#1 tcpslice -r -d Always Returns Start + 10years
As reported by "Steve Bonds" <pow7yec02@sneakemail.com>
on tcpdump-workers. I suspect that open_files()
knowing the last time in the file is an artifact of the
new combination mode :
When using "tcpslice -r -d <tcpdump file>" to dump the
range of dates in a
file, it always seems to return the start of the file
plus ten
years. (Regardless of whether you use "-t", "-r", or
"-R" along with
"-d".)
A look at the current CVS version of the code shows:
----- tcpslice.c:232 -----
states = open_files(&argv[optind], numfiles);
first_time = lowest_start_time(states, numfiles);
if (start_time_string)
start_time =
parse_time(start_time_string, first_time);
else
start_time = first_time;
if (stop_time_string)
stop_time =
parse_time(stop_time_string, start_time);
else
{
stop_time = start_time;
stop_time.tv_sec += 86400*3660; /* + 10
years; "forever" */
stop_time.tv_usec = 0;
}
if (report_times) {
for (; optind < argc; ++optind)
dump_times(&pcap, argv[optind]);
}
if (dump_flag) {
printf( "start\t%s\nstop\t%s\n",
timestamp_to_string( &start_time ),
timestamp_to_string( &stop_time
) );
}
-----
There doesn't appear to be any place in the code that
actually grabs the
states->last_pkt_time initialized in the open_files()
call before it's
printed there in the "if (dump_flag)" section.
Why isn't there a "stop_time" call similar to the
"first_time = " call?
-- Steve Bonds