaderVal(h), resp); } return true; %} }; type SMB2_session_setup_request(header: SMB2_Header) = record { structure_size : uint16; vc_number : uint8; security_mode : uint8; capabilities : uint32; channel : uint32; security : SMB2_security; } &let { proc: bool = $context.connection.proc_smb2_session_setup_request(header, this); }; type SMB2_session_setup_response(header: SMB2_Header) = record { structure_size : uint16; session_flags : uint16; security : SMB2_security; } &let { flag_guest = (session_flags & 0x1) > 0; flag_anonymous = (session_flags & 0x2) > 0; flag_encrypt = (session_flags & 0x4) > 0; } &let { proc: bool = $context.connection.proc_smb2_session_setup_response(header, this); };