Bro: drop Bro < 2.6 compatibility

mmspide · Dec 13, 2018 · 12199d8 · 12199d8
1 parent 28e9ea9
commit 12199d8
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 19 deletions.
diff --git a/bro/ivre/passiverecon/ja3.bro b/bro/ivre/passiverecon/ja3.bro
@@ -133,11 +133,7 @@ event ssl_extension_elliptic_curves(c: connection, is_orig: bool, curves: index_
     }
 }
 
-@if (Version::at_least("2.6") || (Version::number == 20500 && Version::info$commit >= 944))
 event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=1
-@else
-event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec) &priority=1
-@endif
 {
     if (! c?$ivreja3c) {
         c$ivreja3c = IvreJA3CStore();
@@ -161,11 +157,7 @@ event ssl_client_hello(c: connection, version: count, possible_ts: time, client_
     );
 }
 
-@if ( Version::at_least("2.6") || ( Version::number == 20500 && Version::info$commit >= 944 ) )
 event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=1
-@else
-event ssl_server_hello(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count) &priority=1
-@endif
 {
     if (! c?$ivreja3s) {
         c$ivreja3s = IvreJA3SStore();

diff --git a/doc/INSTALL.md b/doc/INSTALL.md
@@ -22,7 +22,7 @@ to integrate screenshots, install
 [FFmpeg](http://ffmpeg.org/) and [PhantomJS](http://phantomjs.org/).
 
 If you plan to analyze PCAP file on a machine, install, depending on
-your needs, [Bro](http://www.bro.org/) (version 2.3 minimum),
+your needs, [Bro](http://www.bro.org/) (version 2.6 minimum),
 [p0f](http://lcamtuf.coredump.cx/p0f/) (version 2, will not work with
 version 3), [Argus](http://qosient.com/argus/) and/or
 [Nfdump](http://nfdump.sourceforge.net/).

diff --git a/doc/README.md b/doc/README.md
@@ -55,7 +55,7 @@ IVRE relies on:
   * optionally [ZMap](https://zmap.io/) and/or
     [Masscan](https://github.com/robertdavidgraham/masscan)
 
-  * [Bro](http://www.bro.org/) (version 2.3 minimum),
+  * [Bro](http://www.bro.org/) (version 2.6 minimum),
     [Argus](http://qosient.com/argus/),
     [Nfdump](https://github.com/phaag/nfdump)&
     [p0f](http://lcamtuf.coredump.cx/p0f/) (version 2, will not work
@@ -121,12 +121,12 @@ recon, you can skip this part.
 
 ## Using Bro ##
 
-You need to run bro (2.3 minimum, regularly tested with 2.5.2) with
-the option `-b` and the location of the `passiverecon/bare.bro`
-file. If you want to run it on the `eth0` interface, for example, run
-(replace `/usr/share/ivre` by the appropriate location; use `python -c
-'import ivre.config; print(ivre.config.guess_prefix())'` if you cannot
-find it):
+You need to run Bro (2.6 minimum, regularly tested with 2.6) with the
+option `-b` and the location of the `passiverecon/bare.bro` file. If
+you want to run it on the `eth0` interface, for example, run (replace
+`/usr/share/ivre` by the appropriate location; use `python -c 'import
+ivre.config; print(ivre.config.guess_prefix())'` if you cannot find
+it):
 
     # mkdir logs
     # LOG_PATH=logs/passiverecon \

diff --git a/web/dokuwiki/doc/install.txt b/web/dokuwiki/doc/install.txt
@@ -10,7 +10,7 @@ If you want to use the "flow" module, you also need to install [[http://neo4j.co
 
 If you plan to run scans from a machine, install [[http://nmap.org/|Nmap]] and optionally [[https://zmap.io/|ZMap]] and [[https://github.com/robertdavidgraham/masscan|Masscan]]. If you want to integrate screenshots, install [[https://github.com/tesseract-ocr/tesseract|Tesseract]], [[https://www.imagemagick.org/|ImageMagick]], [[http://ffmpeg.org/|FFmpeg]] and [[http://phantomjs.org/|PhantomJS]].
 
