Snort mailing list archives
Bug; ts_print() reporting negative years before 2000
From: David Turnbull <david () broodax net>
Date: Tue, 24 Jul 2012 09:55:33 +1000
I was running some tests on some old data (Darpa 98 training set) and noticed the fast alert reporting a timestamp of '06/05/-2-11:55:15.566704'. Setting the packet timestamp to something very low, you get down to '06/05/-30-11:55:15.566704'. diff --git a/src/util.c b/src/util.c index b4b39e0..f87d693 100644 --- a/src/util.c +++ b/src/util.c @@ -254,9 +254,17 @@ void ts_print(register const struct timeval *tvp, char *timebuf) if (ScOutputIncludeYear()) { + int year; + if (lt->tm_year < 70) + // 00 .. 69 + year = lt->tm_year - 100; + else + // 70 ... 99 + year = lt->tm_year; + (void) SnortSnprintf(timebuf, TIMEBUF_SIZE, "%02d/%02d/%02d-%02d:%02d:%02d.%06u ", - lt->tm_mon + 1, lt->tm_mday, lt->tm_year - 100, + lt->tm_mon + 1, lt->tm_mday, year, s / 3600, (s % 3600) / 60, s % 60, (u_int) tvp->tv_usec); } ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Bug; ts_print() reporting negative years before 2000 David Turnbull (Jul 28)