diff options
| author | Guy Harris <guy@alum.mit.edu> | 2012-02-25 23:24:34 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2012-02-25 23:24:34 +0000 |
| commit | b6ff142f60309faceb422e3d3689c7406aca9361 (patch) | |
| tree | fc06d6f47b4bc726709812f14f7576d1945af5c0 /wiretap/snoop.c | |
| parent | e994e7841299a7eb15783ef24f0b1de46218a1b1 (diff) | |
Add a presence flag field to the packet information structure filled in
by Wiretap, to indicate whether certain fields in that structure
actually have data in them.
Use the "time stamp present" flag to omit showing time stamp information
for packets (and "packets") that don't have time stamps; don't bother
working very hard to "fake" a time stamp for data files.
Use the "interface ID present" flag to omit the interface ID for packets
that don't have an interface ID.
We don't use the "captured length, separate from packet length, present"
flag to omit the captured length; that flag might be present but equal
to the packet length, and if you want to know if a packet was cut short
by a snapshot length, comparing the values would be the way to do that.
More work is needed to have wiretap/pcapng.c properly report the flags,
e.g. reporting no time stamp being present for a Simple Packet Block.
svn path=/trunk/; revision=41185
Diffstat (limited to 'wiretap/snoop.c')
| -rw-r--r-- | wiretap/snoop.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/wiretap/snoop.c b/wiretap/snoop.c index c284465ee1..a0296db139 100644 --- a/wiretap/snoop.c +++ b/wiretap/snoop.c @@ -591,6 +591,7 @@ static gboolean snoop_read(wtap *wth, int *err, gchar **err_info, return FALSE; /* Read error */ wth->data_offset += packet_size; + wth->phdr.presence_flags = WTAP_HAS_TS|WTAP_HAS_CAP_LEN; wth->phdr.ts.secs = g_ntohl(hdr.ts_sec); wth->phdr.ts.nsecs = g_ntohl(hdr.ts_usec) * 1000; wth->phdr.caplen = packet_size; |