Gianluca Varenni schrieb: > FYI today I tried opening a pcap-ng file with wireshark rev 24118, and > it sort of worked. > > What works: > - the first file I opened was a 50+MB file generated with NTAR. Real > ethernet packets coming from a custom board. Wireshark opened the > trace without any problem, and the decoded packets made perfectly > sense. YAY! Nice! > > What doesn't work: > - timestamps are wrong. There are two problems here: > 1. the IDB option for the timestamp precision is not decoded, and I > was generating timestamps with nanosecond precision. No wonder, the corresponding line in the code says: /* XXX - convert timestamps into nsecs */ ;-) > 2. timestamps are not in the libpcap fashion (seconds and > microseconds, or seconds and nanoseconds). It's a single 64bit > quantity that is split into high and low 32bits. > The timestamps currently won't work, but shouldn't be too hard to fix.
I'll have a look ... Regards, ULFL P.S: The FCS is also not decoded, Wireshark will internally always handle pcapng as: "don't know if FCS is there" _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
