pentoo-overlay/net-misc/tcpick/files/set-timestamp-pcap-header-structure.patch

Description:Tcpick can display timestamps in the output with the -t and -td switch. It currently computes a timestamp on the fly which has the following consequences
* Inaccurate timestamps when it is operated in real time mode (-i switch)
* Nonsense when reassembling off-line captures / when reading pcap files
Author: Gerard Wagener
Bug-Ubuntu:https://bugs.launchpad.net/ubuntu/+source/tcpick/+bug/364688

--- a/src/extern.h
+++ b/src/extern.h
@@ -13,6 +13,7 @@
 extern struct ip *ippacket;
 extern struct tcphdr *tcppacket;
 extern struct udphdr *udppacket;
+extern struct pcap_pkthdr* phdr;
 extern u_char *payload;
 extern int payload_len;
 extern struct FLAGS flags;
--- a/src/globals.h
+++ b/src/globals.h
@@ -12,6 +12,7 @@
 struct ip *ippacket;
 struct tcphdr *tcppacket;
 struct udphdr *udppacket;
+struct pcap_pkthdr* phdr = NULL;
 u_char *payload;
 int payload_len = 0;
 struct FLAGS flags;
--- a/src/loop.c
+++ b/src/loop.c
@@ -38,6 +38,9 @@
 
 { /* FIXME: this function is too long */
 
+/* Keep track of the original pcap header in order to put correct timestamps */
+    phdr=(struct pcap_pkthdr *)hdr;
+
 	/* check if the flag for checking for expired connections 
 	   is turned on */
 	
--- a/src/time.c
+++ b/src/time.c
@@ -32,22 +32,16 @@
 {
 
   struct timeval  *tp;
-  struct timezone *tzp;
   struct tm * brokentime;
 
   if(flags.displaytime == NOTHING_TIME)
 	  goto retNULL;
 
-  tp  = (struct timeval  * ) S_malloc( sizeof(struct timeval) );
-  tzp = (struct timezone * ) S_malloc( sizeof(struct timezone) );
+  tp = &phdr->ts;
+  if(!tp) {
 
-  memset(tp,  0, sizeof(struct timeval));
-  memset(tzp, 0, sizeof(struct timezone));
-  
-  if(gettimeofday(tp, tzp)) {
-
-	  perror("gettimeofday returned not 0!");
-	  goto retNULL;
+    perror("No timestamp was available!");
+    goto retNULL;
 
   } else {
 	  brokentime = localtime(&(tp->tv_sec));
@@ -93,9 +87,6 @@
 	  }
   }
 
-  S_free ( tp ); 
-  S_free ( tzp );
-
   return ret;
 
 retNULL: