> what about teduing bpf_timeval from net/bpf.h Sounds like you don't read commit logs.
bpf_timeval exists so that pcap files can be portable between machines, and hopefully between systems too. Unfortunately the upstream tcpdump people did not adopt it because they have no vision for doing things right.
