[Oisf-devel] [patch] PF_RING missing timestamps
Chris Wakelin
c.d.wakelin at reading.ac.uk
Wed May 30 21:04:49 UTC 2012
In my experiments with some of the fancier versions of PF_RING, namely
TNAPI and DNA with libzero, I've found sometimes they return packets
with timestamps set to 0 (i.e. Jan 1970).
In the PF_RING-enabled libpcap bundled with PF_RING, there are extra
lines around the pfring_recv() call that use gettimeofday() to supply
the timestamp if pfring_recv() doesn't.
I've attached a patch for Suricata's source-pfring.c that does the same
and fixes the issue for me.
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-missing-timestamps-in-some-flavours-of-PF_RING.patch
Type: text/x-patch
Size: 1655 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120530/e61417f4/attachment.bin>
More information about the Oisf-devel
mailing list