Rick Jones wrote:
Are there any issues with having the header not be an 8 byte multiple in size? lots of stuff (iirc) wants four-byte, but I'm not sure about 8
And is there a compelling reason to supply both the microseconds and nanoseconds time stamps in the record header? Yes, libpcap would have to divide ts_nsec by 1000 for each packet in order to allow existing libpcap-based programs to read Navtel files, but whatever's writing out those files would have to divide ts_nsec by 1000 for each packet in order to put ts_usec into the header, and, if that's a significant amount of CPU time, you probably want to spend it when reading the capture file offline, not when capturing it.
So the Navtel header should perhaps be
struct pcaprec_navtel_hdr {
guint32 ts_sec; /* timestamp seconds */
guint32 ts_nsec; /* timestamp nanoseconds */
guint32 incl_len; /* number of octets of packet saved in
file */
guint32 orig_len; /* actual length of packet */
};
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
