Re: proposal: rename DLT_PRISM_HEADER

[Guy Harris <guy () netapp com>]

On Mon, Dec 16, 2002 at 04:40:36PM -0500, Solomon Peachy wrote:
> > Also, why is the hosttime here in the first place?  How does that differ
> > from the regular frame time stamp that *all* frames passing through BPF
> > or the Linux networking stack get?
>
> Ah, Linux provides this, but do other systems?

It's provided by some piece of kernel code on all platforms currently
supported by libpcap, with the exception of DLPI systems other than
Solaris (on Solaris, bufmod time-stamps the packets).

At least in systems using BSD-derived BPF (which should include
{Free,Net,Open}BSD, BSD/OS, and the fruit-flavored BSD from Cupertino),
the time stamp is applied at the time the packet is handed to
"bpf_tap()" or "bpf_mtap()", which means it's at least reasonably close
to the time the driver first sees the packet (probably about as close as
in Linux, if not closer).

It's not quite as good in Solaris, as the packets aren't stamped until
they make it up the stream to bufmod, but, then, I don't know whether
anybody has an 802.11 driver for Solaris (either SPARC or x86).

In any case, there's no difference that I know of between 802.11 and any
other networking type, e.g. Boring Old Ethernet, in this regard.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe