Normalize the timestamps that are too far in the past to epoch.
Bug: #6240.
PACKET_PROFILING_TMM_START(p, TMM_RECEIVEPCAPFILE);
PKT_SET_SRC(p, PKT_SRC_WIRE);
- p->ts = SCTIME_FROM_TIMEVAL(&h->ts);
+ p->ts = SCTIME_FROM_TIMEVAL_UNTRUSTED(&h->ts);
SCLogDebug("p->ts.tv_sec %" PRIuMAX "", (uintmax_t)SCTIME_SECS(p->ts));
p->datalink = ptv->datalink;
p->pcap_cnt = ++pcap_g.cnt;
{ \
.secs = (tv)->tv_sec, .usecs = (tv)->tv_usec \
}
+/** \brief variant to deal with potentially bad timestamps, like from pcap files */
+#define SCTIME_FROM_TIMEVAL_UNTRUSTED(tv) \
+ (SCTime_t) \
+ { \
+ .secs = ((tv)->tv_sec > 0) ? (tv)->tv_sec : 0, \
+ .usecs = ((tv)->tv_usec > 0) ? (tv)->tv_usec : 0 \
+ }
#define SCTIME_FROM_TIMESPEC(ts) \
(SCTime_t) \
{ \
projects / thirdparty / suricata.git / commitdiff