-If you plan to analyze PCAP file on a machine, install, depending on your needs, [[http://www.bro.org/|Bro]] (version 2.3 minimum), [[http://lcamtuf.coredump.cx/p0f/|p0f]] (version 2, will not work with version 3), [[http://qosient.com/argus/|Argus]] and/or [[http://nfdump.sourceforge.net/|Nfdump]].
+If you plan to analyze PCAP file on a machine, install, depending on your needs, [[http://www.bro.org/|Bro]] (version 2.6 minimum), [[http://lcamtuf.coredump.cx/p0f/|p0f]] (version 2, will not work with version 3), [[http://qosient.com/argus/|Argus]] and/or [[http://nfdump.sourceforge.net/|Nfdump]].
 
 To install IVRE, you'll need [[http://www.python.org/|Python]] 2 (version 2.6 minimum, prefer 2.7) or 3 (version 3.3 minimum), with the following modules:
 

diff --git a/web/dokuwiki/doc/readme.txt b/web/dokuwiki/doc/readme.txt
@@ -26,7 +26,7 @@ IVRE relies on:
     * optionally [[http://www.sqlalchemy.org/|sqlalchemy]] and [[http://initd.org/psycopg/|psycopg2]] to use the **experimental** PostgreSQL backend.
   * [[http://nmap.org/|Nmap]] version 7.25BETA2 minimum (actually, earlier versions can be used by setting ''%%script_timeout%%'' to ''%%None%%'' in each scan template).
   * optionally [[https://zmap.io/|ZMap]] and/or [[https://github.com/robertdavidgraham/masscan|Masscan]]
-  * [[http://www.bro.org/|Bro]] (version 2.3 minimum), [[http://qosient.com/argus/|Argus]], [[https://github.com/phaag/nfdump|Nfdump]]& [[http://lcamtuf.coredump.cx/p0f/|p0f]] (version 2, will not work with version 3) for the passive fingerprint and flow modules.
+  * [[http://www.bro.org/|Bro]] (version 2.6 minimum), [[http://qosient.com/argus/|Argus]], [[https://github.com/phaag/nfdump|Nfdump]]& [[http://lcamtuf.coredump.cx/p0f/|p0f]] (version 2, will not work with version 3) for the passive fingerprint and flow modules.
   * [[http://www.mongodb.org/|MongoDB]], version 2.6 minimum (tests are run with versions 2.6.12, 3.0.15, 3.2.21, 3.4.17, 3.6.8, 4.0.2 and 4.1.3).
   * optionally [[http://neo4j.com/|Neo4j]] for the flow module.
   * optionally [[https://www.postgresql.org/|PostgreSQL]], version 9.5 minimum (tests are run with versions 9.5.10, 9.6.6 and 10.1), for the **experimental** PostgreSQL backend.
@@ -56,7 +56,7 @@ The following steps will show some examples of **passive** network recon with IV
 
 ===== Using Bro =====
 
-You need to run bro (2.3 minimum, regularly tested with 2.5.2) with the option ''%%-b%%'' and the location of the ''%%passiverecon/bare.bro%%'' file. If you want to run it on the ''%%eth0%%'' interface, for example, run (replace ''%%/usr/share/ivre%%'' by the appropriate location; use ''%%python -c 'import ivre.config; print(ivre.config.guess_prefix())'%%'' if you cannot find it):
+You need to run Bro (2.6 minimum, regularly tested with 2.6) with the option ''%%-b%%'' and the location of the ''%%passiverecon/bare.bro%%'' file. If you want to run it on the ''%%eth0%%'' interface, for example, run (replace ''%%/usr/share/ivre%%'' by the appropriate location; use ''%%python -c 'import ivre.config; print(ivre.config.guess_prefix())'%%'' if you cannot find it):
 
 <code>
 # mkdir logs