]> The Tcpdump Group git mirrors - tcpdump/blob - print-ntp.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'master' into fix_udp_frag_badlen
[tcpdump] / print-ntp.c
1 /*
2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * By Jeffrey Mogul/DECWRL
22 * loosely based on print-bootp.c
23 */
24
25 /* \summary: Network Time Protocol (NTP) printer */
26
27 /*
28 * specification:
29 *
30 * RFC 1119 - NTPv2
31 * RFC 1305 - NTPv3
32 * RFC 5905 - NTPv4
33 */
34
35 #ifdef HAVE_CONFIG_H
36 #include <config.h>
37 #endif
38
39 #include "netdissect-stdinc.h"
40
41 #ifdef HAVE_STRFTIME
42 #include <time.h>
43 #endif
44
45 #include "netdissect.h"
46 #include "addrtoname.h"
47 #include "extract.h"
48
49 #include "ntp.h"
50
51 /*
52 * Based on ntp.h from the U of MD implementation
53 * This file is based on Version 2 of the NTP spec (RFC1119).
54 */
55
56 /* rfc2030
57 * 1 2 3
58 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
59 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
60 * |LI | VN |Mode | Stratum | Poll | Precision |
61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
62 * | Root Delay |
63 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
64 * | Root Dispersion |
65 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
66 * | Reference Identifier |
67 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
68 * | |
69 * | Reference Timestamp (64) |
70 * | |
71 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
72 * | |
73 * | Originate Timestamp (64) |
74 * | |
75 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
76 * | |
77 * | Receive Timestamp (64) |
78 * | |
79 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
80 * | |
81 * | Transmit Timestamp (64) |
82 * | |
83 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
84 * | Key Identifier (optional) (32) |
85 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
86 * | |
87 * | |
88 * | Message Digest (optional) (128) |
89 * | |
90 * | |
91 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
92 */
93
94 /* Length of the NTP data message with the mandatory fields ("the header")
95 * and without any optional fields (extension, Key Identifier,
96 * Message Digest).
97 */
98 #define NTP_TIMEMSG_MINLEN 48U
99
100 struct ntp_time_data {
101 nd_uint8_t status; /* status of local clock and leap info */
102 nd_uint8_t stratum; /* Stratum level */
103 nd_int8_t ppoll; /* poll value */
104 nd_int8_t precision;
105 struct s_fixedpt root_delay;
106 struct s_fixedpt root_dispersion;
107 nd_uint32_t refid;
108 struct l_fixedpt ref_timestamp;
109 struct l_fixedpt org_timestamp;
110 struct l_fixedpt rec_timestamp;
111 struct l_fixedpt xmt_timestamp;
112 nd_uint32_t key_id;
113 nd_uint8_t message_digest[20];
114 };
115 /*
116 * Leap Second Codes (high order two bits)
117 */
118 #define NO_WARNING 0x00 /* no warning */
119 #define PLUS_SEC 0x40 /* add a second (61 seconds) */
120 #define MINUS_SEC 0x80 /* minus a second (59 seconds) */
121 #define ALARM 0xc0 /* alarm condition (clock unsynchronized) */
122
123 /*
124 * Clock Status Bits that Encode Version
125 */
126 #define NTPVERSION_1 0x08
127 #define VERSIONMASK 0x38
128 #define VERSIONSHIFT 3
129 #define LEAPMASK 0xc0
130 #define LEAPSHIFT 6
131 #ifdef MODEMASK
132 #undef MODEMASK /* Solaris sucks */
133 #endif
134 #define MODEMASK 0x07
135 #define MODESHIFT 0
136
137 /*
138 * Code values
139 */
140 #define MODE_UNSPEC 0 /* unspecified */
141 #define MODE_SYM_ACT 1 /* symmetric active */
142 #define MODE_SYM_PAS 2 /* symmetric passive */
143 #define MODE_CLIENT 3 /* client */
144 #define MODE_SERVER 4 /* server */
145 #define MODE_BROADCAST 5 /* broadcast */
146 #define MODE_CONTROL 6 /* control message */
147 #define MODE_RES2 7 /* reserved */
148
149 /*
150 * Stratum Definitions
151 */
152 #define UNSPECIFIED 0
153 #define PRIM_REF 1 /* radio clock */
