diff options
| author | Sake Blok <sake@euronet.nl> | 2011-07-15 08:57:59 +0000 |
|---|---|---|
| committer | Sake Blok <sake@euronet.nl> | 2011-07-15 08:57:59 +0000 |
| commit | 950646b7513d6421200f62d5a0ae34a08dd63904 (patch) | |
| tree | 2ae0412d76a102b5b67d8e2254789a93051c3e0d /epan/dissectors/packet-icmp.c | |
| parent | 78d98168554ba22a97d49c4394329469123a48fd (diff) | |
| download | wireshark-950646b7513d6421200f62d5a0ae34a08dd63904.tar.gz | |
* If first 8 bytes in icmp data do not look like a timestamp in BE, try LE representation.
* Change field title to not confuse people when the clocks of the pinging system and the capturing system are not in sync.
svn path=/trunk/; revision=38041
Diffstat (limited to 'epan/dissectors/packet-icmp.c')
| -rw-r--r-- | epan/dissectors/packet-icmp.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/epan/dissectors/packet-icmp.c b/epan/dissectors/packet-icmp.c index ca84540acc..d18b288f7b 100644 --- a/epan/dissectors/packet-icmp.c +++ b/epan/dissectors/packet-icmp.c @@ -1047,11 +1047,16 @@ dissect_icmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) * But only if it does look like it's a timestamp. * * FIXME: - * 1) Timestamps might be in either big or little endian format - * 2) Timestamps could be in different formats depending on the OS + * Timestamps could be in different formats depending on the OS */ ts.secs = tvb_get_ntohl(tvb,8); ts.nsecs = tvb_get_ntohl(tvb,8+4); /* Leave at microsec resolution for now */ + if (abs((guint32)(ts.secs - pinfo->fd->abs_ts.secs))>=3600*24 || + ts.nsecs >= 1000000) { + /* Timestamp does not look right in BE, try LE representation */ + ts.secs = tvb_get_letohl(tvb,8); + ts.nsecs = tvb_get_letohl(tvb,8+4); /* Leave at microsec resolution for now */ + } if (abs((guint32)(ts.secs - pinfo->fd->abs_ts.secs))<3600*24 && ts.nsecs < 1000000) { ts.nsecs *= 1000; /* Convert to nanosec resolution */ @@ -1289,8 +1294,8 @@ proto_register_icmp(void) "The timestamp in the first 8 btyes of the icmp data", HFILL }}, { &hf_icmp_data_time_relative, - { "Time since icmp packet was created", "icmp.data_time_relative", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, - " The timestamp of the packet, relative to the timestamp in the first 8 btyes of the icmp data", HFILL }} + { "Timestamp from icmp data (relative)", "icmp.data_time_relative", FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0, + "The timestamp of the packet, relative to the timestamp in the first 8 btyes of the icmp data", HFILL }} }; static gint *ett[] = { |