void
frame_data_set_before_dissect(frame_data *fdata,
nstime_t *elapsed_time,
nstime_t *first_ts,
nstime_t *prev_dis_ts,
nstime_t *prev_cap_ts)
{
/* If we don't have the time stamp of the first packet in the
capture, it's because this is the first packet. Save the time
stamp of this packet as the time stamp of the first packet. */
if (nstime_is_unset(first_ts))
*first_ts = fdata->abs_ts;
/* if this frames is marked as a reference time frame, reset
firstsec and firstusec to this frame */
if(fdata->flags.ref_time)
*first_ts = fdata->abs_ts;
/* If we don't have the time stamp of the previous captured packet,
it's because this is the first packet. Save the time
stamp of this packet as the time stamp of the previous captured
packet. */
if (nstime_is_unset(prev_cap_ts))
*prev_cap_ts = fdata->abs_ts;
/* Get the time elapsed between the first packet and this packet. */
nstime_delta(&fdata->rel_ts, &fdata->abs_ts, first_ts);
/* If it's greater than the current elapsed time, set the elapsed time
to it (we check for "greater than" so as not to be confused by
time moving backwards). */
if ((gint32)elapsed_time->secs < fdata->rel_ts.secs
|| ((gint32)elapsed_time->secs == fdata->rel_ts.secs && (gint32)elapsed_time->nsecs < fdata->rel_ts.nsecs)) {
*elapsed_time = fdata->rel_ts;
}
/* Get the time elapsed between the previous displayed packet and
this packet. */
if (nstime_is_unset(prev_dis_ts))
/* If we don't have the time stamp of the previous displayed packet,
it's because we have no displayed packets prior to this.
Set the delta time to zero. */
nstime_set_zero(&fdata->del_dis_ts);
else
nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, prev_dis_ts);
/* Get the time elapsed between the previous captured packet and
this packet. */
nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, prev_cap_ts);
*prev_cap_ts = fdata->abs_ts;
}
void
frame_data_set_before_dissect(frame_data *fdata,
nstime_t *elapsed_time,
nstime_t *first_ts,
const frame_data *prev_dis,
const frame_data *prev_cap)
{
/* If we don't have the time stamp of the first packet in the
capture, it's because this is the first packet. Save the time
stamp of this packet as the time stamp of the first packet. */
if (nstime_is_unset(first_ts))
*first_ts = fdata->abs_ts;
/* if this frames is marked as a reference time frame, reset
firstsec and firstusec to this frame */
if(fdata->flags.ref_time)
*first_ts = fdata->abs_ts;
/* Get the time elapsed between the first packet and this packet. */
nstime_delta(&fdata->rel_ts, &fdata->abs_ts, first_ts);
/* If it's greater than the current elapsed time, set the elapsed time
to it (we check for "greater than" so as not to be confused by
time moving backwards). */
if ((gint32)elapsed_time->secs < fdata->rel_ts.secs
|| ((gint32)elapsed_time->secs == fdata->rel_ts.secs && (gint32)elapsed_time->nsecs < fdata->rel_ts.nsecs)) {
*elapsed_time = fdata->rel_ts;
}
fdata->prev_dis = prev_dis;
fdata->prev_cap = prev_cap;
}
int nstime_cmp (const nstime_t *a, const nstime_t *b )
{
if (G_UNLIKELY(nstime_is_unset(a))) {
if (G_UNLIKELY(nstime_is_unset(b))) {
return 0; /* "no time stamp" is "equal" to "no time stamp" */
} else {
return -1; /* and is less than all time stamps */
}
} else {
if (G_UNLIKELY(nstime_is_unset(b))) {
return 1;
}
}
if (a->secs == b->secs) {
return a->nsecs - b->nsecs;
} else {
return (int) (a->secs - b->secs);
}
}
static gboolean
is_duplicate_rel_time(guint8* fd, guint32 len, const nstime_t *current) {
int i;
md5_state_t ms;
cur_dup_entry++;
if (cur_dup_entry >= dup_window)
cur_dup_entry = 0;
/* Calculate our digest */
md5_init(&ms);
md5_append(&ms, fd, len);
md5_finish(&ms, fd_hash[cur_dup_entry].digest);
fd_hash[cur_dup_entry].len = len;
fd_hash[cur_dup_entry].time.secs = current->secs;
fd_hash[cur_dup_entry].time.nsecs = current->nsecs;
/*
* Look for relative time related duplicates.
* This is hopefully a reasonably efficient mechanism for
* finding duplicates by rel time in the fd_hash[] cache.
* We check starting from the most recently added hash
* entries and work backwards towards older packets.
* This approach allows the dup test to be terminated
* when the relative time of a cached entry is found to
* be beyond the dup time window.
