Ignoring packets with negative timestamps.

These used to stall Bro. Addresses BIT-1562 and BIT-1443.

CHANGES

@@ -1,4 +1,9 @@
 
+2.4-573 | 2016-05-23 13:21:03 -0700
+
+  * Ignoring packets with negative timestamps. Addresses BIT-1562 and
+    BIT-1443. (Robin Sommer)
+
 2.4-572 | 2016-05-23 12:45:23 -0700
 
   * Fix for a table refering to a expire function that's not defined.

VERSION

@@ -1 +1 @@
-2.4-572
+2.4-573

src/iosource/PktSrc.cc

@@ -289,6 +289,12 @@ bool PktSrc::ExtractNextPacketInternal()
 
 	if ( ExtractNextPacket(&current_packet) )
 		{
+		if ( current_packet.time < 0 )
+			{
+			Weird("negative_packet_timestamp", &current_packet);
+			return 0;
+			}
+
 		if ( ! first_timestamp )
 			first_timestamp = current_packet.time;
 

testing/btest/Baseline/core.negative-time/weird.log

@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#open	2016-05-23-20-20-21
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1425182592.408334	-	-	-	-	-	negative_packet_timestamp	-	F	bro
+#close	2016-05-23-20-20-21

testing/btest/core/negative-time.test

@@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -b -C -r $TRACES/negative-time.pcap base/frameworks/notice
+# @TEST-EXEC: btest-diff weird.log