Best way to contribute to existing analyzer

Hi all,

I'd like to ask guidance on how to contribute to BRO by proposing
extensions to existing protocol analyzers.
For instance, suppose that I realize a patch to the DHCP analyzer that
includes new unsupported options. Such patch would impact on multiple
files like those in src/analyzer/protocol/dhcp,
scripts/base/protocols/dhcp as well as new types to be included in
init-bare.bro.

What would be the best procedure (and format) to submit such a patch?

best,
Valerio

Easiest is to prepare a pull request on GitHub. We have some
guidelines here:
https://www.bro.org/development/contribute.html#submitting-patches

Looking forward to your patches!

Robin

Hi,

after a few months I finally made to pack my contribution proposal as a
pull request available at

https://github.com/bro/bro/pull/121

The patch introduces new options types for DHCP protocol and extends
dhcp event including new parameters that I believe are useful in network
forensics analysis.

The options are the following:

55 Parameters Request List;
58 Renewal time;
59 Rebinding time;
61 Client Identifier;
82 Relay Agent Information.

while the following are the extended events:

dhcp_discover exports client identifier and parameters request list;
dhcp_request exports client_identifier and parameters request list;
dhcp_ack exports rebinding time, renewal time and list of suboptions
value of
dhcp relay agent information option;
dhcp_inform exports parameters request list.

Looking forward to receving feedbacks!

best,
Valerio