Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 4484] failure to recognize ERF input file

Wireshark-bugs: [Wireshark-bugs] [Bug 4484] failure to recognize ERF input file

Date: Thu, 25 Feb 2010 01:20:07 -0800 (PST)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4484

Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |darkjames@xxxxxxxxxxxxxxxx

--- Comment #1 from Jakub Zawadzki <darkjames@xxxxxxxxxxxxxxxx> 2010-02-25 01:19:56 PST ---
Loading of this capture fails on (from wireshark/wiretap/erf.c):
#v+
    if ((ts = pletohll(&header.ts)) < prevts) {
      /* reassembled AALx records may not be in time order, also records are
not in strict time order between physical interfaces, so allow 1 sec fudge */
      if ( ((prevts-ts)>>32) > 1 ) {
    return 0;
      }
    }
#v-

I forced loading capture with: 
ERF_RECORDS_TO_CHECK=1 ./wireshark /tmp/frame_log_server.erf 

It loads fine however some frames has negative (and more interesting the same!)
 delta time.

By the way ERF file format
(http://www.endace.com/support/EndaceRecordFormat.pdf)
is no longer available.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

References:
- [Wireshark-bugs] [Bug 4484] New: failure to recognize ERF input file
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 4532] New: Enhance Protocol Hierarchy Statistics
Next by Date: [Wireshark-bugs] [Bug 3974] wrong decoding of gtp.target identification
Previous by thread: [Wireshark-bugs] [Bug 4484] New: failure to recognize ERF input file
Next by thread: [Wireshark-bugs] [Bug 4484] failure to recognize ERF input file
Index(es):
- Date
- Thread