pcap: Update the per-file header to use reserved1 and reserved2

Update pcap-savefile.manfile.in accordingly.

This is in line with the draft-ietf-opsawg-pcap.

4 files changed, 18 insertions, 16 deletions

diff --git a/pcap-savefile.manfile.in b/pcap-savefile.manfile.in
index a7ae9afb..1bfebe22 100644
--- a/pcap-savefile.manfile.in
+++ b/pcap-savefile.manfile.in
@@ -41,9 +41,9 @@ Magic number
 _
 Major version	Minor version
 _
-Time zone offset
+Reverved1
 _
-Time stamp accuracy
+Reverved2
 _
 Snapshot length
 _
@@ -80,10 +80,15 @@ A 2-byte file format major version number; the current version number is
 A 2-byte file format minor version number; the current version number is
 4.
 .IP
-A 4-byte time zone offset; this is always 0.
+A 4-byte not used - SHOULD be filled with 0 by pcap file writers, and MUST
+be ignored by pcap file readers.  This value was documented by some older
+implementations as "gmt to local correction" or "time zone offset".
+Some older pcap file writers stored non-zero values in this field.
 .IP
-A 4-byte number giving the accuracy of time stamps in the file; this is
-always 0.
+A 4-byte not used - SHOULD be filled with 0 by pcap file writers, and MUST
+be ignored by pcap file readers.  This value was documented by some older
+implementations as "accuracy of timestamps".  Some older pcap file
+writers stored non-zero values in this field.
 .IP
 A 4-byte number giving the "snapshot length" of the capture; packets
 longer than the snapshot length are truncated to the snapshot length, so
diff --git a/pcap-sita.html b/pcap-sita.html
index cb88aabe..7cf3734f 100644
--- a/pcap-sita.html
+++ b/pcap-sita.html
@@ -803,8 +803,6 @@ A { text-decoration:none }
 					this is also known as a UN*X time_t. You can use the ANSI C
 					<em>time()</em> function from <em>time.h</em> to get this value,
 					but you might use a more optimized way to get this timestamp value.
-					If this timestamp isn't based on GMT (UTC), use <em>thiszone</em>
-					from the global header for adjustments.</TD>
 			</TR>
 			<TR>
 				<TD VALIGN=TOP>tv_usec</TD>
diff --git a/pcap/pcap.h b/pcap/pcap.h
index 53733b54..b24259d9 100644
--- a/pcap/pcap.h
+++ b/pcap/pcap.h
@@ -208,8 +208,8 @@ struct pcap_file_header {
 	bpf_u_int32 magic;
 	u_short version_major;
 	u_short version_minor;
-	bpf_int32 thiszone;	/* gmt to local correction; this is always 0 */
-	bpf_u_int32 sigfigs;	/* accuracy of timestamps; this is always 0 */
+	bpf_int32 reserved1;	/* not used - SHOULD be filled with 0 */
+	bpf_u_int32 reserved2;	/* not used - SHOULD be filled with 0 */
 	bpf_u_int32 snaplen;	/* max length saved portion of each pkt */
 	bpf_u_int32 linktype;	/* data link type (LINKTYPE_*) */
 };
diff --git a/sf-pcap.c b/sf-pcap.c
index a8509962..057f360e 100644
--- a/sf-pcap.c
+++ b/sf-pcap.c
@@ -206,8 +206,8 @@ pcap_check_header(const uint8_t *magic, FILE *fp, u_int precision, char *errbuf,
 	if (swapped) {
 		hdr.version_major = SWAPSHORT(hdr.version_major);
 		hdr.version_minor = SWAPSHORT(hdr.version_minor);
-		hdr.thiszone = SWAPLONG(hdr.thiszone);
-		hdr.sigfigs = SWAPLONG(hdr.sigfigs);
+		hdr.reserved1 = SWAPLONG(hdr.reserved1);
+		hdr.reserved2 = SWAPLONG(hdr.reserved2);
 		hdr.snaplen = SWAPLONG(hdr.snaplen);
 		hdr.linktype = SWAPLONG(hdr.linktype);
 	}
@@ -731,12 +731,11 @@ sf_write_header(pcap_t *p, FILE *fp, int linktype, int snaplen)
 
 	/*
 	 * https://www.tcpdump.org/manpages/pcap-savefile.5.txt states:
-	 * thiszone: 4-byte time zone offset; this is always 0.
-	 * sigfigs:  4-byte number giving the accuracy of time stamps
-	 *           in the file; this is always 0.
+	 * reserved1: 4-byte not used - SHOULD be filled with 0
+	 * reserved2: 4-byte not used - SHOULD be filled with 0
 	 */
-	hdr.thiszone = 0;
-	hdr.sigfigs = 0;
+	hdr.reserved1 = 0;
+	hdr.reserved2 = 0;
 	hdr.snaplen = snaplen;
 	hdr.linktype = linktype;