Bug #6618
closedendace: timestamp fixes
Description
ERF to SCTime_t conversion code is incorrect and may produce incorrect timestamps. This code should be refactored using the updated SCTIME_* macros in util-time.h.
source-erf-dag.c does not compile with --enable-dag due to a typo in PR9858 (SCMClloc for SCCalloc).
VJ Updated by Victor Julien over 2 years ago
- Label Needs backport to 7.0 added
OT Updated by OISF Ticketbot over 2 years ago
- Subtask #6620 added
OT Updated by OISF Ticketbot over 2 years ago
- Label deleted (
Needs backport to 7.0)
VJ Updated by Victor Julien over 2 years ago
Added the needs backport to 7 as I assume the time fixes are needed in 7 as well.
JL Updated by Jeff Lucovsky over 2 years ago
@sfd I can fix this but I will need the endace libraries so i can compile etc. Are the header/libraries available publicly?
VJ Updated by Victor Julien over 2 years ago
- Status changed from New to Resolved
I believe this was addressed in https://github.com/OISF/suricata/pull/10030
Do we need a backport to 7 @sfd ?
SD Updated by Stephen Donnelly over 2 years ago
- Label Needs backport to 7.0 added
Victor Julien wrote in #note-6:
I believe this was addressed in https://github.com/OISF/suricata/pull/10030
Do we need a backport to 7 @sfd ?
Yes I believe that would be helpful since the prerequisite SCTime_t fixes have been backported to 7.0.x-master already, thanks.
OT Updated by OISF Ticketbot over 2 years ago
- Subtask #6638 added
OT Updated by OISF Ticketbot over 2 years ago
- Label deleted (
Needs backport to 7.0)
SD Updated by Stephen Donnelly over 2 years ago
Jeff Lucovsky wrote in #note-5:
@sfd I can fix this but I will need the endace libraries so i can compile etc. Are the header/libraries available publicly?
I don't believe they are publicly available. I can look into providing them to you to use manually, or for a regression build-bot if that would help?
VJ Updated by Victor Julien over 2 years ago
Stephen Donnelly wrote in #note-10:
Jeff Lucovsky wrote in #note-5:
@sfd I can fix this but I will need the endace libraries so i can compile etc. Are the header/libraries available publicly?
I don't believe they are publicly available. I can look into providing them to you to use manually, or for a regression build-bot if that would help?
No need to do that, I think it's up to vendors like yourself to keep an eye on this.
SD Updated by Stephen Donnelly over 2 years ago
Victor Julien wrote in #note-11:
No need to do that, I think it's up to vendors like yourself to keep an eye on this.
Sure, will be happy to test build 7.0.x-master for the backport and raise a ticket if there are any issues.
PA Updated by Philippe Antoine about 2 years ago
- Status changed from Resolved to Closed
VJ Updated by Victor Julien 12 months ago
- Subject changed from Endace: timestamp fixes to endace: timestamp fixes