Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Extend DHCP protocol analyzer with new options.

Browse source 
Add the folowing option types:
- 55 Parameters Request List;
- 58 Renewal time;
- 59 Rebinding time;
- 61 Client Identifier;
- 82 Relay Agent Information.

Extend the following events with new parameters, specifically:
- dhcp_discover exports client identifier and parameters request list;
- dhcp_request exports client_identifier and parameters request list;
- dhcp_ack exports rebinding time, renewal time and list of suboptions value of
  dhcp relay agent information option;
- dhcp_inform exports parameters request list.

Add option type specific variables within the scope of DHCP module
(see src/analyzer/protocol/dhcp/types.bif).

Move protocol specific variables "dhcp_msg" and "dhcp_router_list" from scope Global to DHCP::
and adapt inet_net_var in src/NetVar.cc consequently.

Extend src/analyzer/protocols/dhcp/main.bro to handle the new events and to log
dhcp_ack, dhcp_request and dhcp_discover.

Modify scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro to
include new events' variables.
This commit is contained in:
Valerio G 2017-12-31 17:36:30 +01:00
parent 1c25df6f26
commit 18499fd7d9
11 changed files with 291 additions and 112 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/NetVar.cc
View file

@ -426,8 +426,8 @@ void init_net_var()
entropy_test_result = internal_type("entropy_test_result")->AsRecordType();
dhcp_router_list = internal_type("dhcp_router_list")->AsTableType();
dhcp_msg = internal_type("dhcp_msg")->AsRecordType();
dhcp_router_list = internal_type("DHCP::dhcp_router_list")->AsTableType();
dhcp_msg = internal_type("DHCP::dhcp_msg")->AsRecordType();
dns_msg = internal_type("dns_msg")->AsRecordType();
dns_answer = internal_type("dns_answer")->AsRecordType();