Gianluca Varenni schrieb:
What doesn't work:
- timestamps are wrong. There are two problems here:
1. the IDB option for the timestamp precision is not decoded, and I
was generating timestamps with nanosecond precision.
2. timestamps are not in the libpcap fashion (seconds and
microseconds, or seconds and nanoseconds). It's a single 64bit
quantity that is split into high and low 32bits.
Well, I've implemented the first IDB options now in SVN *24133*,
if_tsaccur (only values 6 and 9 for now) and if_fcslen. So both
timestamps and FCS should work ok now.
FCS indeed looks ok, but the timestamps are still odd in icmp2.ntar.
According to
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html#sectionpb,
the timestamp isn't a 64bit quantity, but the usual pcap way of 32bit
seconds from 1/1/1970 and 32 bits fractional second.
Do I miss something here?
Regards, ULFL
P.S. AFAIK (I'm not a native english speaker), if_tsaccur is actually
the resolution and not the accuracy (as the name implies) nor the
precision (as the text of is_tsaccur implies). Should we change the name
of if_tsaccur to if_tsresol in the spec? Otherwise if we want to add a
accuracy / precision option later (which I think we'll going to need),
these names could get pretty confusing!
