Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] getting the time

From: Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 20 Jan 2010 17:11:58 -0500
Guy

Thanks for the reply.

One of the fields in the bitmask that I am dissecting is the time stamp.

This time stamps format is: ms since the epoch (jan 1, 1970) as a 8 byte network byte order integer

I did not write the code that spits out this info on the network, I am simply trying to dissect it and this format is the info that I was given.

I believe that the these returned 8 bytes that I am currently getting is in milliseconds and all I have to do is convert this to a meaningful time and date.

Unfortuanately... I would think to believe that this is "local time". The dissection of this packet is getting the time stamp from the local GPS unit that it is attached to the pc. So no matter where you are at in the world... I would think that you would want to get the local time out of this packet.

I will have to find out more.

Thanks,
Brian




Guy Harris wrote:
On Jan 20, 2010, at 1:34 PM, Brian Oleksa wrote:

I forgot to add the format of the time stamp that I am trying to get.

ms since the epoch (jan 1, 1970) as a 8 byte network byte order integer

Is there built in functions that can be used..??

Do you mean that you have a protocol that has an 8-byte network-byte-order integer whose value is a count of milliseconds since midnight, January 1, 1970?

The function to get the value would be tvb_get_ntoh64(), but that just gives you a guint64 count of milliseconds.

If you want to add that to the protocol tree as an FT_ABSOLUTE_TIME, that requires more work.

First - is that midnight, January 1, 1970, UTC, or midnight, January 1, 1970 *local* time?  If it's local time, that's a bit more work; I'll assume it's UTC here.

Values for FT_ABSOLUTE_TIME fields are nstime_t's; those are structures with a "secs" and "nsecs" field.  If you have a 64-bit milliseconds since the Epoch, and you want to convert it to an nstime_t for use with an FT_ABSOLUTE_TIME field, you'd do

	guint64 msecs_since_the_epoch;
	nstime_t t;

		...

	t.secs = msecs_since_the_epoch/1000;
	t.nsecs = (msecs_since_the_epoch%1000)*1000000;	/* milliseconds to nanoseconds */
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe