[netsa-tools-discuss] Custom C code reads invalid sTime from newer silk files.

mworld mworld at twbc.net
Wed Dec 31 01:38:44 EST 2014 

Hi. Below is a very basic program which just opens and reads all the 
records in a silk file (made for testing this issue). This method has 
been working great, until recently. When I read newer silk files, 
rwrec->sTime does not appear to be milliseconds (it does not appear to 
be an endian issue). I am kinda of stumped since the binaries that come 
with silk work fine and read the date correctly and I'm using the same 
library as them.

Problem: rwrec->sTime is returning as this: 34388381982 instead of 
milliseconds. Other fields seem fine.

The same issue occurs using c++ and printing it out using an output stream.

New SiLK file where sTime reads incorrectly: (created with no ipv6 support)

   format(id)          FT_RWROUTED(0x10)
   version             16
   byte-order          littleEndian
   compression(id)     zlib(1)
   header-length       64
   record-length       32
   record-version      5
   silk-version        3.9.0
   count-records       2165
   file-size           30028
   packed-file-info    2014/12/31T01:00:00 0 0

Older SiLK file where sTime reads correctly: (created with ipv6 support)

   format(id)          FT_RWIPV6(0x0b)
   version             16
   byte-order          littleEndian
   compression(id)     zlib(1)
   header-length       68
   record-length       68
   record-version      1
   silk-version        2.5.0
   count-records       3442787
   file-size           46860014
   packed-file-info    2013/08/01T10:00:00 0 0

SiLK is compiled with the local time flag using the FreeBSD port: 
security/silktools (FreeBSD 9.3 64bit).

Any help would be appreciated.

Regards,
Otto.

make.sh
---------------------------------------
#!/bin/sh

sk_cc=`silk_config --compiler`
sk_cflags=`silk_config --cflags`
sk_libs=`silk_config --libsilk-libs`

$sk_cc $sk_cflags -o silk-decode-test silk-decode-test.c $sk_libs
---------------------------------------

silk-decode-test.c
---------------------------------------
#include <stdio.h>
#include <silk/silk.h>
#include <silk/skstream.h>
#include <silk/rwrec.h>
#include <silk/utils.h>

int main(int argc, char** argv)
{
     if (argc != 2) {
         printf("Usage %s silk-file\n", argv[0]);
         return 1;
     }

     rwRec rwrec;
     skstream_t *rwios = NULL;
     int rv = SKSTREAM_OK;

     rv = skStreamOpenSilkFlow(&rwios, argv[1], SK_IO_READ);

     if (rv != SKSTREAM_OK) {
         printf("Unable to open input file '%s'\n", argv[1]);
         skStreamPrintLastErr(rwios, rv, &skAppPrintErr);
     } else {
         printf("%14s%8s%8s\n", "sTime","pks","bytes");

         while ((rv = skStreamReadRecord(rwios, &rwrec)) == SKSTREAM_OK) {
             printf("%14llu", rwRecGetStartTime(&rwrec));
             printf("%8lu", rwRecGetPkts(&rwrec));
             printf("%8lu\n", rwRecGetBytes(&rwrec));
         }
     }

     skStreamDestroy(&rwios);

     return 0;
}

---------------------------------------

More information about the netsa-tools-discuss mailing list