Hi Martin,
thank you for your reply and explanations. Now I can reproduce a behaviour
that I consider a bug.
>From what I learned, the timestamps in trace files are in GMT/UTC.
I have 10:30 in my trace file and I live 1 hour east of Greenwhich.
So Ethereal shows 11:30. However, at the moment I am two hours off
Greenwich time, since daylight saving time is in effect. But ethereal
does not care about "proper" timezone handling. This is a serious problem
for my application. I can reproduce the bug in both Windows and Linux.
My timestamps are GMT and my local machines are two hours off due to
daylight saving, but ethereal is only considering the 1 hour that I live east
of Greenwich.
Where is the code that does this? I would like to fix it. Unless I am doing
something wrong and any of you is so kind to point me in the right direction.
Best regards,
Rolf
"Martin Regner" <martin.regner@xxxxxxxxx> schrieb am 18.04.04 12:22:53:
>
>
> Rolf Fiedler wrote:
> > I have a question regarding the proper use of the wiretap library. In
> > the wth->phdr->ts.tv_sec field, is that a timestamp in GMT or in
> > localtime, i.e. will ethereal do gmt->localtime conversion before
> > displaying the information or should the wiretap module do that?
> >
> > I have traces that have timestamps in GMT (to allow use across
> > timezones) that are not displayed properly and I am looking for
> > the proper place to fix it.
>
>
> Hi Rolf,
>
> Thank you for the information about Eyesdn (PRI version) you sent a while
> ago.
> It seems to be a very interesting product. Maybe I will contact you later if
> I have some more questions about it.
> I ahev been busy with several otehr things during the last period.
>
> I'm not completely sure about the answer to your question, so someone elese
> will probably get you a better answer.
>
> However if I remember correct:
>
> The timestamps in a libpcap/tcpdump file should be in GMT.
> There may however be other file-formats that may store the time in other
> ways.
> I guess that wiretap needs to convert to GMT when reading and opposite when
> writing for those formats.
>
> Ethereal should show the time in the local timezone settings of the computer
> where you are viewing the capture on, not the local time
> of the computer where the capture was done. There is a possibility to store
> timezone in the libpcap header, but that value is not used
> currently (and normally it is stored as 0).
>
> It seems that localtime is called e.g. in epan/column-utils.c, epan\to_str.c
> and strptime.c.
> These routines are used when displaying the entries in Ethereal/Tethereal.
>
> static void
> col_set_abs_time(frame_data *fd, column_info *cinfo, int col)
> {
> struct tm *tmp;
> time_t then;
>
> then = fd->abs_secs;
> tmp = localtime(&then);
> .
>
> Below are some links to some messages about timezone handling:
>
> http://www.ethereal.com/lists/ethereal-dev/200401/msg00858.html
>
> http://www.ethereal.com/lists/ethereal-dev/200401/msg00856.html
>
> http://www.ethereal.com/lists/ethereal-dev/200201/msg00184.html
>
> http://www.ethereal.com/lists/ethereal-dev/200201/msg00202.html
>
> http://www.ethereal.com/lists/ethereal-users/200103/msg00127.html
>
>
>
>
_______________________________________________________________________
... and the winner is... WEB.DE FreeMail! - Deutschlands beste E-Mail
ist zum 39. Mal Testsieger (PC Praxis 03/04) http://f.web.de/?mc=021191
