[Bro] Use of suspend_processing and continue_processing messes up network_time
Ren, Wenyu
wren3 at illinois.edu
Thu Oct 19 15:09:00 PDT 2017
To be more specific, I found sometimes (sometimes not) the network_time() will return the current wall time instead of the packet time if suspend_processing and continue_processing are used.
Wenyu Ren
Ph.D. Candidate
Department of Computer Science
University of Illinois at Urbana-Champaign
________________________________________
From: bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Ren, Wenyu [wren3 at illinois.edu]
Sent: Thursday, October 19, 2017 5:01 PM
To: bro at bro.org
Subject: [Bro] Use of suspend_processing and continue_processing messes up network_time
Dear all,
Have anyone using suspend_processing() and continue_processing() have problem with the network_time() function? I found that when those two functions are used, sometimes network_time() called for each packet all return the same time. Since network_time() returns the network time of the last packet processed, I guess this has something to do with the suspend_processing() and continue_processing() messing up the order of when the event for each packet is triggered.
Any idea? Any help is appreciated.
Best,
Wenyu
Wenyu Ren
Ph.D. Candidate
Department of Computer Science
University of Illinois at Urbana-Champaign
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list