Hi,
It looks to me like your time format is wrong, as opposed to RADIUS:
time 32 bit unsigned value, most significant octet first --
seconds since 00:00:00 UTC, January 1, 1970. The
standard Attributes do not use this data type but it is
presented here for possible use in future attributes.
The DIAMETER RFC says:
Calhoun, et al. Standards Track [Page 42]
RFC 3588 Diameter Based Protocol September 2003
AVP represents the AddressType, which contains an Address Family
defined in [IANAADFAM]. The AddressType is used to discriminate
the content and format of the remaining octets.
Time
The Time format is derived from the OctetString AVP Base Format.
The string MUST contain four octets, in the same format as the
first four bytes are in the NTP timestamp format. The NTP
Timestamp format is defined in chapter 3 of [SNTP].
This represents the number of seconds since 0h on 1 January 1900
with respect to the Coordinated Universal Time (UTC).
On 6h 28m 16s UTC, 7 February 2036 the time value will overflow.
SNTP [SNTP] describes a procedure to extend the time to 2104.
This procedure MUST be supported by all DIAMETER nodes.
Here's the relevant code from the Diameter dissector:
#define NTP_TIME_DIFF (2208988800UL)
:
case DIAMETER_TIME:
if (avpDataLength == 4) {
nstime_t data;
gchar buffer[64];
struct tm *ltp;
data.secs = tvb_get_ntohl(tvb, offset);
data.secs -= NTP_TIME_DIFF;
data.nsecs = 0;
ltp = localtime(&data.secs);
strftime(buffer, 64,
"%a, %d %b %Y %H:%M:%S %z", ltp);
proto_tree_add_time_format(avpi_tree,
hf_diameter_avp_data_time,
tvb, offset, avpDataLength,
&data,
"Time: %s", buffer);
} else {
proto_tree_add_bytes_format(avpi_tree,
hf_diameter_avp_data_bytes,
tvb, offset, avpDataLength,
tvb_get_ptr(tvb, offset,
avpDataLength),
"Error! Bad Time Length");
}
break;
Best regards
Anders
>Hi,
>
>one more update on the diameter thing:
>
>I stripped down the error, and it is/was related to our own AVP definition.
>
>We use a AVP with
><avp name="Event-Timestamp" code="xx" mandatory="must">
> <type type-name="Time"/>
></avp>
>
>If this AVP is present Ethereal crashes, if I change the AVP definition to
>integer32 or unsigned32 everything works fine.
>
>The strange thing , I change for testing some other AVP to type = Time ,
and
>the value =3 gets decoded as seen in the attachment to a date in the
future,
>I would have expected to see 1 Jan 1970 00:00:03 ???
>
>Somebody could have a look on, if this is a error in the Typedefinition of
>"Time" somewhere in the diameter dissector? or is this then related to
>libxml2 ???
>
>Regards
>Michael