Reordering capture files

[Martin Mathieson <martin.r.mathieson () googlemail com>]

Hi,

I work with log files that are created from multiple sources, and although
the timestamps are in good synchronisation, they are often written to the
log file slightly out of order (up to a few milliseconds).

editcap -S supports rewriting the timestamps to be in strict chronological
order (assuming the frame order will be correct), but this is the opposite
of what I need.

So, I'm considering adding a new flag to editcap, or maybe creating a
separate console program using wiretap (I haven't thought through how
difficult it might be to support other options at the same time).  It would
work something like this:
- specify a number N (say 200), that would serve as the number of frames in
the ordering buffer
- when a new frame is read from the input file, insert it into its correct
time order within the (up-to) N frames in the buffer.  Hopefully not a
linear search :)
- write the earliest frame to the output file
- when we reach the end of the input file, just flush the sorted buffer to
the output file

Not sure if I'd keep the buffered frames in memory, or go back and reread
them when it was time to write them out.


Am I missing an existing way to get this functionality?  Am I the only
person who needs this functionality?

Thanks,
Martin

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe