[Bro-Dev] [Bro-Commits] [git/bro] topic/johanna/tls-more-data: Update NEWS for ssl changes. (3c7c60cf6)
Johanna Amann
johanna at icir.org
Wed Aug 29 09:02:36 PDT 2018
Hi Jon,
I actually tested it - and it works fine with old versions as long as
you use the @if this way round.
So
@if ( version >= 2.6)
event 2.6-event
@else
event 2.5-event
@endif
works perfectly with 2.5 and 2.6.
@if ( version <= 2.6)
event 2.5-event
@else
event 2.6-event
@endif
breaks with 2.5.
I admittedly stopped looking for the exact reason why at some point -
but I tested it rather thoroughly :). And I admittedly only figured that
out after I wrote my comment to the merge-request.
So - I am tempted to put it in NEWS like this - I assume most people
will just copy-paste it because the @if-statement is complex enough that
you will not come up with it yourself easily...
Johanna
On 29 Aug 2018, at 8:13, Jon Siwek wrote:
> On Tue, Aug 28, 2018 at 6:35 PM Johanna Amann <johanna at icir.org>
> wrote:
>
>> + If you use these events, you can make your scripts work on old and
>> new versions
>> + of Bro by wrapping the event definition in an @if, for example:
>> +
>> + @if ( Version::at_least("2.6") || ( Version::number == 20500 &&
>> Version::info$commit >= [commit number of change] ) )
>> + event ssl_client_hello(c: connection, version: count,
>> record_version: count, possible_ts: time, client_random: string,
>> session_id: string, ciphers: index_vec, comp_methods: index_vec)
>> + @else
>> + event ssl_client_hello(c: connection, version: count,
>> possible_ts: time, client_random: string, session_id: string,
>> ciphers: index_vec)
>> + @endif
>
> Since the parser won't be happy with that type of @if usage in old
> releases due to [1], should we instead suggest something like:
>
> function my_ssl_client_hello_impl(c: connection, version: count,
> possible_ts: time, client_random: string, session_id: string, ciphers:
> index_vec, record_version: counter &default=0, comp_methods: index_vec
> &default=index_vec())
> {
> # Copy existing code to here
> }
>
> @if ( Version::at_least("2.6") || ( Version::number == 20500 &&
> Version::info$commit >= [commit number of change] ) )
> event ssl_client_hello(c: connection, version: count, record_version:
> count, possible_ts: time, client_random: string, session_id: string,
> ciphers: index_vec, comp_methods: index_vec)
> { my_ssl_client_hello_impl(c, version, possible_ts, client_random,
> session_id, ciphers, record_version, comp_methods); }
> @else
> event ssl_client_hello(c: connection, version: count, possible_ts:
> time, client_random: string, session_id: string, ciphers: index_vec)
> { my_ssl_client_hello_impl(c, version, possible_ts, client_random,
> session_id, ciphers); }
> @endif
>
> - Jon
>
> [1] https://bro-tracker.atlassian.net/browse/BIT-1976
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
More information about the bro-dev
mailing list