corsarotrace hangs when processing long pcaps #119
Description
When generating flowtuples from pcaps, corsarotrace does not finish when the pcap contains more than six days of traffic.
Commit: 9e899da
Steps to reproduce (using Podman, Docker should be similar):
- Generate two pcaps:
from scapy.all import *
from datetime import datetime, timedelta
start_date = datetime.now() - timedelta(days=6)
packets = []
for i in range(7):
packet_time = start_date + timedelta(days=i)
packet = Ether() / IP(src="192.168.1.1", dst="192.168.1.2") / UDP(sport=12345, dport=80) / Raw(load=f"Packet from day {i+1}")
packet.time = packet_time.timestamp()
packets.append(packet)
wrpcap("seven_days.pcap", packets)
wrpcap("six_days.pcap", packets[:6])- Run corsarotrace on a pcap of six days.
podman run -v './output:/flowtuple/output:rw' -v './six_days.pcap:/flowtuple/example.pcap:ro' offlineft pcapfile:/flowtuple/example.pcap trial runResult: finishes as expected.
- Run corsarotrace on a pcap of seven days.
podman run -v './output:/flowtuple/output:rw' -v './seven_days.pcap:/flowtuple/example.pcap:ro' offlineft pcapfile:/flowtuple/example.pcap trial runResult: does not finish.
The steps to reproduce do not seem completely reliable, i.e., sometimes it also hangs on six days. It seems that the shorter the pcap timespan, the larger the likelihood it succeeds. I have not yet gotten it to finish seven days.