Project

General

Profile

Actions

Bug #5094

closed

output: timestamp missing usecs on Arm 32bit + Musl

Added by Victor Julien about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0

Description

Tested on Alpine 3.15

$ python3 ../suricata-verify/run.py -q
Warning: EVE files will not be validated: jsonschema module not found.
Number of concurrent jobs: 8
===> dns-udp-eve-v2-txt: Sub test #5: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'dns', 'dest_ip': '10.16.1.1', 'dest_port': 53, 'event_type': 'flow', 'flow.age': 0, 'flow.alerted': False, 'flow.bytes_toclient': 116, 'flow.bytes_toserver': 100, 'flow.end': '2017-06-08T15:45:58.525601+0000', 'flow.pkts_toclient': 1, 'flow.pkts_toserver': 1, 'flow.reason': 'shutdown', 'flow.start': '2017-06-08T15:45:58.520996+0000', 'flow.state': 'established', 'proto': 'UDP', 'src_ip': '10.16.1.11', 'src_port': 60922}}
===> dns-udp-eve-v2-txt: Sub test #6: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'dns', 'dest_ip': '10.16.1.1', 'dest_port': 53, 'event_type': 'flow', 'flow.age': 0, 'flow.alerted': False, 'flow.bytes_toclient': 129, 'flow.bytes_toserver': 81, 'flow.end': '2017-06-08T15:45:57.833020+0000', 'flow.pkts_toclient': 1, 'flow.pkts_toserver': 1, 'flow.reason': 'shutdown', 'flow.start': '2017-06-08T15:45:57.828730+0000', 'flow.state': 'established', 'proto': 'UDP', 'src_ip': '10.16.1.11', 'src_port': 52345}}
===> nfs3-01: Sub test #248: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:AUtTX3EtL8yKo1l/4n744z2c67M=', 'dest_ip': '139.25.22.102', 'dest_port': 1048, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 82, 'netflow.end': '1999-12-03T07:49:57.290000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.290000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.2', 'src_port': 3296}}
===> nfs3-01: Sub test #249: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:AUtTX3EtL8yKo1l/4n744z2c67M=', 'dest_ip': '139.25.22.2', 'dest_port': 3296, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 66, 'netflow.end': '1999-12-03T07:49:57.290000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.290000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.102', 'src_port': 1048}}
===> nfs3-01: Sub test #251: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:7vPYSqvtfQ2cioualTnJzHa1fGs=', 'dest_ip': '139.25.22.102', 'dest_port': 2049, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 82, 'netflow.end': '1999-12-03T07:49:57.330000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.330000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.2', 'src_port': 3298}}
===> nfs3-01: Sub test #252: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:7vPYSqvtfQ2cioualTnJzHa1fGs=', 'dest_ip': '139.25.22.2', 'dest_port': 3298, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 66, 'netflow.end': '1999-12-03T07:49:57.330000+0000', 'netflow.max_ttl': 255, 'netflow.min_ttl': 255, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.330000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.102', 'src_port': 2049}}
===> nfs3-01: Sub test #254: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:Ec8olmeIKk7iDWku79sjHqEjNgI=', 'dest_ip': '139.25.22.102', 'dest_port': 1048, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 158, 'netflow.end': '1999-12-03T07:49:57.750000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.750000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.2', 'src_port': 722}}
===> nfs3-01: Sub test #255: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:Ec8olmeIKk7iDWku79sjHqEjNgI=', 'dest_ip': '139.25.22.2', 'dest_port': 722, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 66, 'netflow.end': '1999-12-03T07:49:57.750000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.750000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.102', 'src_port': 1048}}
