Hi.
Has anyone looked into timestamping the captured packets using
clock_gettime(CLOCK_MONOTONIC, ...)?
I'm thinking adding a struct timespec to struct pcap_pkthdr and filling
that in addition to the struct timeval.
For a request-reply situation a monotonic clock is much more reliable
On May 3, 2010, at 11:29 PM, Thomas Habets wrote:
Has anyone looked into timestamping the captured packets using
clock_gettime(CLOCK_MONOTONIC, ...)?
I'm thinking adding a struct timespec to struct pcap_pkthdr
pcap_pkthdr is in a file. You cannot add *ANYTHING* to it without breaking
On Tue, 4 May 2010, Guy Harris wrote:
BTW, note that if you call clock_gettime(), there is *NO* guarantee
that the time it returns has anything to do with the time the packe
arrived; it tells you the time when it's called, not the time when the
packet arrived.
Exactly. That's why I asked if
@lists.tcpdump.org
Subject: Re: [tcpdump-workers] Monotonic clock timestamp on packets
On Tue, 4 May 2010, Guy Harris wrote:
BTW, note that if you call clock_gettime(), there is *NO* guarantee
that the time it returns has anything to do with the time the packe
arrived; it tells you the time when
On Tue, 4 May 2010, Prasanna Kumar Nelam wrote:
If u want to that time the pkthdr u have the timestructure have the time in
seconds and microseconds.
In wall clock time, yes. The problem is that this breaks when the time is
changed, using NTP or by some other means. You can even end up with a
