[Bro] Script conversion to 2.6.2
tbarbatsalou at gmail.com
Fri Nov 9 01:04:22 PST 2018
I am trying to convert a chunk of bro scripting code to the new version,
but, despite reading the documentation, I don't know what to precisely
event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router:
dhcp_router_list, lease: interval, serv_addr: addr)
# Store info from the DHCP acknowledgment, to create a mapping
between SHA and assigned IP
DHCP_state[dhcp_msg$h_addr] = dhcp_msg$yiaddr;
Apparently, the dhcp_ack event has to be replaced by the dhcp_message
equivalent, with a syntax similar to (?) the following:
event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options:
I am not sure if it is correct and what I should include in the DHCP::Msg
and DHCP::Options parts in order to construct an ack.
Moreover, by what should the dhcp_msg be replaced in the following
function? (DHCP_state[dhcp_msg$h_addr] = dhcp_msg$yiaddr;)
Excuse my ignorance; These are my first bro tryouts.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro