Wireshark · Wireshark-dev: Re: [Wireshark-dev] ntp_to_nstime rfc2030 bit 0

[Pascal Quantin <pascal.quantin@xxxxxxxxx>]

HI Keoma,

2017-07-12 20:57 GMT+02:00 Keoma Brun-Laguna via Wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>:

Hi,

RFC2030 part 3 says that the first bit of the payload is used as a flag to determine the time range (1968->2036 or 2036->2104).  

The *ntp_to_nstime* function in *epan/dissectors/packet-ntp.c* references [rfc2030][1] but seems to use the first 4 bytes instead of using only the first bit [ref][2].

Note that this function is only used in *epan/dissectors/packet-zep.c*.  

Note that the code is "duplicated" [here too][3].

[Here][4] is a commit that reference that part of the code.

  [1]: https://tools.ietf.org/html/rfc2030

  [2]: https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-ntp.c#L767

  [3]: https://github.com/wireshark/wireshark/blob/master/epan/proto.c#L1758

  [4]: https://github.com/wireshark/wireshark/commit/d97b4ec325830bee235568138ba4151edc253c54

------

I am looking a the code that is in the official Wireshark GitHub repo, last commit is aa78d3c.

(I tried to send this to ask.wireshark.org but got treated as spam so I'm sending here)

The code is not checking the range, but checking whether we should substract 2208988800 seconds (the time difference between the 1st of January 1900 at midnight and epoch) or not (keeping the 0 case apart).

Did you test the current code (using the capture from https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10440 for example)? It seems to work fine.

Regards,

Pascal.