Page 1 of 1

Hardware Timestamps in Wireshark with SocketCAN

Posted: Mon 17. Mar 2025, 21:12
by ckeydel
Hello Guys,

For a research project we want to write a Wireshark protocol interpreter and need to have access to accurate hardware timestamps. I've seen this but am not familiar with the inner workings of Wireshark. Do you have any idea how to get access to the stamp[2] value in Wireshark?

Cheers,
Chris

Re: Hardware Timestamps in Wireshark with SocketCAN

Posted: Wed 19. Mar 2025, 14:14
by S.Grosjean
Hi,

If you're asking to get the so-called "hardware timestamp" from socket-CAN API, then the socket application has to set the corresponding socket option, something like:

Code: Select all

int flags = SOF_TIMESTAMPING_SOFTWARE |
            SOF_TIMESTAMPING_RX_SOFTWARE |
            SOF_TIMESTAMPING_RAW_HARDWARE;
setsockopt(s, SOL_SOCKET, SO_TIMESTAMPING, &flags, sizeof(flags));
Then, you should check your CMSG list on rx side with:

Code: Select all

if (cmsg->cmsg_type == SO_TIMESTAMPING) {
      struct timespec *stamp = (struct timespec *)CMSG_DATA(cmsg);
stamp[2] is the raw hardware timestamp.

(see also chapter 2.2. Receive timestamps in linux/Documentation/networking/timestamping.txt)

But... I admit, this has nothing to do with Wireshark and we actually don't absolutely know how a Wireshark plug-in could sniff these data structures.

Regards,