Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] getting the time

From: Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 20 Jan 2010 18:42:05 -0500
Guy

I just confirmed that this is UTC time.
Sorry for the confusion.

Thanks,
Brian


Guy Harris wrote:
On Jan 20, 2010, at 1:34 PM, Brian Oleksa wrote:

I forgot to add the format of the time stamp that I am trying to get.

ms since the epoch (jan 1, 1970) as a 8 byte network byte order integer

Is there built in functions that can be used..??

Do you mean that you have a protocol that has an 8-byte network-byte-order integer whose value is a count of milliseconds since midnight, January 1, 1970?

The function to get the value would be tvb_get_ntoh64(), but that just gives you a guint64 count of milliseconds.

If you want to add that to the protocol tree as an FT_ABSOLUTE_TIME, that requires more work.

First - is that midnight, January 1, 1970, UTC, or midnight, January 1, 1970 *local* time?  If it's local time, that's a bit more work; I'll assume it's UTC here.

Values for FT_ABSOLUTE_TIME fields are nstime_t's; those are structures with a "secs" and "nsecs" field.  If you have a 64-bit milliseconds since the Epoch, and you want to convert it to an nstime_t for use with an FT_ABSOLUTE_TIME field, you'd do

	guint64 msecs_since_the_epoch;
	nstime_t t;

		...

	t.secs = msecs_since_the_epoch/1000;
	t.nsecs = (msecs_since_the_epoch%1000)*1000000;	/* milliseconds to nanoseconds */
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe