On Tue, Aug 28, 2018 at 6:35 PM Johanna Amann <joha...@icir.org> wrote:
> + If you use these events, you can make your scripts work on old and new
> versions
> + of Bro by wrapping the event definition in an @if, for example:
> +
> + @if ( Version::at_least("2.6") || ( Version::number == 20500 &&
> Version::info$commit >= [commit number of change] ) )
> + event ssl_client_hello(c: connection, version: count, record_version:
> count, possible_ts: time, client_random: string, session_id: string, ciphers:
> index_vec, comp_methods: index_vec)
> + @else
> + event ssl_client_hello(c: connection, version: count, possible_ts: time,
> client_random: string, session_id: string, ciphers: index_vec)
> + @endif
Since the parser won't be happy with that type of @if usage in old
releases due to [1], should we instead suggest something like:
function my_ssl_client_hello_impl(c: connection, version: count,
possible_ts: time, client_random: string, session_id: string, ciphers:
index_vec, record_version: counter &default=0, comp_methods: index_vec
&default=index_vec())
{
# Copy existing code to here
}
@if ( Version::at_least("2.6") || ( Version::number == 20500 &&
Version::info$commit >= [commit number of change] ) )
event ssl_client_hello(c: connection, version: count, record_version:
count, possible_ts: time, client_random: string, session_id: string,
ciphers: index_vec, comp_methods: index_vec)
{ my_ssl_client_hello_impl(c, version, possible_ts, client_random,
session_id, ciphers, record_version, comp_methods); }
@else
event ssl_client_hello(c: connection, version: count, possible_ts:
time, client_random: string, session_id: string, ciphers: index_vec)
{ my_ssl_client_hello_impl(c, version, possible_ts, client_random,
session_id, ciphers); }
@endif
- Jon
[1] https://bro-tracker.atlassian.net/browse/BIT-1976
_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
