Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 13268] New: In filter expression: "1970-01-01 00:00:00 UTC" is not a valid abs

Wireshark-bugs: [Wireshark-bugs] [Bug 13268] New: In filter expression: "1970-01-01 00:00:00 UTC

Date: Thu, 22 Dec 2016 19:28:55 +0000

Bug ID	13268
Summary	In filter _expression_: "1970-01-01 00:00:00 UTC" is not a valid absolute time
Product	Wireshark
Version	2.2.0
Hardware	x86
OS	Windows 7
Status	UNCONFIRMED
Severity	Enhancement
Priority	Low
Component	Qt UI
Assignee	[email protected]
Reporter	[email protected]

Build Information:
Version 2.2.0 (v2.2.0-0-g5368c50 from master-2.2)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2.4, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale
English_United States.1252, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i5-6600T CPU @ 2.70GHz (with SSE4.2), with 7862MB of physical
memory.


Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The filter _expression_: ntp.reftime=="1970-01-01 00:00:00" or "1970-01-01
00:00:00 UTC" is not accepted because it is not a valid absolute time.
This should be equal to the ntp.reftime field being zero.
(I did try ntp.reftime==0 and "0" ...)

"1970-01-01 01:00:00" is accepted.
"1971-01-01 00:00:00" is also accepted.
"1970-01-01 00:00:00 UTC" is not accepted, nor any other format with UTC at the
end.

The filter _expression_: ntp.reftime=="1970-01-01 01:00:00" yields the desired
result (reftime flied is zero), probably because the local timezone is +1h
offset.

Since entire NTP thinks in UTC, and the dissector outputs in UTC, this makes
filtering a somewhat unexpected challenge.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 13268] In filter expression: "1970-01-01 00:00:00 UTC" is not a valid absolute time
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 13267] New: Buildbot crash output: fuzz-2016-12-22-9049.pcap
Next by Date: [Wireshark-bugs] [Bug 13268] In filter expression: "1970-01-01 00:00:00 UTC" is not a valid absolute time
Previous by thread: [Wireshark-bugs] [Bug 13267] Buildbot crash output: fuzz-2016-12-22-9049.pcap
Next by thread: [Wireshark-bugs] [Bug 13268] In filter expression: "1970-01-01 00:00:00 UTC" is not a valid absolute time
Index(es):
- Date
- Thread