mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 08:08:19 +00:00
Merge branch 'feature/new_dhcp_data' of https://github.com/Mr-Click/bro into topic/seth/merge-121-dhcp-extensions
This commit is contained in:
Seth Hall
commit
ba49ab8201
17 changed files with 323 additions and 112 deletions
|
|
@ -17,20 +17,32 @@ export {
|
|||
type Info: record {
|
||||
## The earliest time at which a DHCP message over the
|
||||
## associated connection is observed.
|
||||
ts: time &log;
|
||||
ts: time &log;
|
||||
## A unique identifier of the connection over which DHCP is
|
||||
## occurring.
|
||||
uid: string &log;
|
||||
uid: string &log;
|
||||
## The connection's 4-tuple of endpoint addresses/ports.
|
||||
id: conn_id &log;
|
||||
id: conn_id &log;
|
||||
## Client's hardware address.
|
||||
mac: string &log &optional;
|
||||
mac: string &log &optional;
|
||||
## Client's actual assigned IP address.
|
||||
assigned_ip: addr &log &optional;
|
||||
assigned_ip: addr &log &optional;
|
||||
## IP address lease interval.
|
||||
lease_time: interval &log &optional;
|
||||
lease_time: interval &log &optional;
|
||||
## A random number chosen by the client for this transaction.
|
||||
trans_id: count &log;
|
||||
trans_id: count &log;
|
||||
## the message type
|
||||
msg_type: string &log &optional;
|
||||
## client ID
|
||||
client_id: string &log &optional;
|
||||
## the server ID
|
||||
server_id: addr &log &optional;
|
||||
## the host name
|
||||
host_name: string &log &optional;
|
||||
## the subscriber id (if present)
|
||||
subscriber_id: string &log &optional;
|
||||
## the agent remote id (if present)
|
||||
agent_remote_id: string &log &optional;
|
||||
};
|
||||
|
||||
## Event that can be handled to access the DHCP
|
||||
|
|
@ -47,20 +59,26 @@ redef record connection += {
|
|||
const ports = { 67/udp, 68/udp };
|
||||
redef likely_server_ports += { 67/udp };
|
||||
|
||||
global info: Info;
|
||||
|
||||
event bro_init() &priority=5
|
||||
{
|
||||
Log::create_stream(DHCP::LOG, [$columns=Info, $ev=log_dhcp, $path="dhcp"]);
|
||||
Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, ports);
|
||||
}
|
||||
|
||||
event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string) &priority=5
|
||||
event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string, reb_time: count, ren_time: count, sub_opt: dhcp_sub_opt_list) &priority=5
|
||||
{
|
||||
local info: Info;
|
||||
#local info: Info;
|
||||
info$ts = network_time();
|
||||
info$id = c$id;
|
||||
info$uid = c$uid;
|
||||
info$lease_time = lease;
|
||||
info$trans_id = msg$xid;
|
||||
info$msg_type = message_types[msg$m_type];
|
||||
|
||||
info$server_id = serv_addr;
|
||||
info$host_name = host_name;
|
||||
|
||||
if ( msg$h_addr != "" )
|
||||
info$mac = msg$h_addr;
|
||||
|
|
@ -70,10 +88,62 @@ event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_lis
|
|||
else
|
||||
info$assigned_ip = c$id$orig_h;
|
||||
|
||||
for (param in sub_opt)
|
||||
{
|
||||
#if ( sub_opt[param]$code == 1 )
|
||||
#{
|
||||
#print fmt("Relay Agent Information:");
|
||||
#print fmt( "sub option: code=%d circuit id=%s",sub_opt[param]$code,sub_opt[param]$value );
|
||||
#}
|
||||
if ( sub_opt[param]$code == 2 )
|
||||
info$agent_remote_id = bytestring_to_hexstr(sub_opt[param]$value);
|
||||
|
||||
if ( sub_opt[param]$code == 6 )
|
||||
info$subscriber_id = (sub_opt[param]$value);
|
||||
}
|
||||
|
||||
c$dhcp = info;
|
||||
}
|
||||
|
||||
event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string) &priority=-5
|
||||
event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string, reb_time: count, ren_time: count, sub_opt: dhcp_sub_opt_list) &priority=-5
|
||||
{
|
||||
Log::write(DHCP::LOG, c$dhcp);
|
||||
}
|
||||
|
||||
event dhcp_request(c: connection, msg: dhcp_msg, req_addr: addr, serv_addr: addr, host_name: string, c_id: dhcp_client_id, req_params: table[count] of count) &priority=5
|
||||
{
|
||||
info$ts = network_time();
|
||||
info$id = c$id;
|
||||
info$uid = c$uid;
|
||||
info$trans_id = msg$xid;
|
||||
info$msg_type = message_types[msg$m_type];
|
||||
info$server_id = serv_addr;
|
||||
info$host_name = host_name;
|
||||
info$client_id = c_id$hwaddr;
|
||||
|
||||
c$dhcp = info;
|
||||
}
|
||||
|
||||
event dhcp_request(c: connection, msg: dhcp_msg, req_addr: addr, serv_addr: addr, host_name: string, c_id: dhcp_client_id, req_params: table[count] of count) &priority=-5
|
||||
{
|
||||
Log::write(DHCP::LOG, c$dhcp);
|
||||
}
|
||||
|
||||
event dhcp_discover(c: connection, msg: dhcp_msg, req_addr: addr, host_name: string, c_id: dhcp_client_id, req_params: table[count] of count) &priority=5
|
||||
{
|
||||
info$ts = network_time();
|
||||
info$id = c$id;
|
||||
info$uid = c$uid;
|
||||
info$trans_id = msg$xid;
|
||||
info$msg_type = message_types[msg$m_type];
|
||||
info$host_name = host_name;
|
||||
info$client_id = c_id$hwaddr;
|
||||
|
||||
c$dhcp = info;
|
||||
}
|
||||
|
||||
event dhcp_discover(c: connection, msg: dhcp_msg, req_addr: addr, host_name: string, c_id: dhcp_client_id, req_params: table[count] of count) &priority=-5
|
||||
{
|
||||
Log::write(DHCP::LOG, c$dhcp);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue