Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Default encodage for FT_ABSOLUTE_TIME

From: Remy Leone <remy.leone@xxxxxxxx>
Date: Fri, 08 Sep 2017 14:37:15 +0000
Hello,

I'm looking currently at epan/dissectors/packet-zep.c and I don't see any encoding specified for FT_ABSOLUTE_TIME. If nothing is specified, which one is the default? Here is a reminder of the different encoding taken from the documentation that don't specify that:

 For FT_ABSOLUTE_TIME fields, the encoding specifies the form in which
 the time stamp is specified, as well as its byte order.  The time stamp
 encodings that are currently supported are:
 
     ENC_TIME_TIMESPEC - 8 bytes; the first 4 bytes are seconds since
         the UN*X epoch (1970-01-01 00:00:00 UTC) and the next 4 bytes
         are nanoseconds since that second.  (I.e., a UN*X struct
         timespec with a 4-byte time_t.)
 
     ENC_TIME_NTP - 8 bytes; the first 4 bytes are seconds since the NTP
         epoch (1900-01-01 00:00:00 GMT) and the next 4 bytes are 1/2^32's of
         a second since that second.  (I.e., a 64-bit count of 1/2^32's of a
         second since the NTP epoch, with the upper 32 bits first and the
         lower 32 bits second, even when little-endian.)
 
     ENC_TIME_TOD - 8 bytes, as a count of microseconds since the System/3x0
         and z/Architecture epoch (1900-01-01 00:00:00 GMT).
 
     ENC_TIME_RTPS - 8 bytes; the first 4 bytes are seconds since the UN*X
         epoch and the next 4 bytes are are 1/2^32's of a second since that
         second.  (I.e., it's the offspring of a mating between UN*X time and
         NTP time.)  It's used by the Object Management Group's Real-Time
         Publish-Subscribe Wire Protocol for the Data Distribution Service.
 
     ENC_TIME_TIMEVAL - 8 bytes; the first 4 bytes are seconds since the
         UN*X epoch and the next 4 bytes are microseconds since that
         second.  (I.e., a UN*X struct timeval with a 4-byte time_t.)
 
     ENC_TIME_SECS - 4 to 8 bytes, representing a value in seconds since
         the UN*X epoch.
 
     ENC_TIME_MSECS - 6 to 8 bytes, representing a value in milliseconds
         since the UN*X epoch.
 
     ENC_TIME_SECS_NTP - 4 bytes, representing a count of seconds since
         the NTP epoch.  (I.e., seconds since the NTP epoch.)
 
     ENC_TIME_RFC_3971 - 8 bytes, representing a count of 1/64ths of a
         second since the UN*X epoch; see section 5.3.1 "Timestamp Option"
         in RFC 3971.
 
     ENC_TIME_MSEC_NTP - 4-8 bytes, representing a count of milliseconds since
         the NTP epoch.  (I.e., milliseconds since the NTP epoch.)

Best regards

Rémy