Ethereal-dev: Re: [Ethereal-dev] NetXray / Sniffer Time Codes

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Chris Jepeway <thai-dragon@xxxxxxxxxxxx>
Date: Mon, 12 Feb 2001 15:03:55 -0500
> Can you feed a 1.1-format file, as written by Ethereal, to a Sniffer at
> your client's site, and see whether it interprets time stamps the same
> way that Ethereal does, or if it's off by a factor of, well, .838096 or
> 1.1193180, depending on how you look at it?
For reasons I'll just gloss over, this will be somewhat
problematic.  I'll see what I can arrange, but it may
take until next month.

> I tend not to use them, as
> 
> 	1) I'm not sure which C compilers support them
> 
> and
> 
> 	2) GDB, in my experience, doesn't handle them well.
OK, I've dropped them from the enclosed patch.

At some point, I'm going to take a whack at changing
the auto* system so it'll be possible to pass in flags
to the compiler without wrecking the include paths
it gets from the -I flags.  So, eg, something like

	make CFLAGS=-finline-functions

would work.  This, instead of

	make CC='gcc -finline-functions'

> >     Any problem with fleshing out the 64-bit support in
> >     wtap-int.h by adding pletohll() and htolell() macros?
> 
> No, as long as we cope with platforms where G_HAVE_GINT64 is *not*
> defined - i.e., we should be able to compile even if you don't have
> 64-bit integer data types in the C compiler.
> 
> This may either require falling back on floating point or taking the
> support routines from, say, libgcc (and supplying any missing ones -
> GCC2 can generate inline code for a lot of 64-bit integer operations).
I took the "fall back on floating point" approach in wiretap/netxray.c,
but took the "don't define anything" approach in wiretap/wtap-in.h.
Much of the code for the latter is lifted from epan/pint.h.

> > Me
> Guy Harris
Chris.

Uni-diff follows...


Index: wiretap/netxray.c
===================================================================
RCS file: /cvsroot/ethereal/wiretap/netxray.c,v
retrieving revision 1.34
diff -u -r1.34 netxray.c
--- netxray.c	2000/11/19 03:47:35	1.34
+++ netxray.c	2001/02/12 19:35:42
@@ -40,6 +40,15 @@
 	'X', 'C', 'P', '\0'
 };
 
+#ifdef G_HAVE_GINT64
+typedef guint64 netxray_ticks;
+#else
+typedef struct {
+	guint32	lo;	/* lower 32 bits of time stamp */
+	guint32	hi;	/* upper 32 bits of time stamp */
+} netxray_ticks;
+#endif
+
 /* NetXRay file header (minus magic number). */
 struct netxray_hdr {
 	char	version[8];	/* version number */
@@ -51,8 +60,7 @@
 	guint32 xxy[3];		/* unknown */
 	guint16	network;	/* datalink type */
 	guint8	xxz[6];
-	guint32	timelo;		/* lower 32 bits of time stamp of capture start */
-	guint32	timehi;		/* upper 32 bits of time stamp of capture start */
+	netxray_ticks t;
 	/*
 	 * XXX - other stuff.
 	 */
@@ -77,8 +85,7 @@
 
 /* NetXRay 1.x data record format - followed by frame data. */
 struct netxrayrec_1_x_hdr {
-	guint32	timelo;		/* lower 32 bits of time stamp */
-	guint32	timehi;		/* upper 32 bits of time stamp */
+	netxray_ticks t;
 	guint16	orig_len;	/* packet length */
 	guint16	incl_len;	/* capture length */
 	guint32	xxx[4];		/* unknown */
@@ -86,8 +93,7 @@
 
 /* NetXRay 2.x data record format - followed by frame data. */
 struct netxrayrec_2_x_hdr {
-	guint32	timelo;		/* lower 32 bits of time stamp */
-	guint32	timehi;		/* upper 32 bits of time stamp */
+	netxray_ticks t;
 	guint16	orig_len;	/* packet length */
 	guint16	incl_len;	/* capture length */
 	guint32	xxx[7];		/* unknown */
@@ -99,6 +105,26 @@
 	const union wtap_pseudo_header *pseudo_header, const u_char *pd, int *err);
 static gboolean netxray_dump_close_1_1(wtap_dumper *wdh, int *err);
 
