https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7266
--- Comment #14 from Stephen Donnelly <stephen@xxxxxxxxxx> 2012-07-30 15:26:53 PDT ---
The root problem here is that Wireshark's internal time stamp format has
nanosecond resolution, and it assumes that no formats have higher resolution
than this.
ERF uses a 64-bit fixed point format, so the ultimate resolution is 2^-32s, or
~233ps. This causes:
3172 (phdr->ts.nsecs / (1000000000/int_data.time_units_per_second));
to fail horribly, as the result of the first division is 0 as an integer.
wiretap/erf.c sets:
731 int_data.time_units_per_second = (1LL<<32); /* ERF format resolution is
2^-32, capture resolution is unknown */
and
740 int_data.if_tsresol = 0xa0; /* ERF format resolution is 2^-32 = 0xa0,
capture resolution is unknown */
(PcapNG IDB if_tsresol=0xa0 comes from: high bit set power=2, and 32 bits
resolution)
Since wiretap/erf.c is 'downconverting' the ERF timestamp to Wireshark's lower
resolution representation, should we be setting
int_data.time_units_per_second=1000000000 to represent the converted timstamp
rather than the original resolution? Should we be setting if_tsresol=0x09 as
well?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
