diff options
author | Guy Harris <guy@alum.mit.edu> | 2010-07-21 16:25:59 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2010-07-21 16:25:59 +0000 |
commit | 45c49c957fb914c667e470f8f523ed4b7446d4b9 (patch) | |
tree | 93c9366276c771480f7c5cfff519c3d16ea79e7c /wiretap/netmon.c | |
parent | ba6c5161ba580eed73bb665f8df902dac6b683e7 (diff) |
According to mail from Paul Long at Microsoft, in the 1.x NetMon file
format, the time offset from the start of the capture always had a
positive value, so it's an unsigned value. (In newer versions of NetMon
3.x, the capture can start before the "capture start" time stamp is set,
so packets can have a *negative* offset from the capture start time
stamp. Those captures are in the 2.x file format.)
svn path=/trunk/; revision=33607
Diffstat (limited to 'wiretap/netmon.c')
-rw-r--r-- | wiretap/netmon.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/wiretap/netmon.c b/wiretap/netmon.c index a5ac170995..761b7afbc0 100644 --- a/wiretap/netmon.c +++ b/wiretap/netmon.c @@ -516,7 +516,13 @@ again: switch (netmon->version_major) { case 1: - delta = ((gint32)pletohl(&hdr.hdr_1_x.ts_delta))*1000; + /* + * According to Paul Long, this offset is unsigned. + * It's 32 bits, so the maximum value will fit in + * a gint64 such as delta, even after multiplying + * it by 1000. + */ + delta = ((guint32)pletohl(&hdr.hdr_1_x.ts_delta))*1000; break; case 2: |