Re: libpcap pcap_sendpacket support across platforms.

[Guy Harris <guy () alum mit edu>]

On Mar 23, 2004, at 4:53 PM, Stephen Donnelly wrote:

> Interesting thoughts. I agree a wall-time in the file-header may be 
> useful. Is it assumed that libpcap now always uses UTC for timezone?

Yes.

> I'm thinking there are 3 common formats used for timestamps today, the 
> timeval (unix sec,microsec) by libpcap, timespec (unix sec,nanosec) by 
> AIX libpcap(?), and the Endace 64-bit fixed-point format (unix 
> sec,fraction). All these formats use 64 bits total. I don't know about 
> WinPcap.

WinPcap uses UNIX-style time stamps.

> At present when producing libpcap format traces from Endace format, we 
> convert our timestamps to timeval format, which is both expensive and 
> loses considerable precision.
>
> Are we trying to converge on one time-stamp format for libpcap-ng, or 
> allowing the use of various formats, with some indication of which 
> format per file/interface, and the problems of merging traces?

I don't think I'd require one format - libpcap format already does some 
"receiver makes it right" stuff, i.e. the file is written out in the 
byte order of the machine writing it, and it's the job of the code 
reading it to byte-swap as necessary.

> Would libpcap offer time-stamp conversion routines for programs that 
> don't understand various ones, and allow them to select?

It might make sense to have a libpcap format that's UNIX seconds plus 
nanoseconds (or picoseconds, or more?) and to offer a routine that 
takes a time stamp pointer (perhaps a union pointer) and a time stamp 
type and returns a time stamp in the libpcap format.

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe