Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 3540] incorrect timestamps in netscaler capture file forma

Date: Wed, 18 Nov 2009 13:55:40 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3540





--- Comment #25 from Guy Harris <guy@xxxxxxxxxxxx>  2009-11-18 13:55:38 PDT ---
> I dont see any definitions for letoh[sl]. However there are pletoh[sl] (epan\pInt.h) macros.

Those macros are also in <wiretap/wtap-int.h>; you should use those, not the
ones in <epan/pint.h>, in Wiretap modules such as netscaler.c

> These definitions are not ifdef-ed in __ppc__ like how GUINT_TO_BE (Glibconfig.h) macros are done.

Ifdeffing with __ppc__ is neither necessary nor sufficient.  pletoh[sl] extract
the bytes, one at a time, and assemble them into a 16-bit or 32-bit quantity;
that is a byte-order-independent operation, so no ifdeffing is necessary.  This
also means that they work regardless of whether the quantity being fetched is
aligned on the appropriate boundary or not.

(Ifdeffing with __ppc__ is not sufficient because PowerPC and other flavors of
the Power Architecture are not the only big-endian architectures in existence. 
The only reason they're ifdeffed in GLib is that GLib has optimized versions of
PowerPC.)

> There are lots of users of these macros. Are they susceptible to the same issue?

No, they are not.  Those macros do the right thing on both little-endian and
big-endian machines.

Note also that when *writing* a Netscaler dump, you must convert
host-byte-order values *to* little-endian.  See the htole[ls] macros in
wtap-int.h.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.