[Bro-Dev] DHCP event removal

Michael Dopheide dopheide at es.net
Thu Jun 14 21:30:28 PDT 2018

While testing the new Broker code in master I came across this a bit
unexpectedly when trying to run our full production policy stack:

2.5-544 | 2018-05-01 17:57:15 -0500

  * Rewrite the DHCP analyzer and accompanying script-layer API.

I'm all for analyzer updates and improvements, but what I'm honestly not
sure about is this:

   * Reduced all DHCP events into a single dhcp_message event.
    (removed legacy events since they weren't widely used anyway)

How was the determination made that it's not widely used?  I don't recall a
survey on the bro/bro-dev lists and there's clearly instances of it's use
when searching github.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20180614/4bd82b2b/attachment.html 

More information about the bro-dev mailing list