Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4720] Ethernet Global Data (EGD) timestamp field has wrong

Date: Fri, 30 Apr 2010 03:17:24 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4720

--- Comment #6 from oli <oliver@xxxxxxxxxxxxxxxxx> 2010-04-30 03:17:19 PDT ---

Actually, it needs to be a little cleverer than just discarding ntohl, I guess.
Depending on if the host system running wireshark is LE or BE; the data should
always be assumed to be LE.

The code section should probably look like this (nb the function names I used
are of course just representative, I don't know the source or what is available
within wireshark api to do this):

#ifdef HOST_IS_LE
    egd_time.secs  = tvb_get_no_endian_swap( tvb, offset );
    egd_time.nsecs = tvb_get_no_endian_swap( tvb, offset+4 );
#else
    egd_time.secs  = tvb_get_swap_endian(tvb, offset);
    egd_time.nsecs = tvb_get_swap_endian(tvb, offset+4);
#endif

htonl/ntohl will not do anything on a BE system, so you'll need some other
means to swap the byte order there.

I'm sure you guys are way ahead of me on this anyway...;-)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.