Browse files

Patch to add a field called "ts_usec", that contains the timestamp with

microseconds. Useful for calculating precisely time elapsed between
query and response, or between queries from the same source.
  • Loading branch information...
1 parent a0bb515 commit 709dab62254fd0a1d1552b91fff884a1afc0b2a7 @seb-at-nzrs seb-at-nzrs committed Jul 15, 2013
@@ -4,6 +4,8 @@
import java.util.Iterator;
+import java.math.BigDecimal;
+import java.math.MathContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -50,6 +52,8 @@
private Iterator<Packet> iterator;
private LinkType linkType;
private boolean caughtEOF = false;
+ // MathContext for BigDecimal to preserve only 16 decimal digits
+ private MathContext ts_mc = new MathContext(16);
//To read reversed-endian PCAPs; the header is the only part that switches
private boolean reverseHeaderByteOrder = false;
@@ -135,6 +139,11 @@ private Packet nextPacket() {
long packetTimestampMicros = PcapReaderUtil.convertInt(pcapPacketHeader, TIMESTAMP_MICROS_OFFSET, reverseHeaderByteOrder);
packet.put(Packet.TIMESTAMP_MICROS, packetTimestampMicros);
+ // Prepare the timestamp with a BigDecimal to include microseconds
+ BigDecimal packetTimestampUsec = new BigDecimal(packetTimestamp
+ + (double) packetTimestampMicros/1000000, ts_mc);
+ packet.put(Packet.TS_USEC, packetTimestampUsec);
long packetSize = PcapReaderUtil.convertInt(pcapPacketHeader, CAP_LEN_OFFSET, reverseHeaderByteOrder);
byte[] packetData = new byte[(int)packetSize];
if (!readBytes(packetData))
@@ -8,6 +8,7 @@
public static final String TIMESTAMP = "ts";
public static final String TIMESTAMP_MICROS = "tsmicros";
+ public static final String TS_USEC = "ts_usec";
public static final String TTL = "ttl";
public static final String IP_VERSION = "ip_version";
public static final String PROTOCOL = "protocol";
@@ -23,6 +23,7 @@ You can use the following parameters to combine multiple input files into splits
CREATE EXTERNAL TABLE pcaps (ts bigint,
+ ts_usec decimal,
protocol string,
src string,
src_port int,
@@ -35,7 +36,7 @@ You can use the following parameters to combine multiple input files into splits
dns_opcode string,
dns_rcode string,
dns_question string,
- dns_answer array<string>,
+ dns_answer array<string>,
dns_authority array<string>,
dns_additional array<string>)
ROW FORMAT SERDE 'net.ripe.hadoop.pcap.serde.PcapDeserializer'

0 comments on commit 709dab6

Please sign in to comment.