This is switching a pull request over to a merge request for a branch of mine. Reference pull request: https://github.com/bro/bro/pull/121
This is a pretty big rewrite of the DHCP analyzer and rework of the scripts so I'd like someone else to check over the code a bit and make sure I didn't miss anything obvious.
This is merged and generally everything looked good, except a couple notes for Seth to review:
In dhcp/software.log: can we fix the comment "Not quite right to just blindly use 67 and 68 as the ports" ? Seems like that could actually cause confusion in logs?
In dhcp-options.pac: the 'process_auto_proxy_config_option' function seemed to access one-past-the-end of a bytestring, so I rewrote it. Maybe just double-check what I did there makes sense.