pcap结构
https://www.wireshark.org/docs/dfref/f/file-pcap.html
https://github.com/the-tcpdump-group/libpcap/blob/master/pcap/pcap.h
https://www.codeproject.com/tips/612847/generate-a-quick-and-easy-custom-pcap-file-using-p
https://github.com/wireshark/wireshark/blob/master/epan/dissectors/file-pcap.c
https://github.com/wireshark/wireshark/blob/master/wiretap/pcap-common.c
/* The high 32 bits of the timestamp contain the integer number of seconds
* while the lower 32 bits contain the binary fraction of the second.
* This allows an ultimate resolution of 1/(2^32) seconds, or approximately 233 picoseconds */
if (rec) {
guint64 ts = pseudo_header->erf.phdr.ts;
rec->ts.secs = (time_t) (ts >> 32);
ts = ((ts & 0xffffffff) * 1000 * 1000 * 1000);
ts += (ts & 0x80000000) << 1; /* rounding */
rec->ts.nsecs = ((guint32) (ts >> 32));
if (rec->ts.nsecs >= 1000000000) {
rec->ts.nsecs -= 1000000000;
rec->ts.secs += 1;
}
}
6438
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
