tcpdump mailing list archives

Re: Where are incoming packets timestamped at

From: Guy Harris <guy () alum mit edu>
Date: Thu, 18 Aug 2011 17:47:13 -0700


On Aug 18, 2011, at 2:04 PM, Fabrizio Giordano wrote:

Disabling net_timestamp() in net/core/dev.c was one of the first things I tried, among with disabling other 
"get_timestamp"-like functions. But apparently that's not where packes get timestamped.


It is, but it's not the *only* place where they get timestamped.

Nuno's suggestion turned out to be what I was looking for. Packets are actually timestamped in the function 
tpacket_rcv in net/packet/af_packet.c


No, the place where packets get timestamped *if they don't already have a time stamp* is there.

The code, at least in my 2.6.32.4 source, is:

                if (skb->tstamp.tv64)
                        tv = ktime_to_timeval(skb->tstamp);
                else
                        do_gettimeofday(&tv);
                h.h1->tp_sec = tv.tv_sec;
                h.h1->tp_usec = tv.tv_usec;

and

                if (skb->tstamp.tv64)
                        ts = ktime_to_timespec(skb->tstamp);
                else
                        getnstimeofday(&ts);
                h.h2->tp_sec = ts.tv_sec;
                h.h2->tp_nsec = ts.tv_nsec;

If the packet has already been given a time stamp, skb->tstamp.tv64 will be non-zero, and it'll call 
ktime_to_timeval(skb->tstamp) to convert that time stamp to a "struct timeval" or call ktime_to_timespec() to convert 
it to a "struct timespec" and use that for the time stamp.

If your goal is to avoid all time stamping of packets, it's *necessary* to eliminate that code, but it's not 
*sufficient* to eliminate that code.  If you're just trying to throw away the time stamp information that lower-level 
code has already added to the packet, it's sufficient to eliminate that code, but I don't see what the *point* of doing 
so is - it's not as if it's going to keep the system from spending time to read the system clock for every packet.

What is it you're trying to do here?-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Where are incoming packets timestamped at kernel level? Fabrizio Giordano (Aug 17)
- Re: Where are incoming packets timestamped at kernel level? Guy Harris (Aug 17)
- Re: Where are incoming packets timestamped at Nuno Martins (Aug 17)
  - Re: Where are incoming packets timestamped at Fabrizio Giordano (Aug 18)
    - Re: Where are incoming packets timestamped at Guy Harris (Aug 18)
    - Re: Where are incoming packets timestamped at Fabrizio Giordano (Aug 19)
    - Re: Where are incoming packets timestamped at Luca Deri (Aug 19)
    - Re: Where are incoming packets timestamped at Guy Harris (Aug 19)