Gianluca Varenni schrieb:
FYI today I tried opening a pcap-ng file with wireshark rev 24118, and
it sort of worked.
What works:
- the first file I opened was a 50+MB file generated with NTAR. Real
ethernet packets coming from a custom board. Wireshark opened the
trace without any problem, and the decoded packets made perfectly
sense. YAY!
Nice!
What doesn't work:
- timestamps are wrong. There are two problems here:
1. the IDB option for the timestamp precision is not decoded, and I
was generating timestamps with nanosecond precision.
No wonder, the corresponding line in the code says: /* XXX - convert
timestamps into nsecs */ ;-)
2. timestamps are not in the libpcap fashion (seconds and
microseconds, or seconds and nanoseconds). It's a single 64bit
quantity that is split into high and low 32bits.
The timestamps currently won't work, but shouldn't be too hard to fix.
I'll have a look ...
Regards, ULFL
P.S: The FCS is also not decoded, Wireshark will internally always
handle pcapng as: "don't know if FCS is there"