I'd like to ask guidance on how to contribute to BRO by proposing
extensions to existing protocol analyzers.
For instance, suppose that I realize a patch to the DHCP analyzer that
includes new unsupported options. Such patch would impact on multiple
files like those in src/analyzer/protocol/dhcp,
scripts/base/protocols/dhcp as well as new types to be included in
init-bare.bro.
What would be the best procedure (and format) to submit such a patch?
The patch introduces new options types for DHCP protocol and extends
dhcp event including new parameters that I believe are useful in network
forensics analysis.
dhcp_discover exports client identifier and parameters request list;
dhcp_request exports client_identifier and parameters request list;
dhcp_ack exports rebinding time, renewal time and list of suboptions
value of
dhcp relay agent information option;
dhcp_inform exports parameters request list.