| 1 |
4ae45b10
|
Ermal Luçi
|
# DHCP - Dynamic Host Configuration Protocol - RFC 1541
|
| 2 |
|
|
# Pattern attributes: good veryfast fast
|
| 3 |
|
|
# Protocol groups: networking ietf_draft_standard
|
| 4 |
|
|
# Wiki: http://www.protocolinfo.org/wiki/DHCP
|
| 5 |
66f2dd0e
|
Ermal Lu?i
|
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
|
| 6 |
4ae45b10
|
Ermal Luçi
|
#
|
| 7 |
|
|
# Usually runs on ports 67 (server) and 68 (client)
|
| 8 |
|
|
#
|
| 9 |
|
|
# Also matches BOOTP (Bootstrap Protocol (RFC 951)) in the case that
|
| 10 |
|
|
# the "vendor specific options" are used (these options were made standard
|
| 11 |
|
|
# for DHCP).
|
| 12 |
|
|
#
|
| 13 |
|
|
# This pattern is lightly tested.
|
| 14 |
|
|
|
| 15 |
|
|
dhcp
|
| 16 |
|
|
^[\x01\x02][\x01- ]\x06.*c\x82sc
|
| 17 |
|
|
|
| 18 |
|
|
# Let's break that down:
|
| 19 |
|
|
#
|
| 20 |
|
|
# (\x01|\x02) is for BOOTREQUEST or BOOTREPLY
|
| 21 |
5aa68a55
|
Renato Botelho
|
# Is there a demand for doing these separately? The Packeteer does.
|
| 22 |
4ae45b10
|
Ermal Luçi
|
#
|
| 23 |
|
|
# [\x01-\x20] is for any of the hardware address types listed at
|
| 24 |
|
|
# (http://www.iana.org/assignments/arp-parameters) and hopefully faster
|
| 25 |
|
|
# ethernets too (100, 1000 and 10000mb) as well (do they share the 10mb
|
| 26 |
|
|
# number?).
|
| 27 |
|
|
#
|
| 28 |
|
|
# \x06 for "hardware address length = 6 bytes". Does anyone use other lengths
|
| 29 |
|
|
# these days? If so, this pattern won't match it as it stands.
|
| 30 |
|
|
#
|
| 31 |
|
|
# .* covers the hops, xid, secs, flags, ciaddr, yiaddr, siaddr, giaddr,
|
| 32 |
|
|
# chaddr, sname and file fields. While this can't really be "any number
|
| 33 |
|
|
# of characters" long, it doesn't seem worth it to count.
|
| 34 |
|
|
# Can we make this more specific by restricting the number of hops or seconds?
|
| 35 |
|
|
#
|
| 36 |
|
|
# 0x63825363 is the "magic cookie" which begins the DHCP options field.
|