add some dhcp options

scripts/base/init-bare.zeek

@@ -3521,6 +3521,18 @@ export {
 
 		## URL to find a proxy.pac for auto proxy config (Option 252)
 		auto_proxy_config: string &optional;
+
+		## 25
+		time_offset:	int &optional;
+
+		## 26
+		timeserver_list: 	DHCP::Addrs &optional;
+
+		## 27
+		nameserver_list: 	DHCP::Addrs &optional;
+
+		## 28
+		ntpserver_list:	DHCP::Addrs &optional;
 	};
 }
 

src/analyzer/protocol/dhcp/dhcp-options.pac

@@ -21,6 +21,29 @@ refine typeattr Option += &let {
 };
 
 
+##############################
+# TIME OFFSET OPTION
+##############################
+let TIME_OFFSET_OPTION = 2;
+
+# Parse the option
+refine casetype OptionValue += {
+	TIME_OFFSET_OPTION -> time_offset : uint32;
+};
+
+refine flow DHCP_Flow += {
+	function process_time_offset_option(v: OptionValue): bool
+		%{
+		${context.flow}->options->Assign(25, new Val(${v.time_offset}, TYPE_INT));
+		return true;
+		%}
+};
+
+refine typeattr Option += &let {
+	proc_timeoffset_option = $context.flow.process_time_offset_option(info.value) &if(code==TIME_OFFSET_OPTION);
+};
+
+
 ##############################
 # ROUTER OPTION
 ##############################
@@ -55,6 +78,74 @@ refine typeattr Option += &let {
 };
 
 
+##############################
+# TIME SERVER OPTION
+##############################
+let TIME_SERVER_OPTION = 4;
+
+# Parse the option
+refine casetype OptionValue += {
+	TIME_SERVER_OPTION -> timeserver_list : uint32[length/4];
+};
+
+refine flow DHCP_Flow += {
+	function process_timeserver_option(v: OptionValue): bool
+		%{
+		VectorVal* timeserver_list = new VectorVal(BifType::Vector::DHCP::Addrs);
+		int num_servers = ${v.timeserver_list}->size();
+		vector<uint32>* rlist = ${v.timeserver_list};
+
+		for ( int i = 0; i < num_servers; ++i )
+			{
+			uint32 raddr = (*rlist)[i];
+			timeserver_list->Assign(i, new AddrVal(htonl(raddr)));
+			}
+
+		${context.flow}->options->Assign(26, timeserver_list);
+
+		return true;
+		%}
+};
+
+refine typeattr Option += &let {
+	proc_timeserver_option = $context.flow.process_timeserver_option(info.value) &if(code==TIME_SERVER_OPTION);
+};
+
+
+##############################
+# NAME SERVER OPTION
+##############################
+let NAME_SERVER_OPTION = 5;
+
+# Parse the option
+refine casetype OptionValue += {
+	NAME_SERVER_OPTION -> nameserver_list : uint32[length/4];
+};
+
+refine flow DHCP_Flow += {
+	function process_nameserver_option(v: OptionValue): bool
+		%{
+		VectorVal* nameserver_list = new VectorVal(BifType::Vector::DHCP::Addrs);
+		int num_servers = ${v.nameserver_list}->size();
+		vector<uint32>* rlist = ${v.nameserver_list};
+
+		for ( int i = 0; i < num_servers; ++i )
+			{
+			uint32 raddr = (*rlist)[i];
+			nameserver_list->Assign(i, new AddrVal(htonl(raddr)));
+			}
+
+		${context.flow}->options->Assign(27, nameserver_list);
+
+		return true;
+		%}
+};
+
+refine typeattr Option += &let {
+	proc_nameserver_option = $context.flow.process_nameserver_option(info.value) &if(code==NAME_SERVER_OPTION);
+};
+
+
 ##############################
 # DNS SERVER OPTION
 ##############################
@@ -194,6 +285,39 @@ refine typeattr Option += &let {
 };
 
 
+##############################
+# NTP SERVER OPTION
+##############################
+let NTP_SERVER_OPTION = 42;
+
+# Parse the option
+refine casetype OptionValue += {
+	NTP_SERVER_OPTION -> ntpserver_list : uint32[length/4];
+};
+
+refine flow DHCP_Flow += {
+	function process_ntpserver_option(v: OptionValue): bool
+		%{
+		VectorVal* ntpserver_list = new VectorVal(BifType::Vector::DHCP::Addrs);
+		int num_servers = ${v.ntpserver_list}->size();
+		vector<uint32>* rlist = ${v.ntpserver_list};
+
+		for ( int i = 0; i < num_servers; ++i )
+			{
+			uint32 raddr = (*rlist)[i];
+			ntpserver_list->Assign(i, new AddrVal(htonl(raddr)));
+			}
+
+		${context.flow}->options->Assign(28, ntpserver_list);
+
+		return true;
+		%}
+};
+
+refine typeattr Option += &let {
+	proc_ntpserver_option = $context.flow.process_ntpserver_option(info.value) &if(code==NTP_SERVER_OPTION);
+};
+
 ##############################
 # VENDOR SPECIFIC OPTION
 ##############################

testing/btest/Baseline/scripts.base.protocols.dhcp.dhcp-time-nameserver-events/.stdout

@@ -0,0 +1,4 @@
+time_offset, 4294949296
+timeserver_list, [192.168.15.101]
+nameserver_list, [192.168.15.101]
+ntpserver_list, [192.168.15.101]

testing/btest/scripts/base/protocols/dhcp/dhcp-time-nameserver-events.btest

@@ -0,0 +1,12 @@
+# @TEST-EXEC: bro -b -r $TRACES/dhcp/dhcp_time_and_nameserver.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/dhcp
+
+event DHCP::aggregate_msgs(ts: time, id: conn_id, uid: string, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options) &priority=5
+	{
+    print "time_offset", options$time_offset;
+    print "timeserver_list", options$timeserver_list;
+    print "nameserver_list", options$nameserver_list;
+    print "ntpserver_list", options$ntpserver_list;
+    }