154 #define INFO_QUERY 62 /* **** THIS implementation dependent **** */
155 #define INFO_REPLY 63 /* **** THIS implementation dependent **** */
156
157 static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *);
158 static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *);
159 static void p_poll(netdissect_options *, const int);
160
161 static const struct tok ntp_mode_values[] = {
162 { MODE_UNSPEC, "unspecified" },
163 { MODE_SYM_ACT, "symmetric active" },
164 { MODE_SYM_PAS, "symmetric passive" },
165 { MODE_CLIENT, "Client" },
166 { MODE_SERVER, "Server" },
167 { MODE_BROADCAST, "Broadcast" },
168 { MODE_CONTROL, "Control Message" },
169 { MODE_RES2, "Reserved" },
170 { 0, NULL }
171 };
172
173 static const struct tok ntp_leapind_values[] = {
174 { NO_WARNING, "" },
175 { PLUS_SEC, "+1s" },
176 { MINUS_SEC, "-1s" },
177 { ALARM, "clock unsynchronized" },
178 { 0, NULL }
179 };
180
181 static const struct tok ntp_stratum_values[] = {
182 { UNSPECIFIED, "unspecified" },
183 { PRIM_REF, "primary reference" },
184 { 0, NULL }
185 };
186
187 /* draft-ietf-ntp-mode-6-cmds-02
188 * 0 1 2 3
189 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
190 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
191 * |LI | VN |Mode |R|E|M| OpCode | Sequence Number |
192 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
193 * | Status | Association ID |
194 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
195 * | Offset | Count |
196 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
197 * | |
198 * / Data (up to 468 bytes) /
199 * | |
200 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
201 * | Padding (optional) |
202 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
203 * | |
204 * / Authenticator (optional, 96 bytes) /
205 * | |
206 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
207 *
208 * Figure 1: NTP Control Message Header
209 */
210
211 /* Length of the NTP control message with the mandatory fields ("the header")
212 * and without any optional fields (Data, Padding, Authenticator).
213 */
214 #define NTP_CTRLMSG_MINLEN 12U
215
216 struct ntp_control_data {
217 nd_uint8_t magic; /* LI, VN, Mode */
218 nd_uint8_t control; /* R, E, M, OpCode */
219 nd_uint16_t sequence; /* Sequence Number */
220 nd_uint16_t status; /* Status */
221 nd_uint16_t assoc; /* Association ID */
222 nd_uint16_t offset; /* Offset */
223 nd_uint16_t count; /* Count */
224 nd_uint8_t data[564]; /* Data, [Padding, [Authenticator]] */
225 };
226
227 /*
228 * Print NTP time requests and responses
229 */
230 static void
231 ntp_time_print(netdissect_options *ndo,
232 const struct ntp_time_data *bp, u_int length)
233 {
234 uint8_t stratum;
235
236 if (length < NTP_TIMEMSG_MINLEN)
237 goto invalid;
238
239 ND_TCHECK_1(bp->stratum);
240 stratum = GET_U_1(bp->stratum);
241 ND_PRINT(", Stratum %u (%s)",
242 stratum,
243 tok2str(ntp_stratum_values, (stratum >=2 && stratum<=15) ? "secondary reference" : "reserved", stratum));
244
245 ND_TCHECK_1(bp->ppoll);
246 ND_PRINT(", poll %d", GET_S_1(bp->ppoll));
247 p_poll(ndo, GET_S_1(bp->ppoll));
248
249 ND_TCHECK_1(bp->precision);
250 ND_PRINT(", precision %d", GET_S_1(bp->precision));
251
252 ND_TCHECK_SIZE(&bp->root_delay);
253 ND_PRINT("\n\tRoot Delay: ");
254 p_sfix(ndo, &bp->root_delay);
255
256 ND_TCHECK_SIZE(&bp->root_dispersion);
257 ND_PRINT(", Root dispersion: ");
258 p_sfix(ndo, &bp->root_dispersion);
259
260 ND_TCHECK_4(bp->refid);
261 ND_PRINT(", Reference-ID: ");
262 /* Interpretation depends on stratum */
263 switch (stratum) {
264
265 case UNSPECIFIED:
266 ND_PRINT("(unspec)");
267 break;
268
269 case PRIM_REF:
270 if (nd_printn(ndo, (const u_char *)&(bp->refid), 4, ndo->ndo_snapend))
271 goto trunc;
272 break;
273
274 case INFO_QUERY:
275 ND_PRINT("%s INFO_QUERY", GET_IPADDR_STRING(bp->refid));
276 /* this doesn't have more content */
