From 6c00ec379877310d59894ca741224e573cdf76b4 Mon Sep 17 00:00:00 2001
From: Jungkeun Park <parkjk@konkuk.ac.kr>
Date: Thu, 13 Jun 2024 17:20:38 +0900
Subject: [PATCH 1/2] Add Bootp event structure

---
 src/ingest/network.rs | 55 +++++++++++++++++++++++++++++++++++++++++++
 src/lib.rs            |  1 +
 2 files changed, 56 insertions(+)

diff --git a/src/ingest/network.rs b/src/ingest/network.rs
index 21f2876..260bbed 100644
--- a/src/ingest/network.rs
+++ b/src/ingest/network.rs
@@ -891,3 +891,58 @@ impl ResponseRangeData for Nfs {
         bincode::serialize(&Some((timestamp, source, &nfs_csv.as_bytes())))
     }
 }
+
+#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
+pub struct Bootp {
+    pub orig_addr: IpAddr,
+    pub orig_port: u16,
+    pub resp_addr: IpAddr,
+    pub resp_port: u16,
+    pub proto: u8,
+    pub last_time: i64,
+    pub op: u8,
+    pub htype: u8,
+    pub hops: u8,
+    pub xid: u32,
+    pub ciaddr: IpAddr,
+    pub yiaddr: IpAddr,
+    pub siaddr: IpAddr,
+    pub giaddr: IpAddr,
+    pub chwaddr: Vec<u8>,
+    pub sname: String,
+    pub file: String,
+}
+
+impl Display for Bootp {
+    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
+        write!(
+            f,
+            "{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}",
+            self.orig_addr,
+            self.orig_port,
+            self.resp_addr,
+            self.resp_port,
+            self.proto,
+            convert_time_format(self.last_time),
+            self.op,
+            self.htype,
+            self.hops,
+            self.xid,
+            self.ciaddr,
+            self.yiaddr,
+            self.siaddr,
+            self.giaddr,
+            vec_to_string_or_default(&self.chwaddr),
+            as_str_or_default(&self.sname),
+            as_str_or_default(&self.file),
+        )
+    }
+}
+
+impl ResponseRangeData for Bootp {
+    fn response_data(&self, timestamp: i64, source: &str) -> Result<Vec<u8>, bincode::Error> {
+        let bootp_csv = format!("{}\t{source}\t{self}", convert_time_format(timestamp));
+
+        bincode::serialize(&Some((timestamp, source, &bootp_csv.as_bytes())))
+    }
+}
diff --git a/src/lib.rs b/src/lib.rs
index c79630b..94883e6 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -62,6 +62,7 @@ pub enum RawEventKind {
     Smb = 18,
     Nfs = 19,
     SecuLog = 20,
+    Bootp = 21,
 
     // Windows Sysmon
     ProcessCreate = 31,

From ed4d87de173fdd4c2fd9381b724d640623437d0c Mon Sep 17 00:00:00 2001
From: Jungkeun Park <parkjk@konkuk.ac.kr>
Date: Sun, 16 Jun 2024 03:32:20 +0900
Subject: [PATCH 2/2] Add Dhcp event structure

---
 CHANGELOG.md          |  4 +++
 src/ingest/network.rs | 69 +++++++++++++++++++++++++++++++++++++++++++
 src/lib.rs            |  1 +
 3 files changed, 74 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fe3ad88..650391c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+### Added
+
+- Added `Bootp` and `Dhcp` event structures.
+
 ### Changed
 
 - Modified connection log structure to include total L2 frame length of a session.
diff --git a/src/ingest/network.rs b/src/ingest/network.rs
index 260bbed..e754ca8 100644
--- a/src/ingest/network.rs
+++ b/src/ingest/network.rs
@@ -946,3 +946,72 @@ impl ResponseRangeData for Bootp {
         bincode::serialize(&Some((timestamp, source, &bootp_csv.as_bytes())))
     }
 }
+
+#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
+pub struct Dhcp {
+    pub orig_addr: IpAddr,
+    pub orig_port: u16,
+    pub resp_addr: IpAddr,
+    pub resp_port: u16,
+    pub proto: u8,
+    pub last_time: i64,
+    pub msg_type: u8,
+    pub ciaddr: IpAddr,
+    pub yiaddr: IpAddr,
+    pub siaddr: IpAddr,
+    pub giaddr: IpAddr,
+    pub subnet_mask: IpAddr,
+    pub router: Vec<IpAddr>,
+    pub domain_name_server: Vec<IpAddr>,
+    pub req_ip_addr: IpAddr,
+    pub lease_time: u32,
+    pub server_id: IpAddr,
+    pub param_req_list: Vec<u8>,
+    pub message: String,
+    pub renewal_time: u32,
+    pub rebinding_time: u32,
+    pub class_id: Vec<u8>,
+    pub client_id_type: u8,
+    pub client_id: Vec<u8>,
+}
+
+impl Display for Dhcp {
+    fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
+        write!(
+            f,
+            "{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}",
+            self.orig_addr,
+            self.orig_port,
+            self.resp_addr,
+            self.resp_port,
+            self.proto,
+            convert_time_format(self.last_time),
+            self.msg_type,
+            self.ciaddr,
+            self.yiaddr,
+            self.siaddr,
+            self.giaddr,
+            self.subnet_mask,
+            vec_to_string_or_default(&self.router),
+            vec_to_string_or_default(&self.domain_name_server),
+            self.req_ip_addr,
+            self.lease_time,
+            self.server_id,
+            vec_to_string_or_default(&self.param_req_list),
+            as_str_or_default(&self.message),
+            self.renewal_time,
+            self.rebinding_time,
+            vec_to_string_or_default(&self.class_id),
+            self.client_id_type,
+            vec_to_string_or_default(&self.client_id),
+        )
+    }
+}
+
+impl ResponseRangeData for Dhcp {
+    fn response_data(&self, timestamp: i64, source: &str) -> Result<Vec<u8>, bincode::Error> {
+        let dhcp_csv = format!("{}\t{source}\t{self}", convert_time_format(timestamp));
+
+        bincode::serialize(&Some((timestamp, source, &dhcp_csv.as_bytes())))
+    }
+}
diff --git a/src/lib.rs b/src/lib.rs
index 94883e6..731f990 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -63,6 +63,7 @@ pub enum RawEventKind {
     Nfs = 19,
     SecuLog = 20,
     Bootp = 21,
+    Dhcp = 22,
 
     // Windows Sysmon
     ProcessCreate = 31,