*
* Of course this assumes that the input trace file is
* "well-formed" in the sense that the packet timestamps are
* in strict chronologically increasing order (which is NOT
* always the case!!).
*
* The fd_hash[] table was deliberatly created large (1,000,000).
* Looking for time related duplicates in large trace files with
* non-fractional dup time window values can potentially take
* a long time to complete.
*/
for (i = cur_dup_entry - 1;; i--) {
nstime_t delta;
int cmp;
if (i < 0) {
i = dup_window - 1;
}
if (i == cur_dup_entry) {
/*
* We've decremented back to where we started.
* Check no more!
*/
break;
}
if (nstime_is_unset(&(fd_hash[i].time))) {
/*
* We've decremented to an unused fd_hash[] entry.
* Check no more!
*/
break;
}
nstime_delta(&delta, current, &fd_hash[i].time);
if(delta.secs < 0 || delta.nsecs < 0)
{
/*
* A negative delta implies that the current packet
* has an absolute timestamp less than the cached packet
* that it is being compared to. This is NOT a normal
* situation since trace files usually have packets in
* chronological order (oldest to newest).
*
* There are several possible ways to deal with this:
* 1. 'continue' dup checking with the next cached frame.
* 2. 'break' from looking for a duplicate of the current frame.
* 3. Take the absolute value of the delta and see if that
* falls within the specifed dup time window.
*
* Currently this code does option 1. But it would pretty
* easy to add yet-another-editcap-option to select one of
* the other behaviors for dealing with out-of-sequence
* packets.
*/
continue;
}
cmp = nstime_cmp(&delta, &relative_time_window);
if(cmp > 0) {
/*
* The delta time indicates that we are now looking at
* cached packets beyond the specified dup time window.
* Check no more!
*/
break;
} else if (fd_hash[i].len == fd_hash[cur_dup_entry].len &&
memcmp(fd_hash[i].digest, fd_hash[cur_dup_entry].digest, 16) == 0) {
return TRUE;
}
}
return FALSE;
}
void CaptureFile::fill_in_fdata(frame_data *fdata, gint64 offset) {
const struct wtap_pkthdr *phdr = wtap_phdr(wth);
guint32 cum_bytes = 0;
fdata->next = NULL;
fdata->prev = NULL;
fdata->pfd = NULL;
fdata->num = count;
fdata->pkt_len = phdr->len;
cum_bytes += phdr->len;
fdata->cum_bytes = cum_bytes;
fdata->cap_len = phdr->caplen;
fdata->file_off = offset;
fdata->lnk_t = phdr->pkt_encap;
fdata->abs_ts.secs = phdr->ts.secs;
fdata->abs_ts.nsecs = phdr->ts.nsecs;
fdata->flags.passed_dfilter = 0;
//fdata->flags.encoding = PACKET_CHAR_ENC_CHAR_ASCII;
fdata->flags.encoding = CHAR_ASCII;
fdata->flags.visited = 0;
fdata->flags.marked = 0;
fdata->flags.ref_time = 0;
fdata->color_filter = NULL;
/* If we don't have the time stamp of the first packet in the
capture, it's because this is the first packet. Save the time
stamp of this packet as the time stamp of the first packet. */
if (nstime_is_unset(&first_ts)) {
first_ts = fdata->abs_ts;
}
/* If we don't have the time stamp of the previous captured packet,
it's because this is the first packet. Save the time
stamp of this packet as the time stamp of the previous captured
packet. */
if (nstime_is_unset(&prev_cap_ts)) {
prev_cap_ts = fdata->abs_ts;
}
/* Get the time elapsed between the first packet and this packet. */
nstime_delta(&fdata->rel_ts, &fdata->abs_ts, &first_ts);
/* If it's greater than the current elapsed time, set the elapsed time
to it (we check for "greater than" so as not to be confused by
time moving backwards). */
if ((gint32) elapsed_time.secs < fdata->rel_ts.secs
|| ((gint32) elapsed_time.secs == fdata->rel_ts.secs && (gint32) elapsed_time.nsecs < fdata->rel_ts.nsecs)) {
elapsed_time = fdata->rel_ts;
}
/* If we don't have the time stamp of the previous displayed packet,
it's because this is the first packet that's being displayed. Save the time
stamp of this packet as the time stamp of the previous displayed
packet. */
if (nstime_is_unset(&prev_dis_ts))
prev_dis_ts = fdata->abs_ts;
/* Get the time elapsed between the previous displayed packet and
this packet. */
nstime_delta(&fdata->del_dis_ts, &fdata->abs_ts, &prev_dis_ts);
/* Get the time elapsed between the previous captured packet and
this packet. */
nstime_delta(&fdata->del_cap_ts, &fdata->abs_ts, &prev_cap_ts);
prev_cap_ts = fdata->abs_ts;
}