277 return;
278
279 case INFO_REPLY:
280 ND_PRINT("%s INFO_REPLY", GET_IPADDR_STRING(bp->refid));
281 /* this is too complex to be worth printing */
282 return;
283
284 default:
285 /* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of
286 MD5 sum of IPv6 address */
287 ND_PRINT("0x%08x", GET_BE_U_4(bp->refid));
288 break;
289 }
290
291 ND_TCHECK_SIZE(&bp->ref_timestamp);
292 ND_PRINT("\n\t Reference Timestamp: ");
293 p_ntp_time(ndo, &(bp->ref_timestamp));
294
295 ND_TCHECK_SIZE(&bp->org_timestamp);
296 ND_PRINT("\n\t Originator Timestamp: ");
297 p_ntp_time(ndo, &(bp->org_timestamp));
298
299 ND_TCHECK_SIZE(&bp->rec_timestamp);
300 ND_PRINT("\n\t Receive Timestamp: ");
301 p_ntp_time(ndo, &(bp->rec_timestamp));
302
303 ND_TCHECK_SIZE(&bp->xmt_timestamp);
304 ND_PRINT("\n\t Transmit Timestamp: ");
305 p_ntp_time(ndo, &(bp->xmt_timestamp));
306
307 ND_PRINT("\n\t Originator - Receive Timestamp: ");
308 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->rec_timestamp));
309
310 ND_PRINT("\n\t Originator - Transmit Timestamp: ");
311 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
312
313 /* FIXME: this code is not aware of any extension fields */
314 if (length == NTP_TIMEMSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */
315 ND_TCHECK_4(bp->key_id);
316 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
317 } else if (length == NTP_TIMEMSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */
318 ND_TCHECK_4(bp->key_id);
319 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
320 ND_TCHECK_LEN(bp->message_digest, 16);
321 ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x",
322 GET_BE_U_4(bp->message_digest),
323 GET_BE_U_4(bp->message_digest + 4),
324 GET_BE_U_4(bp->message_digest + 8),
325 GET_BE_U_4(bp->message_digest + 12));
326 } else if (length == NTP_TIMEMSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */
327 ND_TCHECK_4(bp->key_id);
328 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
329 ND_TCHECK_LEN(bp->message_digest, 20);
330 ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x%08x",
331 GET_BE_U_4(bp->message_digest),
332 GET_BE_U_4(bp->message_digest + 4),
333 GET_BE_U_4(bp->message_digest + 8),
334 GET_BE_U_4(bp->message_digest + 12),
335 GET_BE_U_4(bp->message_digest + 16));
336 } else if (length > NTP_TIMEMSG_MINLEN) {
337 ND_PRINT("\n\t(%u more bytes after the header)", length - NTP_TIMEMSG_MINLEN);
338 }
339 return;
340
341 invalid:
342 nd_print_invalid(ndo);
343 ND_TCHECK_LEN(bp, length);
344 return;
345
346 trunc:
347 nd_print_trunc(ndo);
348 }
349
350 /*
351 * Print NTP control message requests and responses
352 */
353 static void
354 ntp_control_print(netdissect_options *ndo,
355 const struct ntp_control_data *cd, u_int length)
356 {
357 uint8_t control, R, E, M, opcode;
358 uint16_t sequence, status, assoc, offset, count;
359
360 if (length < NTP_CTRLMSG_MINLEN)
361 goto invalid;
362
363 ND_TCHECK_1(cd->control);
364 control = GET_U_1(cd->control);
365 R = (control & 0x80) != 0;
366 E = (control & 0x40) != 0;
367 M = (control & 0x20) != 0;
368 opcode = control & 0x1f;
369 ND_PRINT(", %s, %s, %s, OpCode=%u\n",
370 R ? "Response" : "Request", E ? "Error" : "OK",
371 M ? "More" : "Last", opcode);
372
373 ND_TCHECK_2(cd->sequence);
374 sequence = GET_BE_U_2(cd->sequence);
375 ND_PRINT("\tSequence=%hu", sequence);
376
377 ND_TCHECK_2(cd->status);
378 status = GET_BE_U_2(cd->status);
379 ND_PRINT(", Status=%#hx", status);
380
381 ND_TCHECK_2(cd->assoc);
382 assoc = GET_BE_U_2(cd->assoc);
383 ND_PRINT(", Assoc.=%hu", assoc);
384
385 ND_TCHECK_2(cd->offset);
386 offset = GET_BE_U_2(cd->offset);
387 ND_PRINT(", Offset=%hu", offset);
388
389 ND_TCHECK_2(cd->count);
390 count = GET_BE_U_2(cd->count);
391 ND_PRINT(", Count=%hu", count);
392
393 if (NTP_CTRLMSG_MINLEN + count > length)
394 goto invalid;
