Add DHCPv4 protocol to Packetbeat #7647
Conversation
andrewkroh
force-pushed
the
feature/packetbeat-dhcpv4
branch
from
e2eff1e
to
954398b
Compare
|
I've been debating whether or not correlate request and responses. "When did a client make a request and not get a response?" - This is a question you cannot answer without correlation. And we don't get a response time metric either. I think response times could be measured for both discover/offer and request/ack exchanges.
But I think it could be a while before I personally have time to focus on this more. So perhaps we open an issue and track correlation as an enhancement and see if someone wants to take it on? |
packetbeat/magefile.go
Outdated
| @@ -118,6 +119,20 @@ func Update() error { | |||
| return sh.Run("make", "update") | |||
| } | |||
|
|
|||
| func Fields() error { | |||
There was a problem hiding this comment.
exported function Fields should have comment or be unexported
andrewkroh
force-pushed
the
feature/packetbeat-dhcpv4
branch
6 times, most recently
from
ec69ce1
to
3b80e39
Compare
|
I believe that the Windows build is failing because fields.yml is not generated during CI. #7670 fixes the issue. I don't understand how the system tests that validate fields names against fields.yml have been working or why it began failing in this PR. |
andrewkroh
force-pushed
the
feature/packetbeat-dhcpv4
branch
2 times, most recently
from
9b8fd6f
to
5eab323
Compare
|
This is passing CI now, conflicts are resolved, and it's ready for review. |
andrewkroh
force-pushed
the
feature/packetbeat-dhcpv4
branch
from
5eab323
to
4e5e391
Compare
We haven't done that before. But that did remind me to update the documentation to include DHCP. |
|
I'd like to do a squash this myself before merging to ensure that |
andrewkroh
force-pushed
the
feature/packetbeat-dhcpv4
branch
from
6390d24
to
22c2826
Compare
|
I squashed it into two commits. One for vendor and one with our code. Please use Rebase and Merge. |
| if len(data) < 2+length { | ||
| return nil, dhcpv4.ErrShortByteStream | ||
| } | ||
| servers := make([]net.IP, 0, length%4) |
There was a problem hiding this comment.
nit: I think you want length / 4 here
There was a problem hiding this comment.
Definitely. Good catch. I think I was looking at one of the parsers inside of the dhcp lib when I "wrote" that.
Will fix.
There was a problem hiding this comment.
I fixed that line and squashed the commit.
Added a build tag client.go to fix windows.
Packetbeat will capture and index individual DHCP packets for IPv4. This adds a dashboards too. Parsing is provided by github.com/insomniacslk/dhcp. Co-authored-by: Brian Waskiewicz <brian_waskiewicz@hotmail.com>
andrewkroh
force-pushed
the
feature/packetbeat-dhcpv4
branch
from
22c2826
to
92cb11d
Compare
|
This needs back-porting to 6.x so that it gets included in the next minor (v6.5.0). 6.4.0 is already feature frozen. |
andrewkroh
added
the
needs_backport
andrewkroh
added
v6.5.0
and removed
needs_backport
* Add github.com/insomniacslk/dhcp to vendor Added a build tag client.go to fix windows. (cherry picked from commit 6565915) * Add DHCPv4 protocol to Packetbeat Packetbeat will capture and index individual DHCP packets for IPv4. This adds a dashboards too. Parsing is provided by github.com/insomniacslk/dhcp. Co-authored-by: Brian Waskiewicz <brian_waskiewicz@hotmail.com> Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co> (cherry picked from commit 6eb21a4)
Packetbeat will capture and index individual DHCP packets for IPv4.
Parsing is provided by https://github.com/insomniacslk/dhcp.
This expands the work done in #7359.
Packetbeat DHCPv4 Overview Dashboard
I created a sample watch to alert when new clients are detected on the network: https://gist.github.com/andrewkroh/b8fe93c0dead7eb963e37ac4ca1a332a
Note to self: https://play.golang.com/p/rHecAoaBmI9