tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Where are incoming packets timestamped at

From: Fabrizio Giordano <Fabrizio.Giordano () riverbed com>
Date: Thu, 18 Aug 2011 21:04:53 +0000
Disabling net_timestamp() in net/core/dev.c was one of the first things I tried, among with disabling other 
"get_timestamp"-like functions. But apparently that's not where packes get timestamped.



Nuno's suggestion turned out to be what I was looking for. Packets are actually timestamped in the function tpacket_rcv 
in net/packet/af_packet.c



Thank you all.





On Aug 17, 2011, at 2:57 PM, Fabrizio Giordano wrote:




Do you guys know where packets are timestamped in the kernel?



I'm using a 2.6.32-131.4.1.el6.x86_64 kernel




I.e., Linux, of somewhat recent vintage.



The time stamp would be in the skb->tstamp field for the packet in question.  If the adapter doesn't do hardware 
timestamps, the time stamp would be set in a call to the __net_timestamp() inline function from the skbuff.h header 
file, at least according to my 2.6.32.4 kernel tree.  That's called by net_timestamp() in net/core/dev.c, which is 
called from netif_rx() or netif_receive_skb().  Those appear to be called from the network adapter driver; they're 
called to hand incoming packets to the networking stack.  In, for example, the ixgb driver, it's called from 
ixgb_clean_rx_irq().



Executive summary: packets are, in general, timestamped when they're first handed to the networking stack.- This is the 
tcpdump-workers list.

Visit https://cod.sandelman.ca/ to unsubscribe.


From: Nuno Martins [mailto:nuno.m.g.martins () gmail com]
Sent: Wednesday, August 17, 2011 3:23 PM
To: tcpdump-workers () lists tcpdump org
Cc: Fabrizio Giordano
Subject: Re: [tcpdump-workers] Where are incoming packets timestamped at kernel level?


On Wed, Aug 17, 2011 at 10:57 PM, Fabrizio Giordano <Fabrizio.Giordano () riverbed com<mailto:Fabrizio.Giordano () 
riverbed com>> wrote:
Do you guys know where packets are timestamped in the kernel?
I'm using a 2.6.32-131.4.1.el6.x86_64 kernel and I need to find this information.
Thank you very much.

Hey,

I'm not really sure but i think it is in the tpacket_rcv function in af_packet.c [1] that lives in net/packet in the 
linux source code.

If you go near line 770 in that file you will see that is going to happen some timestamping.


[1] http://lxr.linux.no/linux+v3.0.3/net/packet/af_packet.c#L669


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


--
Nuno Martins
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: