diff options
author | Guy Harris <guy@alum.mit.edu> | 2014-10-16 03:01:28 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2014-10-16 10:01:57 +0000 |
commit | d347b7284f09a5145f07e1620984ae8b06ab3357 (patch) | |
tree | 877c0d5be0101e67735ef146946fb17a6a9064cf /wiretap/capsa.c | |
parent | c74cefbfc9986da18978d092be56d1e47f3da2b5 (diff) | |
download | wireshark-d347b7284f09a5145f07e1620984ae8b06ab3357.tar.gz |
Don't try to compute time stamps for files from Packet Builder.
I don't trust Packet Builder's ability to convert time stamps between
Capsa format and pcap.
Change-Id: I0ac2e14216e37127d81d5bf1c6d48a2c20841a8e
Reviewed-on: https://code.wireshark.org/review/4721
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap/capsa.c')
-rw-r--r-- | wiretap/capsa.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/wiretap/capsa.c b/wiretap/capsa.c index ee404f8ba6..227df2113a 100644 --- a/wiretap/capsa.c +++ b/wiretap/capsa.c @@ -318,7 +318,9 @@ capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, guint32 packet_size; guint32 orig_size; guint32 header_size; +#if 0 guint64 timestamp; +#endif /* Read record header. */ switch (capsa->format_indicator) { @@ -338,7 +340,6 @@ capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, */ timestamp -= G_GUINT64_CONSTANT(11644473600); #endif - phdr->presence_flags = WTAP_HAS_CAP_LEN; /* * OK, the rest of this is variable-length. @@ -360,17 +361,19 @@ capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, orig_size = GUINT16_FROM_LE(pbrec_hdr.orig_len); packet_size = GUINT16_FROM_LE(pbrec_hdr.incl_len); header_size = sizeof pbrec_hdr; +#if 0 timestamp = (((guint64)GUINT32_FROM_LE(pbrec_hdr.timestamphi))<<32) + GUINT32_FROM_LE(pbrec_hdr.timestamplo); /* - * XXX - this seems to work for one pcap capture - * converted to Capsa format by Packet Builder, - * but it's a random magic number, so it might - * not actually be the right value. + * XXX - from the results of some conversions between + * Capsa format and pcap by Colasoft Packet Builder, + * I do not trust its conversion of time stamps (at + * least one of Colasoft's sample files, when + * converted to pcap format, has, as its time stamps, + * time stamps on the day after the conversion was + * done, which seems like more than just coincidence). */ timestamp -= G_GUINT64_CONSTANT(485946753291483); - phdr->presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_TS; - phdr->ts.secs = (time_t)(timestamp / 1000000); - phdr->ts.nsecs = ((int)(timestamp % 1000000))*1000; +#endif break; default: @@ -426,6 +429,13 @@ capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, phdr->rec_type = REC_TYPE_PACKET; phdr->caplen = packet_size; phdr->len = orig_size; +#if 0 + phdr->presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_TS; + phdr->ts.secs = (time_t)(timestamp / 1000000); + phdr->ts.nsecs = ((int)(timestamp % 1000000))*1000; +#else + phdr->presence_flags = WTAP_HAS_CAP_LEN; +#endif /* * Read the packet data. |