395 if (count != 0) {
396 ND_TCHECK_LEN(cd->data, count);
397 ND_PRINT("\n\tTO-BE-DONE: data not interpreted");
398 }
399 return;
400
401 invalid:
402 nd_print_invalid(ndo);
403 ND_TCHECK_LEN(cd, length);
404 return;
405
406 trunc:
407 nd_print_trunc(ndo);
408 }
409
410 union ntpdata {
411 struct ntp_time_data td;
412 struct ntp_control_data cd;
413 };
414
415 /*
416 * Print NTP requests, handling the common VN, LI, and Mode
417 */
418 void
419 ntp_print(netdissect_options *ndo,
420 const u_char *cp, u_int length)
421 {
422 const union ntpdata *bp = (const union ntpdata *)cp;
423 u_int mode, version, leapind;
424 uint8_t status;
425
426 ndo->ndo_protocol = "ntp";
427 ND_TCHECK_1(bp->td.status);
428 status = GET_U_1(bp->td.status);
429
430 version = (status & VERSIONMASK) >> VERSIONSHIFT;
431 ND_PRINT("NTPv%u", version);
432
433 mode = (status & MODEMASK) >> MODESHIFT;
434 if (!ndo->ndo_vflag) {
435 ND_PRINT(", %s, length %u",
436 tok2str(ntp_mode_values, "Unknown mode", mode),
437 length);
438 return;
439 }
440
441 ND_PRINT(", %s, length %u\n",
442 tok2str(ntp_mode_values, "Unknown mode", mode), length);
443
444 /* leapind = (status & LEAPMASK) >> LEAPSHIFT; */
445 leapind = (status & LEAPMASK);
446 ND_PRINT("\tLeap indicator: %s (%u)",
447 tok2str(ntp_leapind_values, "Unknown", leapind),
448 leapind);
449
450 switch (mode) {
451
452 case MODE_UNSPEC:
453 case MODE_SYM_ACT:
454 case MODE_SYM_PAS:
455 case MODE_CLIENT:
456 case MODE_SERVER:
457 case MODE_BROADCAST:
458 ntp_time_print(ndo, &bp->td, length);
459 break;
460
461 case MODE_CONTROL:
462 ntp_control_print(ndo, &bp->cd, length);
463 break;
464
465 default:
466 break; /* XXX: not implemented! */
467 }
468 return;
469
470 trunc:
471 nd_print_trunc(ndo);
472 }
473
474 static void
475 p_sfix(netdissect_options *ndo,
476 const struct s_fixedpt *sfp)
477 {
478 int i;
479 int f;
480 double ff;
481
482 i = GET_BE_U_2(sfp->int_part);
483 f = GET_BE_U_2(sfp->fraction);
484 ff = f / 65536.0; /* shift radix point by 16 bits */
485 f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */
486 ND_PRINT("%d.%06d", i, f);
487 }
488
489 /* Prints time difference between *lfp and *olfp */
490 static void
491 p_ntp_delta(netdissect_options *ndo,
492 const struct l_fixedpt *olfp,
493 const struct l_fixedpt *lfp)
494 {
495 uint32_t u, uf;
496 uint32_t ou, ouf;
497 uint32_t i;
498 uint32_t f;
499 double ff;
500 int signbit;
501
502 u = GET_BE_U_4(lfp->int_part);
503 ou = GET_BE_U_4(olfp->int_part);
504 uf = GET_BE_U_4(lfp->fraction);
505 ouf = GET_BE_U_4(olfp->fraction);
506 if (ou == 0 && ouf == 0) {
507 p_ntp_time(ndo, lfp);
508 return;
509 }
510
511 if (u > ou) { /* new is definitely greater than old */
512 signbit = 0;
513 i = u - ou;
514 f = uf - ouf;
515 if (ouf > uf) /* must borrow from high-order bits */
516 i -= 1;
517 } else if (u < ou) { /* new is definitely less than old */
518 signbit = 1;
519 i = ou - u;
520 f = ouf - uf;
521 if (uf > ouf) /* must borrow from the high-order bits */
522 i -= 1;
523 } else { /* int_part is zero */
524 i = 0;
525 if (uf > ouf) {
526 signbit = 0;
527 f = uf - ouf;
528 } else {
529 signbit = 1;
530 f = ouf - uf;
531 }
532 }
533
534 ff = f;
535 if (ff < 0.0) /* some compilers are buggy */
536 ff += FMAXINT;
537 ff = ff / FMAXINT; /* shift radix point by 32 bits */
538 f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */
539 ND_PRINT("%s%u.%09u", signbit ? "-" : "+", i, f);
540 }
541
542 /* Prints polling interval in log2 as seconds or fraction of second */
543 static void
544 p_poll(netdissect_options *ndo,
545 const int poll_interval)
546 {
547 if (poll_interval <= -32 || poll_interval >= 32)
548 return;
549
550 if (poll_interval >= 0)
551 ND_PRINT(" (%us)", 1U << poll_interval);
552 else
553 ND_PRINT(" (1/%us)", 1U << -poll_interval);
554 }
555
[mirror] the TCPdump network dissector