tcpdump mailing list archives
Re: libpcap pcap_sendpacket support across platforms.
From: Stephen Donnelly <stephen () endace com>
Date: Wed, 24 Mar 2004 12:53:33 +1200
Guy Harris wrote:
On Mar 23, 2004, at 1:36 PM, Stephen Donnelly wrote:Might be nice to support different time-stamp formats officially somehow, e.g. AIX's nanosecond resolution timespec.Do we need arbitrary formats, or just seconds plus fractions of seconds?We could either make the time stamp format per-interface or per-file; doing the latter means that merging captures (as opposed to concatenating captures, as the "file header" record would specify the time stamp format of all subsequent packets until the next "file header" record) would require that we choose the highest-resolution format and convert time stamps in other formats to that format.We might also want the "file header" record to contain a capture start time (some other capture formats do) and perhaps that time represented as YYYY/MM/DD/HH/MM/SS.SSSS... - or perhaps the time zone name in, say, "Arthur Olson" format, in case somebody wants to know what time a packet arrived in local time on the machine on which the capture was done.
Interesting thoughts. I agree a wall-time in the file-header may be useful. Is it assumed that libpcap now always uses UTC for timezone?
I'm thinking there are 3 common formats used for timestamps today, the timeval (unix sec,microsec) by libpcap, timespec (unix sec,nanosec) by AIX libpcap(?), and the Endace 64-bit fixed-point format (unix sec,fraction). All these formats use 64 bits total. I don't know about WinPcap.
At present when producing libpcap format traces from Endace format, we convert our timestamps to timeval format, which is both expensive and loses considerable precision.
Are we trying to converge on one time-stamp format for libpcap-ng, or allowing the use of various formats, with some indication of which format per file/interface, and the problems of merging traces? Would libpcap offer time-stamp conversion routines for programs that don't understand various ones, and allow them to select?
Stephen.
--
-----------------------------------------------------------------------
Stephen Donnelly BCMS PhD email: sfd () endace com
Endace Technology Ltd phone: +64 7 839 0540
Hamilton, New Zealand cell: +64 21 1104378
-----------------------------------------------------------------------
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Re: libpcap pcap_sendpacket support across platforms., (continued)
- Re: libpcap pcap_sendpacket support across platforms. Jefferson Ogata (Mar 23)
- Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)
- Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)
- Message not available
- Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)
- Re: libpcap pcap_sendpacket support across platforms. Michael Richardson (Mar 23)
- Re: libpcap pcap_sendpacket support across platforms. Richard Sharpe (Mar 23)
- Re: libpcap pcap_sendpacket support across platforms. Michael Richardson (Mar 23)
- Message not available
- Message not available
- Message not available
- Re: libpcap pcap_sendpacket support across platforms. Ste Jones (Mar 26)
- Re: libpcap pcap_sendpacket support across platforms. Stephen Donnelly (Mar 23)
- Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)
- Re: libpcap pcap_sendpacket support across platforms. Stephen Donnelly (Mar 23)
- Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)
- Re: libpcap pcap_sendpacket support across platforms. Stephen Donnelly (Mar 23)
- Re: libpcap pcap_sendpacket support across platforms. Michael Richardson (Mar 24)
- Message not available
- Re: libpcap pcap_sendpacket support across platforms. Guy Harris (Mar 23)