[Bro] Script conversion to 2.6.2

Tina Barbatsalou tbarbatsalou at gmail.com
Fri Nov 9 01:04:22 PST 2018


Hello everyone,

I am trying to convert a chunk of bro scripting code to the new version,
but, despite reading the documentation, I don't know what to precisely
replace.

event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router:
dhcp_router_list, lease: interval, serv_addr: addr)
      {
          # Store info from the DHCP acknowledgment, to create a mapping
between SHA and assigned IP
          DHCP_state[dhcp_msg$h_addr] = dhcp_msg$yiaddr;
      }

Apparently, the dhcp_ack event has to be replaced by the dhcp_message
equivalent, with a syntax similar to (?) the following:
event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options:
DHCP::Options).

I am not sure if it is correct and what I should include in the DHCP::Msg
and DHCP::Options parts in order to construct an ack.
Moreover, by what should the dhcp_msg be replaced in the following
function? (DHCP_state[dhcp_msg$h_addr] = dhcp_msg$yiaddr;)

Excuse my ignorance; These are my first bro tryouts.
Best regards,
TB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181109/b2234407/attachment.html 


More information about the Bro mailing list