Re: Custom formatter for 64bit field

[Guy Harris <guy () alum mit edu>]

On Mar 11, 2010, at 2:24 PM, David Arnold wrote:

> I'm writing a dissector for a protocol that uses a 64-bit time field
> which is not in the format required for FT_ABSOLUTE_TIME.

What do you mean by "the format required for FT_ABSOLUTE_TIME"?  An FT_ABSOLUTE_TIME field doesn't have to be in the 
form of seconds/nanoseconds in the packet (there's no support for FT_ABSOLUTE_TIME in proto_tree_add_item()), it just 
has to be possible to convert the value, in whatever form it is in the packet, into a 
seconds-since-January-1-1970-midnight-UTC value and a nanoseconds-since-that-second value; is it possible to convert 
the time field into such a value?

(If it's an FT_ABSOLUTE_TIME field, it must represent a particular date and time, and thus the only reason why it 
couldn't be converted would be that:

        1) it's local time, not UTC - but we handle fields of that sort by assuming, for better or worse, that they're 
local time in the current time zone;

        2) it represents a time outside the range representable by seconds-since-January-1-1970-midnight-UTC with a 
32-bit time_t;

        3) it needs resolution better than 1 nanosecond.)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe