[Bro-Dev] [Bro-Commits] [git/bro] topic/johanna/tls-more-data: Update NEWS for ssl changes. (3c7c60cf6)

Jon Siwek jsiwek at corelight.com
Wed Aug 29 08:13:58 PDT 2018


On Tue, Aug 28, 2018 at 6:35 PM Johanna Amann <johanna at icir.org> wrote:

> +  If you use these events, you can make your scripts work on old and new versions
> +  of Bro by wrapping the event definition in an @if, for example:
> +
> +    @if ( Version::at_least("2.6") || ( Version::number == 20500 && Version::info$commit >= [commit number of change] ) )
> +    event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
> +    @else
> +    event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec)
> +    @endif

Since the parser won't be happy with that type of @if usage in old
releases due to [1], should we instead suggest something like:

function my_ssl_client_hello_impl(c: connection, version: count,
possible_ts: time, client_random: string, session_id: string, ciphers:
index_vec, record_version: counter &default=0, comp_methods: index_vec
&default=index_vec())
    {
    # Copy existing code to here
    }

@if ( Version::at_least("2.6") || ( Version::number == 20500 &&
Version::info$commit >= [commit number of change] ) )
event ssl_client_hello(c: connection, version: count, record_version:
count, possible_ts: time, client_random: string, session_id: string,
ciphers: index_vec, comp_methods: index_vec)
    { my_ssl_client_hello_impl(c, version, possible_ts, client_random,
session_id, ciphers, record_version, comp_methods); }
@else
event ssl_client_hello(c: connection, version: count, possible_ts:
time, client_random: string, session_id: string, ciphers: index_vec)
    { my_ssl_client_hello_impl(c, version, possible_ts, client_random,
session_id, ciphers); }
@endif

- Jon

[1] https://bro-tracker.atlassian.net/browse/BIT-1976


More information about the bro-dev mailing list