mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
81133f3116
* origin/topic/seth/dhcp-update: Rework to the DHCP analyzer. First step of DHCP analyzer rearchitecture. Add .btest scripts for dhck_ack and dhcp_discover messages verifying that new options are correctly reported in dhcp.log records. Extend DHCP protocol analyzer with new options. BIT-1924 #merged Additional changes: * Removed known-hosts.bro as the only thing populating its table was the already-removed known-hosts-and-devices.bro. So a known_devices.log will no longer be generated. * In dhcp-options.pac, the process_relay_agent_inf_option had a memleak and also process_auto_proxy_config_option looked like it accessed one byte past the end of the available bytestring, so fixed those.
21 lines
635 B
Text
21 lines
635 B
Text
##! Add a field that logs the order of hosts sending messages
|
|
##! using the same DHCP transaction ID. This information is
|
|
##! occasionally needed on some networks to fully explain the
|
|
##! DHCP sequence.
|
|
|
|
@load base/protocols/dhcp
|
|
|
|
module DHCP;
|
|
|
|
export {
|
|
redef record DHCP::Info += {
|
|
## The address that originated each message from the
|
|
## `msg_types` field.
|
|
msg_orig: vector of addr &log &default=addr_vec();
|
|
};
|
|
}
|
|
|
|
event DHCP::aggregate_msgs(ts: time, id: conn_id, uid: string, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options) &priority=3
|
|
{
|
|
log_info$msg_orig[|log_info$msg_orig|] = is_orig ? id$orig_h : id$resp_h;
|
|
}
|