===> nfs3-01: Sub test #257: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'nfs', 'community_id': '1:Vz08QRsy2I1yGIXi37yvHKBnVwM=', 'dest_ip': '139.25.22.102', 'dest_port': 2049, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 10398, 'netflow.end': '1999-12-03T07:49:57.690000+0000', 'netflow.max_ttl': 255, 'netflow.min_ttl': 255, 'netflow.pkts': 57, 'netflow.start': '1999-12-03T07:49:57.400000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.2', 'src_port': 1022}}
===> nfs3-01: Sub test #258: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'nfs', 'community_id': '1:Vz08QRsy2I1yGIXi37yvHKBnVwM=', 'dest_ip': '139.25.22.2', 'dest_port': 1022, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 11038, 'netflow.end': '1999-12-03T07:49:57.690000+0000', 'netflow.max_ttl': 255, 'netflow.min_ttl': 255, 'netflow.pkts': 57, 'netflow.start': '1999-12-03T07:49:57.400000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.102', 'src_port': 2049}}
===> nfs3-01: Sub test #260: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:Qa82cl2bHpIRvy6bCKNJ8m5uFHc=', 'dest_ip': '139.25.22.102', 'dest_port': 111, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 106, 'netflow.end': '1999-12-03T07:49:57.280000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.280000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.2', 'src_port': 3295}}
===> nfs3-01: Sub test #261: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:Qa82cl2bHpIRvy6bCKNJ8m5uFHc=', 'dest_ip': '139.25.22.2', 'dest_port': 3295, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 90, 'netflow.end': '1999-12-03T07:49:57.280000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.280000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.102', 'src_port': 111}}
===> nfs3-01: Sub test #263: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:5s7E1MtKBUIBA6tevSSCEoo4+nY=', 'dest_ip': '139.25.22.102', 'dest_port': 111, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 106, 'netflow.end': '1999-12-03T07:49:57.740000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.740000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.2', 'src_port': 3299}}
===> bug-78-uricontent: Sub test #1: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'alert.action': 'allowed', 'alert.signature': 'msg escape tests', 'alert.signature_id': 100, 'app_proto': 'http', 'dest_ip': '208.69.36.231', 'dest_port': 80, 'event_type': 'alert', 'flow': {'bytes_toclient': 1588, 'bytes_toserver': 379, 'pkts_toclient': 2, 'pkts_toserver': 4, 'start': '2009-10-16T16:44:16.083524+0000'}, 'http': {'hostname': 'www.google.com', 'http_content_type': 'text/html', 'http_method': 'GET', 'http_user_agent': 'Wget/1.11.4', 'length': 1194, 'protocol': 'HTTP/1.0', 'status': 404, 'url': '/blah/'}, 'pcap_cnt': 6, 'proto': 'TCP', 'src_ip': '192.168.2.3', 'src_port': 37010, 'tx_id': 0}}
===> bug-78-uricontent: Sub test #2: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'http', 'dest_ip': '208.69.36.231', 'dest_port': 80, 'event_type': 'flow', 'flow': {'age': 0, 'alerted': True, 'bytes_toclient': 5453, 'bytes_toserver': 607, 'end': '2009-10-16T16:44:16.185868+0000', 'pkts_toclient': 5, 'pkts_toserver': 8, 'reason': 'shutdown', 'start': '2009-10-16T16:44:16.083524+0000', 'state': 'closed'}, 'proto': 'TCP', 'src_ip': '192.168.2.3', 'src_port': 37010, 'tcp': {'ack': True, 'psh': True, 'rst': True, 'state': 'closed', 'syn': True, 'tcp_flags': '1e', 'tcp_flags_tc': '1a', 'tcp_flags_ts': '1e'}}}
===> netflow-eve: Sub test #1: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'http', 'dest_ip': '82.165.177.154', 'dest_port': 80, 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 425, 'netflow.end': '2016-05-27T06:56:11.900923+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 6, 'netflow.start': '2016-05-27T06:56:11.304062+0000', 'proto': 'TCP', 'src_ip': '10.16.1.11', 'src_port': 46652, 'tcp.ack': True, 'tcp.fin': True, 'tcp.psh': True, 'tcp.syn': True, 'tcp.tcp_flags': '1b'}}
===> netflow-eve: Sub test #2: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'http', 'dest_ip': '10.16.1.11', 'dest_port': 46652, 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 495, 'netflow.end': '2016-05-27T06:56:11.900923+0000', 'netflow.max_ttl': 50, 'netflow.min_ttl': 50, 'netflow.pkts': 4, 'netflow.start': '2016-05-27T06:56:11.304062+0000', 'proto': 'TCP', 'src_ip': '82.165.177.154', 'src_port': 80, 'tcp.ack': True, 'tcp.fin': True, 'tcp.psh': True, 'tcp.syn': True, 'tcp.tcp_flags': '1b'}}
