diff options
author | Guy Harris <guy@alum.mit.edu> | 2014-10-14 12:30:00 -0700 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2014-10-14 19:30:32 +0000 |
commit | a18c9c5cf024a16df66a1190b3367e17fdf5445b (patch) | |
tree | 7b94a7fcac1c70d134f1486cfa14b251fac4d33d | |
parent | 87ea03bf37d520b91ea011516885cc838012cf71 (diff) |
Don't supply time stamps for Capsa packets for now.
The time stamps aren't known to be right, so don't provide them - that
way, instead of users reading Capsa files and getting the wrong idea
about the time stamps, they'll get no time stamps and have to ask for
our help, at which point we can ask them for *their* help in seeing what
Capsa thinks the time stamps are. (The joys of reverse-engineering.)
Change-Id: I77e12c09f2bc74b50a1b2b226fa6da3e8c0fedf9
Reviewed-on: https://code.wireshark.org/review/4685
Reviewed-by: Guy Harris <guy@alum.mit.edu>
-rw-r--r-- | wiretap/capsa.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/wiretap/capsa.c b/wiretap/capsa.c index 9aa7a78fa8..e2e9b110e1 100644 --- a/wiretap/capsa.c +++ b/wiretap/capsa.c @@ -309,13 +309,7 @@ capsa_seek_read(wtap *wth, gint64 seek_off, return TRUE; } -/* - * Number of seconds between the UN*X epoch (January 1, 1970, 00:00:00 GMT) - * and the Windows NT epoch (January 1, 1601, 00:00:00 "GMT"). - * - * XXX - this is not the correct time origin. - */ -#define TIME_FIXUP_CONSTANT G_GUINT64_CONSTANT(11644473600) +#define TIME_FIXUP_CONSTANT static int capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, @@ -341,7 +335,14 @@ capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, orig_size = GUINT16_FROM_LE(capsarec_hdr.orig_len); packet_size = GUINT16_FROM_LE(capsarec_hdr.incl_len); header_size = sizeof capsarec_hdr; +#if 0 timestamp = (((guint64)GUINT32_FROM_LE(capsarec_hdr.timestamphi))<<32) + GUINT32_FROM_LE(capsarec_hdr.timestamplo); + /* + * XXX - this is not the correct time origin. + */ + timestamp -= G_GUINT64_CONSTANT(11644473600); +#endif + phdr->presence_flags = WTAP_HAS_CAP_LEN; /* * OK, the rest of this is variable-length. @@ -364,6 +365,16 @@ capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, packet_size = GUINT16_FROM_LE(pbrec_hdr.incl_len); header_size = sizeof pbrec_hdr; timestamp = (((guint64)GUINT32_FROM_LE(pbrec_hdr.timestamphi))<<32) + GUINT32_FROM_LE(pbrec_hdr.timestamplo); + /* + * XXX - this seems to work for one pcap capture + * converted to Capsa format by Packet Builder, + * but it's a random magic number, so it might + * not actually be the right value. + */ + timestamp -= G_GUINT64_CONSTANT(485946753291483); + phdr->presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_TS; + phdr->ts.secs = (time_t)(timestamp / 1000000); + phdr->ts.nsecs = ((int)(timestamp % 1000000))*1000; break; default: @@ -417,10 +428,6 @@ capsa_read_packet(wtap *wth, FILE_T fh, struct wtap_pkthdr *phdr, phdr->pseudo_header.eth.fcs_len = 0; phdr->rec_type = REC_TYPE_PACKET; - phdr->presence_flags = WTAP_HAS_CAP_LEN|WTAP_HAS_TS; - timestamp -= TIME_FIXUP_CONSTANT; - phdr->ts.secs = (time_t)(timestamp / 1000000); - phdr->ts.nsecs = ((int)(timestamp % 1000000))*1000; phdr->caplen = packet_size; phdr->len = orig_size; |