> FYI today I tried opening a pcap-ng file with wireshark rev 24118, and
> it sort of worked. > > What works: > - the first file I opened was a 50+MB file generated with NTAR. Real > ethernet packets coming from a custom board. Wireshark opened the > trace without any problem, and the decoded packets made perfectly
> sense. YAY!
> > What doesn't work: > - timestamps are wrong. There are two problems here: > 1. the IDB option for the timestamp precision is not decoded, and I
> was generating timestamps with nanosecond precision.
No wonder, the corresponding line in the code says: /* XXX - convert timestamps into nsecs */ ;-)
> 2. timestamps are not in the libpcap fashion (seconds and
> microseconds, or seconds and nanoseconds). It's a single 64bit > quantity that is split into high and low 32bits. >
The timestamps currently won't work, but shouldn't be too hard to fix.
I'll have a look ...
P.S: The FCS is also not decoded, Wireshark will internally always handle pcapng as: "don't know if FCS is there"