===> nfs3-01: Sub test #264: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:5s7E1MtKBUIBA6tevSSCEoo4+nY=', 'dest_ip': '139.25.22.2', 'dest_port': 3299, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 90, 'netflow.end': '1999-12-03T07:49:57.740000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.740000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.102', 'src_port': 111}}
===> nfs3-01: Sub test #266: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:RDDy+TvkuBpmdeE7O38hhFJL50w=', 'dest_ip': '139.25.22.102', 'dest_port': 111, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 106, 'netflow.end': '1999-12-03T07:49:57.320000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.320000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.2', 'src_port': 3297}}
===> nfs3-01: Sub test #267: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:RDDy+TvkuBpmdeE7O38hhFJL50w=', 'dest_ip': '139.25.22.2', 'dest_port': 3297, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 90, 'netflow.end': '1999-12-03T07:49:57.320000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.320000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.102', 'src_port': 111}}
===> nfs3-01: Sub test #269: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:9Pe9/OArRDrWNZ2YKjQF8PEpzcI=', 'dest_ip': '139.25.22.102', 'dest_port': 1048, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 158, 'netflow.end': '1999-12-03T07:49:57.310000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.290000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.2', 'src_port': 706}}
===> nfs3-01: Sub test #270: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'failed', 'community_id': '1:9Pe9/OArRDrWNZ2YKjQF8PEpzcI=', 'dest_ip': '139.25.22.2', 'dest_port': 706, 'ether.dest_macs[0]': '00:c0:95:f8:4d:d3', 'ether.src_macs[0]': '00:c0:95:e0:19:be', 'event_type': 'netflow', 'netflow.age': 0, 'netflow.bytes': 114, 'netflow.end': '1999-12-03T07:49:57.310000+0000', 'netflow.max_ttl': 64, 'netflow.min_ttl': 64, 'netflow.pkts': 1, 'netflow.start': '1999-12-03T07:49:57.290000+0000', 'proto': 'UDP', 'src_ip': '139.25.22.102', 'src_port': 1048}}
===> bug-78-http-uri: Sub test #1: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'alert.action': 'allowed', 'alert.signature': 'msg escape tests', 'alert.signature_id': 100, 'app_proto': 'http', 'dest_ip': '208.69.36.231', 'dest_port': 80, 'event_type': 'alert', 'flow': {'bytes_toclient': 1588, 'bytes_toserver': 379, 'pkts_toclient': 2, 'pkts_toserver': 4, 'start': '2009-10-16T16:44:16.083524+0000'}, 'http': {'hostname': 'www.google.com', 'http_content_type': 'text/html', 'http_method': 'GET', 'http_user_agent': 'Wget/1.11.4', 'length': 1194, 'protocol': 'HTTP/1.0', 'status': 404, 'url': '/blah/'}, 'pcap_cnt': 6, 'proto': 'TCP', 'src_ip': '192.168.2.3', 'src_port': 37010, 'tx_id': 0}}
===> bug-78-http-uri: Sub test #2: FAIL : expected 1 matches; got 0 for filter {'count': 1, 'match': {'app_proto': 'http', 'dest_ip': '208.69.36.231', 'dest_port': 80, 'event_type': 'flow', 'flow': {'age': 0, 'alerted': True, 'bytes_toclient': 5453, 'bytes_toserver': 607, 'end': '2009-10-16T16:44:16.185868+0000', 'pkts_toclient': 5, 'pkts_toserver': 8, 'reason': 'shutdown', 'start': '2009-10-16T16:44:16.083524+0000', 'state': 'closed'}, 'proto': 'TCP', 'src_ip': '192.168.2.3', 'src_port': 37010, 'tcp': {'ack': True, 'psh': True, 'rst': True, 'state': 'closed', 'syn': True, 'tcp_flags': '1e', 'tcp_flags_tc': '1a', 'tcp_flags_ts': '1e'}}}
PASSED:  997
FAILED:  5
SKIPPED: 41

Related issues 2 (0 open2 closed)

Copied to Suricata - Bug #5095: output: timestamp missing usecs on Arm 32bit + MuslClosedVictor JulienActions
Copied to Suricata - Bug #5096: output: timestamp missing usecs on Arm 32bit + MuslClosedJeff LucovskyActions
Actions

Also available in: Atom PDF