Re: tcpslice Output Incomplete

["Steve Bonds" <pow7yec02 () sneakemail com>]

On Thu, 27 Feb 2003, Steve Bonds wrote:

> The command I use to generate the problem:
>
> tcpslice -w /tmp/tcpslice.out 0 +60m /tmp/tcp.first8pkts.tcpdump
>
> This produces a 24 byte output file "/tmp/tcpslice.out".

I've tracked this problem to my choice of "0" at the start which leads to
an underflow error inside gwttm2secs.c.  Replacing it with "+0" works much
better.

I'd like to protect future users from themselves (heck, it'll probably be
me) so I'd like to find a way to warn or abort instead of the
underflow.  What do you all think of one of the following options:

1) exit the program if the requested start time is within 12 hours of time
"0".
2) exit the program if the requested start time is within the TZ GMT
offset of time "0".  (the TZ causes the underflow)
3) assume that all absolute time values under some threshold are really
relative values and print a warning
4) have gwtm2secs use larger signed data types for intermediate work that
can handle the underflow.
5) have gwtm2secs check its output to be sure they're valid times and
abort or return "-1" if they're not.  Change calling locations to check
for proper return.
6) some better option that I didn't think of.  ;-)

Which do you think is the best approach?

  -- Steve

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe