Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: N in 1 packets

From: Akos Vandra <axos88 () gmail com>
Date: Sun, 11 Dec 2011 23:21:51 +0100
There is a timestamp, only it is not handled now :). The timestamps
are "sub-messages" themselves, that precede the information-messages.
Something like this:

2000 us have passed.
Interrupt 3 entered
1500 us have passed
Interrupt 3 exited
Interrupt handling done
1000000 us have passed  <--- this is to avoid overflow in the hardware timer
1000000 us have passed
1000000 us have passed
Variable at watched by comparator 3 has been written to new value 0xDEADBEEF

So it is not a true timestamp, sometimes there are multiple packets
with the same timestamp, but still, it's not a problem.

I thought I will decode these timestamp messages, and use them to
construct the pcap_pkthdr structure's ts field, as the arrival time
cannot be manipulated later from within a dissector

What do you mean I have to provide a description of the messages? They
just contain the message source ID (there are multiple trace sources
within the trace peripheral for hardware messages, software
(printf-like) messages, and instruction tracing), and the message raw
data, nothing special.

Regards,
  Ákos Vandra



On 11 December 2011 23:07, Guy Harris <guy () alum mit edu> wrote:


On Dec 11, 2011, at 4:51 AM, Akos Vandra wrote:


The missing wireshark error is:

Invalid capture filter "" for interface trace1!
That string isn't a valid capture filter (unknown data link type 292).
See the User's guide for a description of the capture filter syntax.


When a new link-layer header type for capturing is added, libpcap's filter-compiling code needs to have support for 
it added, even if it's trivial support.  See the "Currently, only raw "link[N:M]" filtering is supported." instances 
in gencode.c


And here you can find my not-so-pretty code, it has to be cleaned up a
lot, right now I am in the phase "hmm... let's see if that will
work..." :)
http://pastebin.com/fVnrEfpr


From that, it looks as if there are no time stamps in the data stream itself; the code is getting time stamps from 
gettimeofday().

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: