Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/johanna/tls-more-data: Update NEWS for ssl changes. (3c7c60cf6)
On Wed, Aug 29, 2018 at 11:02 AM Johanna Amann wrote: > I actually tested it - and it works fine with old versions as long as > you use the @if this way round. Ah, tricky. I can see how that would work now, thanks for clarifying. - Jon ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/johanna/tls-more-data: Update NEWS for ssl changes. (3c7c60cf6)
> On Aug 29, 2018, at 12:02 PM, Johanna Amann wrote: > > @if ( version <= 2.6) > event 2.5-event > @else > event 2.6-event > @endif > > breaks with 2.5. Should that be < and not <= ? — Justin Azoff ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/johanna/tls-more-data: Update NEWS for ssl changes. (3c7c60cf6)
Sorry, yup. Johanna On 29 Aug 2018, at 9:10, Azoff, Justin S wrote: >> On Aug 29, 2018, at 12:02 PM, Johanna Amann wrote: >> >> @if ( version <= 2.6) >> event 2.5-event >> @else >> event 2.6-event >> @endif >> >> breaks with 2.5. > > Should that be < and not <= ? > > — > Justin Azoff ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/johanna/tls-more-data: Update NEWS for ssl changes. (3c7c60cf6)
Hi Jon, I actually tested it - and it works fine with old versions as long as you use the @if this way round. So @if ( version >= 2.6) event 2.6-event @else event 2.5-event @endif works perfectly with 2.5 and 2.6. @if ( version <= 2.6) event 2.5-event @else event 2.6-event @endif breaks with 2.5. I admittedly stopped looking for the exact reason why at some point - but I tested it rather thoroughly :). And I admittedly only figured that out after I wrote my comment to the merge-request. So - I am tempted to put it in NEWS like this - I assume most people will just copy-paste it because the @if-statement is complex enough that you will not come up with it yourself easily... Johanna On 29 Aug 2018, at 8:13, Jon Siwek wrote: > On Tue, Aug 28, 2018 at 6:35 PM Johanna Amann > wrote: > >> + If you use these events, you can make your scripts work on old and >> new versions >> + of Bro by wrapping the event definition in an @if, for example: >> + >> +@if ( Version::at_least("2.6") || ( Version::number == 20500 && >> Version::info$commit >= [commit number of change] ) ) >> +event ssl_client_hello(c: connection, version: count, >> record_version: count, possible_ts: time, client_random: string, >> session_id: string, ciphers: index_vec, comp_methods: index_vec) >> +@else >> +event ssl_client_hello(c: connection, version: count, >> possible_ts: time, client_random: string, session_id: string, >> ciphers: index_vec) >> +@endif > > Since the parser won't be happy with that type of @if usage in old > releases due to [1], should we instead suggest something like: > > function my_ssl_client_hello_impl(c: connection, version: count, > possible_ts: time, client_random: string, session_id: string, ciphers: > index_vec, record_version: counter =0, comp_methods: index_vec > =index_vec()) > { > # Copy existing code to here > } > > @if ( Version::at_least("2.6") || ( Version::number == 20500 && > Version::info$commit >= [commit number of change] ) ) > event ssl_client_hello(c: connection, version: count, record_version: > count, possible_ts: time, client_random: string, session_id: string, > ciphers: index_vec, comp_methods: index_vec) > { my_ssl_client_hello_impl(c, version, possible_ts, client_random, > session_id, ciphers, record_version, comp_methods); } > @else > event ssl_client_hello(c: connection, version: count, possible_ts: > time, client_random: string, session_id: string, ciphers: index_vec) > { my_ssl_client_hello_impl(c, version, possible_ts, client_random, > session_id, ciphers); } > @endif > > - Jon > > [1] https://bro-tracker.atlassian.net/browse/BIT-1976 > ___ > bro-dev mailing list > bro-dev@bro.org > http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] [Bro-Commits] [git/bro] topic/johanna/tls-more-data: Update NEWS for ssl changes. (3c7c60cf6)
On Tue, Aug 28, 2018 at 6:35 PM Johanna Amann wrote: > + If you use these events, you can make your scripts work on old and new > versions > + of Bro by wrapping the event definition in an @if, for example: > + > +@if ( Version::at_least("2.6") || ( Version::number == 20500 && > Version::info$commit >= [commit number of change] ) ) > +event ssl_client_hello(c: connection, version: count, record_version: > count, possible_ts: time, client_random: string, session_id: string, ciphers: > index_vec, comp_methods: index_vec) > +@else > +event ssl_client_hello(c: connection, version: count, possible_ts: time, > client_random: string, session_id: string, ciphers: index_vec) > +@endif Since the parser won't be happy with that type of @if usage in old releases due to [1], should we instead suggest something like: function my_ssl_client_hello_impl(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, record_version: counter =0, comp_methods: index_vec =index_vec()) { # Copy existing code to here } @if ( Version::at_least("2.6") || ( Version::number == 20500 && Version::info$commit >= [commit number of change] ) ) event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) { my_ssl_client_hello_impl(c, version, possible_ts, client_random, session_id, ciphers, record_version, comp_methods); } @else event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) { my_ssl_client_hello_impl(c, version, possible_ts, client_random, session_id, ciphers); } @endif - Jon [1] https://bro-tracker.atlassian.net/browse/BIT-1976 ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev