:tocdepth: 3

base/protocols/dhcp/main.bro
============================
.. bro:namespace:: DHCP

Analyzes DHCP traffic in order to log DHCP leases given to clients.
This script ignores large swaths of the protocol, since it is rather
noisy on most networks, and focuses on the end-result: assigned leases.

If you'd like to track known DHCP devices and to log the hostname
supplied by the client, see
:doc:`/scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro`.

:Namespace: DHCP
:Imports: :doc:`base/protocols/dhcp/utils.bro </scripts/base/protocols/dhcp/utils.bro>`
:Source File: :download:`/scripts/base/protocols/dhcp/main.bro`

Summary
~~~~~~~
Types
#####
========================================== =================================================================
:bro:type:`DHCP::Info`: :bro:type:`record` The record type which contains the column fields of the DHCP log.
========================================== =================================================================

Redefinitions
#############
================================================================= =
:bro:type:`Log::ID`: :bro:type:`enum`                             
:bro:type:`connection`: :bro:type:`record`                        
:bro:id:`likely_server_ports`: :bro:type:`set` :bro:attr:`&redef` 
================================================================= =

Events
######
=========================================== =================================================
:bro:id:`DHCP::log_dhcp`: :bro:type:`event` Event that can be handled to access the DHCP
                                            record as it is sent on to the logging framework.
=========================================== =================================================


Detailed Interface
~~~~~~~~~~~~~~~~~~
Types
#####
.. bro:type:: DHCP::Info

   :Type: :bro:type:`record`

      ts: :bro:type:`time` :bro:attr:`&log`
         The earliest time at which a DHCP message over the
         associated connection is observed.

      uid: :bro:type:`string` :bro:attr:`&log`
         A unique identifier of the connection over which DHCP is
         occurring.

      id: :bro:type:`conn_id` :bro:attr:`&log`
         The connection's 4-tuple of endpoint addresses/ports.

      mac: :bro:type:`string` :bro:attr:`&log` :bro:attr:`&optional`
         Client's hardware address.

      assigned_ip: :bro:type:`addr` :bro:attr:`&log` :bro:attr:`&optional`
         Client's actual assigned IP address.

      lease_time: :bro:type:`interval` :bro:attr:`&log` :bro:attr:`&optional`
         IP address lease interval.

      trans_id: :bro:type:`count` :bro:attr:`&log`
         A random number chosen by the client for this transaction.

   The record type which contains the column fields of the DHCP log.

Events
######
.. bro:id:: DHCP::log_dhcp

   :Type: :bro:type:`event` (rec: :bro:type:`DHCP::Info`)

   Event that can be handled to access the DHCP
   record as it is sent on to the logging framework.