+static double netxray_ticks2double(netxray_ticks *t)
+{
+#	ifdef G_HAVE_GINT64
+	return pletohll(t);
+#	else
+	return pletohl(&t->lo) +
+	       pletohl(&t->hi) * 4294967296.0;
+#	endif	
+}
+
+static void double2netxray_ticks(netxray_ticks *t, double d)
+{
+#	ifdef G_HAVE_GINT64
+	*t = htolell(d);
+#	else
+	t->lo = htolel((guint32) (d % 4294967296.0));
+	t->hi = htolel((guint32) (d / 4294967296.0));
+#	endif	
+}
+
 int netxray_open(wtap *wth, int *err)
 {
 	int bytes_read;
@@ -169,7 +195,7 @@
 		file_type = WTAP_FILE_NETXRAY_1_1;
 	} else if (memcmp(hdr.version, vers_2_001, sizeof vers_2_001) == 0
 	    || memcmp(hdr.version, vers_2_002, sizeof vers_2_002) == 0) {
-		timeunit = 1000000.0;
+		timeunit =  1193180.0;
 		version_major = 2;
 		file_type = WTAP_FILE_NETXRAY_2_00x;
 	} else {
@@ -197,9 +223,8 @@
 	wth->snapshot_length = 16384;	/* XXX - not available in header */
 	wth->capture.netxray->start_time = pletohl(&hdr.start_time);
 	wth->capture.netxray->timeunit = timeunit;
-	t = (double)pletohl(&hdr.timelo)
-	    + (double)pletohl(&hdr.timehi)*4294967296.0;
-	t = t/timeunit;
+	t =  netxray_ticks2double(&hdr.t);
+	t /= timeunit;
 	wth->capture.netxray->start_timestamp = t;
 	wth->capture.netxray->version_major = version_major;
 	/*wth->frame_number = 0;*/
@@ -288,13 +313,11 @@
 	}
 	wth->data_offset += packet_size;
 
-	t = (double)pletohl(&hdr.hdr_1_x.timelo)
-	    + (double)pletohl(&hdr.hdr_1_x.timehi)*4294967296.0;
+	t =  netxray_ticks2double(&hdr.hdr_1_x.t);
 	t /= wth->capture.netxray->timeunit;
 	t -= wth->capture.netxray->start_timestamp;
 	wth->phdr.ts.tv_sec = wth->capture.netxray->start_time + (long)t;
-	wth->phdr.ts.tv_usec = (unsigned long)((t-(double)(unsigned long)(t))
-		*1.0e6);
+	wth->phdr.ts.tv_usec = (t - (unsigned long)(t)) * 1.0e6;
 	wth->phdr.caplen = packet_size;
 	wth->phdr.len = pletohs(&hdr.hdr_1_x.orig_len);
 	wth->phdr.pkt_encap = wth->file_encap;
@@ -390,10 +413,9 @@
 
     /* build the header for each packet */
     memset(&rec_hdr, '\0', sizeof(rec_hdr));
-    timestamp = (phdr->ts.tv_sec - netxray->start.tv_sec)*1000000 +
-        phdr->ts.tv_usec;
-    rec_hdr.timelo = htolel(timestamp);
-    rec_hdr.timehi = htolel(0);
+    timestamp = (phdr->ts.tv_sec - netxray->start.tv_sec)*1000000.0 +
+	phdr->ts.tv_usec;
+    double2netxray_ticks(&rec_hdr.t, timestamp);
     rec_hdr.orig_len = htoles(phdr->len);
     rec_hdr.incl_len = htoles(phdr->caplen);
 	
@@ -454,8 +476,7 @@
     file_hdr.start_offset = htolel(CAPTUREFILE_HEADER_SIZE);
     file_hdr.end_offset = htolel(filelen);
     file_hdr.network = htoles(wtap_encap[wdh->encap]);
-    file_hdr.timelo = htolel(0);
-    file_hdr.timehi = htolel(0);
+    double2netxray_ticks(&file_hdr.t, 0);
 
     memset(hdr_buf, '\0', sizeof hdr_buf);
     memcpy(hdr_buf, &file_hdr, sizeof(file_hdr));
Index: wiretap/wtap-int.h
===================================================================
RCS file: /cvsroot/ethereal/wiretap/wtap-int.h,v
retrieving revision 1.10
diff -u -r1.10 wtap-int.h
--- wtap-int.h	2000/11/12 08:45:28	1.10
+++ wtap-int.h	2001/02/12 19:35:42
@@ -219,6 +219,11 @@
                    (guint32)((l) & 0x0000FF00)<<8|  \
                    (guint32)((l) & 0x00FF0000)>>8|   \
                    (guint32)((l) & 0xFF000000)>>24)
+
+#ifdef G_HAVE_GINT64
+#define htolell(ll) GUINT64_TO_LE(ll)
+#endif
+
 #else
 #define htoles(s)	(s)
 #define htolel(l)	(l)
@@ -227,47 +232,91 @@
 /* Pointer versions of ntohs and ntohl.  Given a pointer to a member of a
  * byte array, returns the value of the two or four bytes at the pointer.
  * The pletoh[sl] versions return the little-endian representation.
+ *
+ * If G_HAVE_GINT64 is defined, so we can use "gint64" and "guint64" to
+ * refer to 64-bit integral quantities, we also provide pntohll and
+ * phtolell, which extract 64-bit integral quantities.
  */
 
 #ifndef pntohs
 #define pntohs(p)  ((guint16)                       \
-                    ((guint16)*((guint8 *)p+0)<<8|  \
-                     (guint16)*((guint8 *)p+1)<<0))
+                    ((guint16)*((guint8 *)(p)+0)<<8|  \
+                     (guint16)*((guint8 *)(p)+1)<<0))
 #endif
 
