Wireshark mailing list archives

Re: getting the time

From: Brian Oleksa <oleksab () darkcornersoftware com>
Date: Thu, 21 Jan 2010 13:57:48 -0500

Guy

To answer your questions: Yes this is UTC time since the epoc.

What I am trying to dissect has a bitmask attached to it. So all I have 
to do is check for fields available (which you will see below)

This is what I have done......I am confused on what you sent me. Can you 
give me an more detailed example..?? Here is my code so far:

Right now all I am getting is just a number:

The end result,  I would like to get something like this:  Jan 21 
2010    or    1/21/2010    or    1-21-2010

                    if ((fieldsAvail & 2) != 0) {
                        guint64 msecs_since_the_epoch;
                        nstime_t t;
                        msecs_since_the_epoch = *((guint64*) ptr);
                        t.secs = msecs_since_the_epoch/1000;
                        ptr += 8;

                        proto_tree_add_uint_format(helen_sub_tree, 
hf_helen_length, tvb, offset, 8, 0,
                                "TIME %d", t.secs);

                        offset += 8;
                    }

Thanks,
Brian



Guy Harris wrote:

On Jan 20, 2010, at 1:34 PM, Brian Oleksa wrote:

I forgot to add the format of the time stamp that I am trying to get.

ms since the epoch (jan 1, 1970) as a 8 byte network byte order integer

Is there built in functions that can be used..??


Do you mean that you have a protocol that has an 8-byte network-byte-order integer whose value is a count of 
milliseconds since midnight, January 1, 1970?

The function to get the value would be tvb_get_ntoh64(), but that just gives you a guint64 count of milliseconds.

If you want to add that to the protocol tree as an FT_ABSOLUTE_TIME, that requires more work.

First - is that midnight, January 1, 1970, UTC, or midnight, January 1, 1970 *local* time?  If it's local time, 
that's a bit more work; I'll assume it's UTC here.

Values for FT_ABSOLUTE_TIME fields are nstime_t's; those are structures with a "secs" and "nsecs" field.  If you have 
a 64-bit milliseconds since the Epoch, and you want to convert it to an nstime_t for use with an FT_ABSOLUTE_TIME 
field, you'd do

      guint64 msecs_since_the_epoch;
      nstime_t t;

              ...

      t.secs = msecs_since_the_epoch/1000;
      t.nsecs = (msecs_since_the_epoch%1000)*1000000; /* milliseconds to nanoseconds */
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

getting the time Brian Oleksa (Jan 20)
- Re: getting the time Guy Harris (Jan 20)
  - Re: getting the time Brian Oleksa (Jan 20)
  - Re: getting the time Brian Oleksa (Jan 20)
  - Re: getting the time Brian Oleksa (Jan 21)
    - Re: getting the time Guy Harris (Jan 21)
    - Re: getting the time Brian Oleksa (Jan 21)
    - Re: getting the time Guy Harris (Jan 21)
    - Re: getting the time Brian Oleksa (Jan 21)
    - Re: getting the time Guy Harris (Jan 21)
    - Re: getting the time Brian Oleksa (Jan 21)
    - Re: getting the time Guy Harris (Jan 21)
    - string manipulation Brian Oleksa (Jan 25)
    - Re: string manipulation Guy Harris (Jan 25)
    - Re: string manipulation Gerald Combs (Jan 25)

(Thread continues...)