I'm running linux-2.2.10, redhat-5.2 on an alpha. With the 2.2-series
kernel on alpha, the seconds and microseconds are stored as 64-bit
integers instead of 32-bit integers. This is a nasty little problem I ran
into with the stock tcpdump/libpcap in the stock redhat-5.2/alpha (glibc
2.0). The headers that come with redhat define a timestamp as two 32-bit
ints, and this causes all sorts of nastyness. I got it to work by
building libpcap/tcpdump after changing the struct timeval in timebits.h
to look like the one in the kernel. I beleive RedHat have made this same
change as of 6.0 (glibc 2.1).
Anyway, I've run into basically the same problem with ethereal. struct
pcaprec_hdr has 32-bit ints for its secs and usecs hardcoded into it, and
this breaks very badly. I got it to work by changing these to 64-bit
ints.
struct pcaprec_hdr maybe should be changed to use a struct timeval
as defined in timebits.h, like libpcap does. There's a big problem with
this, though -- traces on 64-bit machines won't be viewable on 32-bit
machines and vica versa. This seems like a problem with libpcap. Perhaps
is should be changed so that secs and usecs are always written as 32-bit
values?
<sigh> Life is so much simpler with i386...
Anybody else dealt with this problem already and know more about it than
I do? I just subscribed to this list about 30 minutes ago...
-John
