Merge remote-tracking branch 'origin/topic/seth/dhcp-update'

* origin/topic/seth/dhcp-update: Rework to the DHCP analyzer. First step of DHCP analyzer rearchitecture. Add .btest scripts for dhck_ack and dhcp_discover messages verifying that new options are correctly reported in dhcp.log records. Extend DHCP protocol analyzer with new options. BIT-1924 #merged Additional changes: * Removed known-hosts.bro as the only thing populating its table was the already-removed known-hosts-and-devices.bro. So a known_devices.log will no longer be generated. * In dhcp-options.pac, the process_relay_agent_inf_option had a memleak and also process_auto_proxy_config_option looked like it accessed one byte past the end of the available bytestring, so fixed those.
2025-10-02 06:38:20 +00:00 · 2018-05-01 17:57:15 -05:00 · 2018-05-01 17:57:15 -05:00 · 81133f3116
commit 81133f3116
parent a91da7021d e76b56ce53
42 changed files with 1688 additions and 722 deletions
--- a/18
+++ b/18
@ -1,4 +1,22 @@

+2.5-544 | 2018-05-01 17:57:15 -0500
+
+  * Rewrite the DHCP analyzer and accompanying script-layer API.
+    (Valerio G, Corelight)
+
+     * Reduced all DHCP events into a single dhcp_message event.
+       (removed legacy events since they weren't widely used anyway)
+     - Support many more DHCP options.
+
+     - DHCP log is completely reworked and now represents DHCP sessions
+       based on the transaction ID (and works on clusters).
+
+     - Removed the known-devices-and-hostnames.bro and known-devices.bro
+       scripts since it's generally less relevant now with the updated log.
+
+  * Change include directory search order to better support --with-openssl.
+    (Johanna Amann)
+
 2.5-535 | 2018-04-30 16:22:30 -0500

  * Improve how coverage unit tests handle name of build dir (Corelight)