Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Ignoring packets with negative timestamps.

Browse source 
These used to stall Bro. Addresses BIT-1562 and BIT-1443.
This commit is contained in:
Robin Sommer 2016-05-23 13:21:03 -07:00
parent 4f9cb6912a
commit 3581ead0d9
6 changed files with 24 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,4 +1,9 @@
2.4-573 | 2016-05-23 13:21:03 -0700
* Ignoring packets with negative timestamps. Addresses BIT-1562 and
BIT-1443. (Robin Sommer)
2.4-572 | 2016-05-23 12:45:23 -0700
* Fix for a table refering to a expire function that's not defined.

2
VERSION
View file

@ -1 +1 @@
2.4-572
2.4-573

6
src/iosource/PktSrc.cc
View file

@ -289,6 +289,12 @@ bool PktSrc::ExtractNextPacketInternal()
if ( ExtractNextPacket(&current_packet) )
{
if ( current_packet.time < 0 )
{
Weird("negative_packet_timestamp", &current_packet);
return 0;
}
if ( ! first_timestamp )
first_timestamp = current_packet.time;

10
testing/btest/Baseline/core.negative-time/weird.log Normal file
View file

@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open 2016-05-23-20-20-21
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1425182592.408334 - - - - - negative_packet_timestamp - F bro
#close 2016-05-23-20-20-21

BIN
testing/btest/Traces/negative-time.pcap Normal file
View file

Binary file not shown.

2
testing/btest/core/negative-time.test Normal file
View file

@ -0,0 +1,2 @@
# @TEST-EXEC: bro -b -C -r $TRACES/negative-time.pcap base/frameworks/notice
# @TEST-EXEC: btest-diff weird.log