Uploaded image for project: 'Bro Issue Tracker'
  1. BIT-1861

network_time() sometimes returns wall time if suspend_processing() and continue_processing() is used.

    Details

    • Type: Problem
    • Status: Closed
    • Priority: High
    • Resolution: Cannot Reproduce
    • Affects Version/s: 2.5
    • Fix Version/s: None
    • Component/s: Bro
    • Labels:
    • Environment:

      Ubuntu 16.04 LTS

    • Sprint:

      Description

      I try to call network_time() inside of new_packet() event to get the packet timestamp for each packet. However, when this is used together with suspend_processing() and continue_processing(), the network_time() sometimes returns the wall time instead of the packet time. A bro script using Broker and the corresponding python program is given to reproduce the problem. To run the program, just put all the file in the same folder and use the "./bug_run.sh" command.

        Attachments

        1. test.pcap
          6 kB
        2. bug.bro
          0.6 kB
        3. bug_run.sh
          0.1 kB
        4. bug_main.py
          0.6 kB

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              miaorwy Wenyu Ren
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: