[Bro-Dev] [Bro-Commits] [git/bro] topic/johanna/tls-more-data: Update NEWS for ssl changes. (3c7c60cf6)

Johanna Amann johanna at icir.org
Wed Aug 29 09:02:36 PDT 2018


Hi Jon,

I actually tested it - and it works fine with old versions as long as 
you use the @if this way round.

So

@if ( version >= 2.6)
event 2.6-event
@else
event 2.5-event
@endif

works perfectly with 2.5 and 2.6.

@if ( version <= 2.6)
event 2.5-event
@else
event 2.6-event
@endif

breaks with 2.5.

I admittedly stopped looking for the exact reason why at some point - 
but I tested it rather thoroughly :). And I admittedly only figured that 
out after I wrote my comment to the merge-request.

So - I am tempted to put it in NEWS like this - I assume most people 
will just copy-paste it because the @if-statement is complex enough that 
you will not come up with it yourself easily...

Johanna

On 29 Aug 2018, at 8:13, Jon Siwek wrote:

> On Tue, Aug 28, 2018 at 6:35 PM Johanna Amann <johanna at icir.org> 
> wrote:
>
>> +  If you use these events, you can make your scripts work on old and 
>> new versions
>> +  of Bro by wrapping the event definition in an @if, for example:
>> +
>> +    @if ( Version::at_least("2.6") || ( Version::number == 20500 && 
>> Version::info$commit >= [commit number of change] ) )
>> +    event ssl_client_hello(c: connection, version: count, 
>> record_version: count, possible_ts: time, client_random: string, 
>> session_id: string, ciphers: index_vec, comp_methods: index_vec)
>> +    @else
>> +    event ssl_client_hello(c: connection, version: count, 
>> possible_ts: time, client_random: string, session_id: string, 
>> ciphers: index_vec)
>> +    @endif
>
> Since the parser won't be happy with that type of @if usage in old
> releases due to [1], should we instead suggest something like:
>
> function my_ssl_client_hello_impl(c: connection, version: count,
> possible_ts: time, client_random: string, session_id: string, ciphers:
> index_vec, record_version: counter &default=0, comp_methods: index_vec
> &default=index_vec())
>     {
>     # Copy existing code to here
>     }
>
> @if ( Version::at_least("2.6") || ( Version::number == 20500 &&
> Version::info$commit >= [commit number of change] ) )
> event ssl_client_hello(c: connection, version: count, record_version:
> count, possible_ts: time, client_random: string, session_id: string,
> ciphers: index_vec, comp_methods: index_vec)
>     { my_ssl_client_hello_impl(c, version, possible_ts, client_random,
> session_id, ciphers, record_version, comp_methods); }
> @else
> event ssl_client_hello(c: connection, version: count, possible_ts:
> time, client_random: string, session_id: string, ciphers: index_vec)
>     { my_ssl_client_hello_impl(c, version, possible_ts, client_random,
> session_id, ciphers); }
> @endif
>
> - Jon
>
> [1] https://bro-tracker.atlassian.net/browse/BIT-1976
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev


More information about the bro-dev mailing list