+#ifndef pntoh24
+#define pntoh24(p)  ((guint32)*((guint8 *)(p)+0)<<16| \
+                     (guint32)*((guint8 *)(p)+1)<<8|  \
+                     (guint32)*((guint8 *)(p)+2)<<0)
+#endif
+
 #ifndef pntohl
-#define pntohl(p)  ((guint32)*((guint8 *)p+0)<<24|  \
-                    (guint32)*((guint8 *)p+1)<<16|  \
-                    (guint32)*((guint8 *)p+2)<<8|   \
-                    (guint32)*((guint8 *)p+3)<<0)
+#define pntohl(p)  ((guint32)*((guint8 *)(p)+0)<<24|  \
+                    (guint32)*((guint8 *)(p)+1)<<16|  \
+                    (guint32)*((guint8 *)(p)+2)<<8|   \
+                    (guint32)*((guint8 *)(p)+3)<<0)
+#endif
+
+#ifdef G_HAVE_GINT64
+#ifndef pntohll
+#define pntohll(p)  ((guint64)*((guint8 *)(p)+0)<<56|  \
+                     (guint64)*((guint8 *)(p)+1)<<48|  \
+                     (guint64)*((guint8 *)(p)+2)<<40|  \
+                     (guint64)*((guint8 *)(p)+3)<<32|  \
+                     (guint64)*((guint8 *)(p)+4)<<24|  \
+                     (guint64)*((guint8 *)(p)+5)<<16|  \
+                     (guint64)*((guint8 *)(p)+6)<<8|   \
+                     (guint64)*((guint8 *)(p)+7)<<0)
+#endif
 #endif
 
+
 #ifndef phtons
 #define phtons(p)  ((guint16)                       \
-                    ((guint16)*((guint8 *)p+0)<<8|  \
-                     (guint16)*((guint8 *)p+1)<<0))
+                    ((guint16)*((guint8 *)(p)+0)<<8|  \
+                     (guint16)*((guint8 *)(p)+1)<<0))
 #endif
 
 #ifndef phtonl
-#define phtonl(p)  ((guint32)*((guint8 *)p+0)<<24|  \
-                    (guint32)*((guint8 *)p+1)<<16|  \
-                    (guint32)*((guint8 *)p+2)<<8|   \
-                    (guint32)*((guint8 *)p+3)<<0)
+#define phtonl(p)  ((guint32)*((guint8 *)(p)+0)<<24|  \
+                    (guint32)*((guint8 *)(p)+1)<<16|  \
+                    (guint32)*((guint8 *)(p)+2)<<8|   \
+                    (guint32)*((guint8 *)(p)+3)<<0)
 #endif
 
 #ifndef pletohs
 #define pletohs(p) ((guint16)                       \
-                    ((guint16)*((guint8 *)p+1)<<8|  \
-                     (guint16)*((guint8 *)p+0)<<0))
+                    ((guint16)*((guint8 *)(p)+1)<<8|  \
+                     (guint16)*((guint8 *)(p)+0)<<0))
 #endif
 
+#ifndef pletoh24
+#define pletoh24(p) ((guint32)*((guint8 *)(p)+2)<<16|  \
+                     (guint32)*((guint8 *)(p)+1)<<8|  \
+                     (guint32)*((guint8 *)(p)+0)<<0)
+#endif
+
+
 #ifndef pletohl
-#define pletohl(p) ((guint32)*((guint8 *)p+3)<<24|  \
-                    (guint32)*((guint8 *)p+2)<<16|  \
-                    (guint32)*((guint8 *)p+1)<<8|   \
-                    (guint32)*((guint8 *)p+0)<<0)
+#define pletohl(p) ((guint32)*((guint8 *)(p)+3)<<24|  \
+                    (guint32)*((guint8 *)(p)+2)<<16|  \
+                    (guint32)*((guint8 *)(p)+1)<<8|   \
+                    (guint32)*((guint8 *)(p)+0)<<0)
 #endif
 
+
+#ifdef G_HAVE_GINT64
+#ifndef pletohll
+#define pletohll(p) ((guint64)*((guint8 *)(p)+7)<<56|  \
+                     (guint64)*((guint8 *)(p)+6)<<48|  \
+                     (guint64)*((guint8 *)(p)+5)<<40|  \
+                     (guint64)*((guint8 *)(p)+4)<<32|  \
+                     (guint64)*((guint8 *)(p)+3)<<24|  \
+                     (guint64)*((guint8 *)(p)+2)<<16|  \
+                     (guint64)*((guint8 *)(p)+1)<<8|   \
+                     (guint64)*((guint8 *)(p)+0)<<0)
+#endif
+#endif
 
 #define wtap_file_read_unknown_bytes(target, num_bytes, fh, err) \
 	G_STMT_START \