Bug #6618
closedEndace: timestamp fixes
Description
ERF to SCTime_t conversion code is incorrect and may produce incorrect timestamps. This code should be refactored using the updated SCTIME_* macros in util-time.h.
source-erf-dag.c does not compile with --enable-dag due to a typo in PR9858 (SCMClloc for SCCalloc).
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 7.0)
Updated by Victor Julien about 1 year ago
Added the needs backport to 7 as I assume the time fixes are needed in 7 as well.
Updated by Jeff Lucovsky almost 1 year ago
@Stephen Donnelly I can fix this but I will need the endace libraries so i can compile etc. Are the header/libraries available publicly?
Updated by Victor Julien almost 1 year ago
- Status changed from New to Resolved
I believe this was addressed in https://github.com/OISF/suricata/pull/10030
Do we need a backport to 7 @Stephen Donnelly ?
Updated by Stephen Donnelly 12 months ago
- Label Needs backport to 7.0 added
Victor Julien wrote in #note-6:
I believe this was addressed in https://github.com/OISF/suricata/pull/10030
Do we need a backport to 7 @Stephen Donnelly ?
Yes I believe that would be helpful since the prerequisite SCTime_t fixes have been backported to 7.0.x-master already, thanks.
Updated by Stephen Donnelly 12 months ago
Jeff Lucovsky wrote in #note-5:
@Stephen Donnelly I can fix this but I will need the endace libraries so i can compile etc. Are the header/libraries available publicly?
I don't believe they are publicly available. I can look into providing them to you to use manually, or for a regression build-bot if that would help?
Updated by Victor Julien 12 months ago
Stephen Donnelly wrote in #note-10:
Jeff Lucovsky wrote in #note-5:
@Stephen Donnelly I can fix this but I will need the endace libraries so i can compile etc. Are the header/libraries available publicly?
I don't believe they are publicly available. I can look into providing them to you to use manually, or for a regression build-bot if that would help?
No need to do that, I think it's up to vendors like yourself to keep an eye on this.
Updated by Stephen Donnelly 12 months ago
Victor Julien wrote in #note-11:
No need to do that, I think it's up to vendors like yourself to keep an eye on this.
Sure, will be happy to test build 7.0.x-master for the backport and raise a ticket if there are any issues.
Updated by Philippe Antoine 11 months ago
- Status changed from Resolved to Closed