[Bro] Script conversion to 2.6.2
Tina Barbatsalou
tbarbatsalou at gmail.com
Fri Nov 9 01:04:22 PST 2018
Hello everyone,
I am trying to convert a chunk of bro scripting code to the new version,
but, despite reading the documentation, I don't know what to precisely
replace.
event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router:
dhcp_router_list, lease: interval, serv_addr: addr)
{
# Store info from the DHCP acknowledgment, to create a mapping
between SHA and assigned IP
DHCP_state[dhcp_msg$h_addr] = dhcp_msg$yiaddr;
}
Apparently, the dhcp_ack event has to be replaced by the dhcp_message
equivalent, with a syntax similar to (?) the following:
event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options:
DHCP::Options).
I am not sure if it is correct and what I should include in the DHCP::Msg
and DHCP::Options parts in order to construct an ack.
Moreover, by what should the dhcp_msg be replaced in the following
function? (DHCP_state[dhcp_msg$h_addr] = dhcp_msg$yiaddr;)
Excuse my ignorance; These are my first bro tryouts.
Best regards,
TB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181109/b2234407/attachment.html
More information about the Bro
mailing list