tcpslice -r -d Always Returns Start + 10years

["Steve Bonds" <pow7yec02 () sneakemail com>]

When using "tcpslice -r -d <tcpdump file>" to dump the range of dates in a
file, it always seems to return the start of the file plus ten
years.  (Regardless of whether you use "-t", "-r", or "-R" along with
"-d".)

A look at the current CVS version of the code shows:

----- tcpslice.c:232 -----
        states = open_files(&argv[optind], numfiles);
        first_time = lowest_start_time(states, numfiles);

        if (start_time_string)
                start_time = parse_time(start_time_string, first_time);
        else
                start_time = first_time;

        if (stop_time_string)
                stop_time = parse_time(stop_time_string, start_time);

        else
                {
                stop_time = start_time;
                stop_time.tv_sec += 86400*3660; /* + 10
years; "forever" */
                stop_time.tv_usec = 0;
                }


        if (report_times) {
                for (; optind < argc; ++optind)
                        dump_times(&pcap, argv[optind]);
        }

        if (dump_flag) {
                printf( "start\t%s\nstop\t%s\n",
                        timestamp_to_string( &start_time ),
                        timestamp_to_string( &stop_time ) );
        }
-----

There doesn't appear to be any place in the code that actually grabs the
states->last_pkt_time initialized in the open_files() call before it's
printed there in the "if (dump_flag)" section.

Why isn't there a "stop_time" call similar to the "first_time = " call?

  -- Steve Bonds

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe