hello,
the attached patch fix an off by one in current usb sniffing code. It
also substitute the kernel-provided timestamp with gettimeofday. The
kernel provided timestamp use 32 bits to represent a struct timeval (8
bits for tv_sec and 24 for tv_usec), so it's content is quite
misleading.
ciao,
Paolo
p.s. the gettimeofday syscall give some overhead to the sniffing code,
but currently the text interface provided by the kernel is IMHO the real
bottleneck.
Index: pcap-usb-linux.c
===================================================================
RCS file: /tcpdump/master/libpcap/pcap-usb-linux.c,v
retrieving revision 1.8
diff -u -r1.8 pcap-usb-linux.c
--- pcap-usb-linux.c 13 Oct 2006 17:46:46 -0000 1.8
+++ pcap-usb-linux.c 15 Oct 2006 17:30:25 -0000
@@ -241,8 +241,15 @@
uhdr->endpoint_number = htonl(ep_num);
uhdr->device_address = htonl(dev_addr);
string += cnt;
- pkth.ts.tv_sec = timestamp / 1000000;
- pkth.ts.tv_usec = timestamp % 1000000;
+
+ /* don't use usbmon provided timestamp, since it have low precision*/
+ if (gettimeofday(&pkth.ts, NULL) < 0)
+ {
+ snprintf(handle->errbuf, PCAP_ERRBUF_SIZE,
+ "Can't get timestamp for message '%s' %d:%s",
+ string, errno, strerror(errno));
+ return -1;
+ }
/* parse endpoint information */
if (pipeid1 == 'C')
@@ -353,6 +360,9 @@
if (urb_tag != '=')
goto got;
+ /* skip urb tag and following space */
+ string += 3;
+
/* read all urb data; if urb length is greater then the usbmon internal
* buffer length used by the kernel to spool the URB, we get only
* a partial information.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
