[Bro] Use of suspend_processing and continue_processing messes up network_time
Johanna Amann
johanna at icir.org
Thu Oct 19 15:38:38 PDT 2017
This sounds like a bug - if this is easily reproducable, could you create
a ticket on the tracker containing the steps on how to reproduce this?
Thanks :)
Johanna
On Thu, Oct 19, 2017 at 10:09:00PM +0000, Ren, Wenyu wrote:
> To be more specific, I found sometimes (sometimes not) the network_time() will return the current wall time instead of the packet time if suspend_processing and continue_processing are used.
>
>
> Wenyu Ren
> Ph.D. Candidate
> Department of Computer Science
> University of Illinois at Urbana-Champaign
>
> ________________________________________
> From: bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Ren, Wenyu [wren3 at illinois.edu]
> Sent: Thursday, October 19, 2017 5:01 PM
> To: bro at bro.org
> Subject: [Bro] Use of suspend_processing and continue_processing messes up network_time
>
> Dear all,
>
> Have anyone using suspend_processing() and continue_processing() have problem with the network_time() function? I found that when those two functions are used, sometimes network_time() called for each packet all return the same time. Since network_time() returns the network time of the last packet processed, I guess this has something to do with the suspend_processing() and continue_processing() messing up the order of when the event for each packet is triggered.
>
> Any idea? Any help is appreciated.
>
> Best,
> Wenyu
>
> Wenyu Ren
> Ph.D. Candidate
> Department of Computer Science
> University of Illinois at Urbana-Champaign
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list