[Bro] Script conversion to 2.6.2
Michał Purzyński
michalpurzynski1 at gmail.com
Fri Nov 9 01:56:53 PST 2018
While not quite providing the answer to your question, this might help a bit.
https://github.com/bro/bro/blob/master/NEWS
It tells me that there is a script
"policy/protocols/dhcp/deprecated_events.bro" that can bring back your
old events back from the new dhcp_message() only.
You might take a look at what it does and how it constructs the
dhcp_ack from the dhcp_message()
It takes the dhcp_message(c: connection, is_orig: bool, msg:
DHCP::Msg, options: DHCP::Options)
checks for the type of the DHCP message
switch ( DHCP::message_types[msg$m_type] )
case "ACK":
calls an artificially built event - event dhcp_ack(c, old_msg, sm,
routers, le, sa, hn)
This should get you started. Welcome to the community, please come
back and ask more questions.
On Fri, Nov 9, 2018 at 1:06 AM Tina Barbatsalou <tbarbatsalou at gmail.com> wrote:
>
> Hello everyone,
>
> I am trying to convert a chunk of bro scripting code to the new version, but, despite reading the documentation, I don't know what to precisely replace.
>
> event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr)
> {
> # Store info from the DHCP acknowledgment, to create a mapping between SHA and assigned IP
> DHCP_state[dhcp_msg$h_addr] = dhcp_msg$yiaddr;
> }
>
> Apparently, the dhcp_ack event has to be replaced by the dhcp_message equivalent, with a syntax similar to (?) the following:
> event dhcp_message(c: connection, is_orig: bool, msg: DHCP::Msg, options: DHCP::Options).
>
> I am not sure if it is correct and what I should include in the DHCP::Msg and DHCP::Options parts in order to construct an ack.
> Moreover, by what should the dhcp_msg be replaced in the following function? (DHCP_state[dhcp_msg$h_addr] = dhcp_msg$yiaddr;)
>
> Excuse my ignorance; These are my first bro tryouts.
> Best regards,
> TB
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list