Bug #6618
closedendace: timestamp fixes
Added by Stephen Donnelly over 2 years ago. Updated about 1 year ago.
Description
ERF to SCTime_t conversion code is incorrect and may produce incorrect timestamps. This code should be refactored using the updated SCTIME_* macros in util-time.h.
source-erf-dag.c does not compile with --enable-dag due to a typo in PR9858 (SCMClloc for SCCalloc).
VJ Updated by Victor Julien over 2 years ago Actions #1
- Label Needs backport to 7.0 added
OT Updated by OISF Ticketbot over 2 years ago Actions #2
- Subtask #6620 added
OT Updated by OISF Ticketbot over 2 years ago Actions #3
- Label deleted (
Needs backport to 7.0)
VJ Updated by Victor Julien over 2 years ago Actions #4
Added the needs backport to 7 as I assume the time fixes are needed in 7 as well.
JL Updated by Jeff Lucovsky over 2 years ago Actions #5
@sfd I can fix this but I will need the endace libraries so i can compile etc. Are the header/libraries available publicly?
VJ Updated by Victor Julien over 2 years ago Actions #6
- Status changed from New to Resolved
I believe this was addressed in https://github.com/OISF/suricata/pull/10030
Do we need a backport to 7 @sfd ?
SD Updated by Stephen Donnelly over 2 years ago Actions #7
- Label Needs backport to 7.0 added
Victor Julien wrote in #note-6:
I believe this was addressed in https://github.com/OISF/suricata/pull/10030
Do we need a backport to 7 @sfd ?
Yes I believe that would be helpful since the prerequisite SCTime_t fixes have been backported to 7.0.x-master already, thanks.
OT Updated by OISF Ticketbot over 2 years ago Actions #8
- Subtask #6638 added
OT Updated by OISF Ticketbot over 2 years ago Actions #9
- Label deleted (
Needs backport to 7.0)
SD Updated by Stephen Donnelly over 2 years ago Actions #10
Jeff Lucovsky wrote in #note-5:
@sfd I can fix this but I will need the endace libraries so i can compile etc. Are the header/libraries available publicly?
I don't believe they are publicly available. I can look into providing them to you to use manually, or for a regression build-bot if that would help?
VJ Updated by Victor Julien over 2 years ago Actions #11
Stephen Donnelly wrote in #note-10:
Jeff Lucovsky wrote in #note-5:
@sfd I can fix this but I will need the endace libraries so i can compile etc. Are the header/libraries available publicly?
I don't believe they are publicly available. I can look into providing them to you to use manually, or for a regression build-bot if that would help?
No need to do that, I think it's up to vendors like yourself to keep an eye on this.
SD Updated by Stephen Donnelly over 2 years ago Actions #12
Victor Julien wrote in #note-11:
No need to do that, I think it's up to vendors like yourself to keep an eye on this.
Sure, will be happy to test build 7.0.x-master for the backport and raise a ticket if there are any issues.
PA Updated by Philippe Antoine over 2 years ago Actions #13
- Status changed from Resolved to Closed
VJ Updated by Victor Julien about 1 year ago Actions #14
- Subject changed from Endace: timestamp fixes to endace: timestamp fixes