https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3368
--- Comment #9 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2012-10-09 09:37:20 PDT ---
(In reply to comment #8)
> I say, closing/worksforme.
Well, it doesn't work for me on Windows (XP or 7) with SVN 45426. The
timestamp is shown as "Not representable".
If I apply the patch (to be attached), which essentially makes Wireshark behave
like 1.0, then it displays the time I reported in comment 2, namely, "[MSW and
LSW as NTP timestamp: May 3, 2075 03:41:13.766000 UTC]".
Now, since MSW is 1,238,101,977, subtracting off 2,208,988,800 (i.e,
NTP_BASETIME, i.e., 1 Jan 1970), we get -970,886,823. And feeding -970,886,823
into http://www.epochconverter.com/ yields, "Mon, 27 Mar 1939 21:12:57 GMT",
which is what Jaap reported in comment 1. This appears to be the correct value
and what Wireshark should probably be calculating.
So, something seems amiss with NTP calculations on Windows, and digging a bit
deeper, it seems that it's due to epan/to_str.c:abs_time_to_str() using
gmtime() and localtime(), which both return NULL if handed a date before 1 Jan
1970.
Ref: http://msdn.microsoft.com/en-us/library/0z9czt0w%28v=vs.110%29.aspx and
http://msdn.microsoft.com/en-us/library/bf12f0hc.aspx.
But I don't know how to fix that ... unless possibly borrowing some code from
ntp.org.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
