ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Time stamp FT_ values

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>
Date: Mon, 21 Jun 2004 10:13:25 +1000
----- Original Message ----- 
From: "Guy Harris"
Sent: Saturday, June 19, 2004 2:20 PM
Subject: [Ethereal-dev] Time stamp FT_ values


> We have an FT_RELATIVE_TIME type; however:
>
> 1) it displays the value as seconds, rather than
>    days/hours/minutes/seconds;
>
> 2) it's not supported by "proto_tree_add_item()".
>
> This raises some questions:
>
> 1) Is there any reason *not* to display time intervals as
>    days/hours/minutes/seconds rather than as a raw number of
>    seconds?

No, no reason.
I think it should present it as seconds  if the number is <60 seconds,
as Minutes and Seconds if it is less than 1 hour,
etc.
This change would enhance useability a lot.

>
> 2) Would it make sense to have a 4-byte FT_RELATIVE_TIME be
>    interpreted as a number of seconds and an 8-byte
>    FT_RELATIVE_TIME be interpreted as something like a
>    seconds/microseconds time stamp?
>
> 3) Would it make even more sense to do something such as the
>    above, but to have the "base" value for the field be an
>    indication of the units of the time?
>
> 4) Would it make more sense still to combine that units
>    indication with an indication of whether an 8-byte value is a
>    seconds/fractions time stamp or an 8-byte number?

For relative 64bit timestamps I think we need to overload the BASE_xxx field
so that we can describe
BASE_USTIME (come up with better name):
    1 a guint32 for secs
    2 a guint32 for usecs
BASE_NSTIME
    ditto as above but takes the second 32bit field as nsecs.
BASE_NDR
    for a 64 bit value holding the 64bit value that represents the number of
ticks used for DCERPC (==windows)
    ticks.   I think it is something like number of x ns .   This is a true
64 bit field and not 2 32 bit fields as above is.
and there are other types of 64 bit timestamps/deltas as well.
BASE_TIMET
   which would be a single 32bit integer

Why not generalize it a bit more and also support even weirder ones such as
All the older types of timestamps/deltas used by DOS/Windows(old dialects)
like the weird one where timedeltas are specified in units of 2 seconds
etc...


>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube