]> The Tcpdump Group git mirrors - tcpdump/blob - print-ntp.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
tcpdump: plug a memory leak.
[tcpdump] / print-ntp.c
1 /*
2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * By Jeffrey Mogul/DECWRL
22 * loosely based on print-bootp.c
23 */
24
25 /* \summary: Network Time Protocol (NTP) printer */
26
27 /*
28 * specification:
29 *
30 * RFC 1119 - NTPv2
31 * RFC 1305 - NTPv3
32 * RFC 5905 - NTPv4
33 */
34
35 #ifdef HAVE_CONFIG_H
36 #include <config.h>
37 #endif
38
39 #include "netdissect-stdinc.h"
40
41 #include <time.h>
42
43 #define ND_LONGJMP_FROM_TCHECK
44 #include "netdissect.h"
45 #include "addrtoname.h"
46 #include "extract.h"
47
48 #include "ntp.h"
49
50 /*
51 * Based on ntp.h from the U of MD implementation
52 * This file is based on Version 2 of the NTP spec (RFC1119).
53 */
54
55 /* rfc2030
56 * 1 2 3
57 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
58 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
59 * |LI | VN |Mode | Stratum | Poll | Precision |
60 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
61 * | Root Delay |
62 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
63 * | Root Dispersion |
64 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
65 * | Reference Identifier |
66 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
67 * | |
68 * | Reference Timestamp (64) |
69 * | |
70 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
71 * | |
72 * | Originate Timestamp (64) |
73 * | |
74 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
75 * | |
76 * | Receive Timestamp (64) |
77 * | |
78 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
79 * | |
80 * | Transmit Timestamp (64) |
81 * | |
82 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
83 * | Key Identifier (optional) (32) |
84 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
85 * | |
86 * | |
87 * | Message Digest (optional) (128) |
88 * | |
89 * | |
90 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
91 */
92
93 /* Length of the NTP data message with the mandatory fields ("the header")
94 * and without any optional fields (extension, Key Identifier,
95 * Message Digest).
96 */
97 #define NTP_TIMEMSG_MINLEN 48U
98
99 struct ntp_time_data {
100 nd_uint8_t status; /* status of local clock and leap info */
101 nd_uint8_t stratum; /* Stratum level */
102 nd_int8_t ppoll; /* poll value */
103 nd_int8_t precision;
104 struct s_fixedpt root_delay;
105 struct s_fixedpt root_dispersion;
106 nd_uint32_t refid;
107 struct l_fixedpt ref_timestamp;
108 struct l_fixedpt org_timestamp;
109 struct l_fixedpt rec_timestamp;
110 struct l_fixedpt xmt_timestamp;
111 nd_uint32_t key_id;
112 nd_uint8_t message_digest[20];
113 };
114 /*
115 * Leap Second Codes (high order two bits)
116 */
117 #define NO_WARNING 0x00 /* no warning */
118 #define PLUS_SEC 0x40 /* add a second (61 seconds) */
119 #define MINUS_SEC 0x80 /* minus a second (59 seconds) */
120 #define ALARM 0xc0 /* alarm condition (clock unsynchronized) */
121
122 /*
123 * Clock Status Bits that Encode Version
124 */
125 #define NTPVERSION_1 0x08
126 #define VERSIONMASK 0x38
127 #define VERSIONSHIFT 3
128 #define LEAPMASK 0xc0
129 #define LEAPSHIFT 6
130 #ifdef MODEMASK
131 #undef MODEMASK /* Solaris sucks */
132 #endif
133 #define MODEMASK 0x07
134 #define MODESHIFT 0
135
136 /*
137 * Code values
138 */
139 #define MODE_UNSPEC 0 /* unspecified */
140 #define MODE_SYM_ACT 1 /* symmetric active */
141 #define MODE_SYM_PAS 2 /* symmetric passive */
142 #define MODE_CLIENT 3 /* client */
143 #define MODE_SERVER 4 /* server */
144 #define MODE_BROADCAST 5 /* broadcast */
145 #define MODE_CONTROL 6 /* control message */
146 #define MODE_RES2 7 /* reserved */
147
148 /*
149 * Stratum Definitions
150 */
151 #define UNSPECIFIED 0
152 #define PRIM_REF 1 /* radio clock */
153 #define INFO_QUERY 62 /* **** THIS implementation dependent **** */
154 #define INFO_REPLY 63 /* **** THIS implementation dependent **** */
155
156 static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *);
157 static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *);
158 static void p_poll(netdissect_options *, const int);
159
160 static const struct tok ntp_mode_values[] = {
161 { MODE_UNSPEC, "unspecified" },
162 { MODE_SYM_ACT, "symmetric active" },
163 { MODE_SYM_PAS, "symmetric passive" },
164 { MODE_CLIENT, "Client" },
165 { MODE_SERVER, "Server" },
166 { MODE_BROADCAST, "Broadcast" },
167 { MODE_CONTROL, "Control Message" },
168 { MODE_RES2, "Reserved" },
169 { 0, NULL }
170 };
171
172 static const struct tok ntp_leapind_values[] = {
173 { NO_WARNING, "" },
174 { PLUS_SEC, "+1s" },
175 { MINUS_SEC, "-1s" },
176 { ALARM, "clock unsynchronized" },
177 { 0, NULL }
178 };
179
180 static const struct tok ntp_stratum_values[] = {
181 { UNSPECIFIED, "unspecified" },
182 { PRIM_REF, "primary reference" },
183 { 0, NULL }
184 };
185
186 /* draft-ietf-ntp-mode-6-cmds-02
187 * 0 1 2 3
188 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
189 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
190 * |LI | VN |Mode |R|E|M| OpCode | Sequence Number |
191 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
192 * | Status | Association ID |
193 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
194 * | Offset | Count |
195 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
196 * | |
197 * / Data (up to 468 bytes) /
198 * | |
199 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
200 * | Padding (optional) |
201 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
202 * | |
203 * / Authenticator (optional, 96 bytes) /
204 * | |
205 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
206 *
207 * Figure 1: NTP Control Message Header
208 */
209
210 /* Length of the NTP control message with the mandatory fields ("the header")
211 * and without any optional fields (Data, Padding, Authenticator).
212 */
213 #define NTP_CTRLMSG_MINLEN 12U
214
215 struct ntp_control_data {
216 nd_uint8_t magic; /* LI, VN, Mode */
217 nd_uint8_t control; /* R, E, M, OpCode */
218 nd_uint16_t sequence; /* Sequence Number */
219 nd_uint16_t status; /* Status */
220 nd_uint16_t assoc; /* Association ID */
221 nd_uint16_t offset; /* Offset */
222 nd_uint16_t count; /* Count */
223 nd_uint8_t data[564]; /* Data, [Padding, [Authenticator]] */
224 };
225
226 /*
227 * Print NTP time requests and responses
228 */
229 static void
230 ntp_time_print(netdissect_options *ndo,
231 const struct ntp_time_data *bp, u_int length)
232 {
233 uint8_t stratum;
234
235 if (length < NTP_TIMEMSG_MINLEN)
236 goto invalid;
237
238 stratum = GET_U_1(bp->stratum);
239 ND_PRINT(", Stratum %u (%s)",
240 stratum,
241 tok2str(ntp_stratum_values, (stratum >=2 && stratum<=15) ? "secondary reference" : "reserved", stratum));
242
243 ND_PRINT(", poll %d", GET_S_1(bp->ppoll));
244 p_poll(ndo, GET_S_1(bp->ppoll));
245
246 ND_PRINT(", precision %d", GET_S_1(bp->precision));
247
248 ND_PRINT("\n\tRoot Delay: ");
249 p_sfix(ndo, &bp->root_delay);
250
251 ND_PRINT(", Root dispersion: ");
252 p_sfix(ndo, &bp->root_dispersion);
253
254 ND_PRINT(", Reference-ID: ");
255 /* Interpretation depends on stratum */
256 switch (stratum) {
257
258 case UNSPECIFIED:
259 ND_PRINT("(unspec)");
260 ND_TCHECK_4(bp->refid);
261 break;
262
263 case PRIM_REF:
264 nd_printjn(ndo, (const u_char *)&(bp->refid), 4);
265 break;
266
267 case INFO_QUERY:
268 ND_PRINT("%s INFO_QUERY", GET_IPADDR_STRING(bp->refid));
269 /* this doesn't have more content */
270 return;
271
272 case INFO_REPLY:
273 ND_PRINT("%s INFO_REPLY", GET_IPADDR_STRING(bp->refid));
274 /* this is too complex to be worth printing */
275 return;
276
277 default:
278 /* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of
279 MD5 sum of IPv6 address */
280 ND_PRINT("0x%08x", GET_BE_U_4(bp->refid));
281 break;
282 }
283
284 ND_PRINT("\n\t Reference Timestamp: ");
285 p_ntp_time(ndo, &(bp->ref_timestamp));
286
287 ND_PRINT("\n\t Originator Timestamp: ");
288 p_ntp_time(ndo, &(bp->org_timestamp));
289
290 ND_PRINT("\n\t Receive Timestamp: ");
291 p_ntp_time(ndo, &(bp->rec_timestamp));
292
293 ND_PRINT("\n\t Transmit Timestamp: ");
294 p_ntp_time(ndo, &(bp->xmt_timestamp));
295
296 ND_PRINT("\n\t Originator - Receive Timestamp: ");
297 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->rec_timestamp));
298
299 ND_PRINT("\n\t Originator - Transmit Timestamp: ");
300 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
301
302 /* FIXME: this code is not aware of any extension fields */
303 if (length == NTP_TIMEMSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */
304 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
305 } else if (length == NTP_TIMEMSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */
306 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
307 ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x",
308 GET_BE_U_4(bp->message_digest),
309 GET_BE_U_4(bp->message_digest + 4),
310 GET_BE_U_4(bp->message_digest + 8),
311 GET_BE_U_4(bp->message_digest + 12));
312 } else if (length == NTP_TIMEMSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */
313 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
314 ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x%08x",
315 GET_BE_U_4(bp->message_digest),
316 GET_BE_U_4(bp->message_digest + 4),
317 GET_BE_U_4(bp->message_digest + 8),
318 GET_BE_U_4(bp->message_digest + 12),
319 GET_BE_U_4(bp->message_digest + 16));
320 } else if (length > NTP_TIMEMSG_MINLEN) {
321 ND_PRINT("\n\t(%u more bytes after the header)", length - NTP_TIMEMSG_MINLEN);
322 }
323 return;
324
325 invalid:
326 nd_print_invalid(ndo);
327 ND_TCHECK_LEN(bp, length);
328 }
329
330 /*
331 * Print NTP control message requests and responses
332 */
333 static void
334 ntp_control_print(netdissect_options *ndo,
335 const struct ntp_control_data *cd, u_int length)
336 {
337 uint8_t control, R, E, M, opcode;
338 uint16_t sequence, status, assoc, offset, count;
339
340 if (length < NTP_CTRLMSG_MINLEN)
341 goto invalid;
342
343 control = GET_U_1(cd->control);
344 R = (control & 0x80) != 0;
345 E = (control & 0x40) != 0;
346 M = (control & 0x20) != 0;
347 opcode = control & 0x1f;
348 ND_PRINT(", %s, %s, %s, OpCode=%u\n",
349 R ? "Response" : "Request", E ? "Error" : "OK",
350 M ? "More" : "Last", opcode);
351
352 sequence = GET_BE_U_2(cd->sequence);
353 ND_PRINT("\tSequence=%hu", sequence);
354
355 status = GET_BE_U_2(cd->status);
356 ND_PRINT(", Status=%#hx", status);
357
358 assoc = GET_BE_U_2(cd->assoc);
359 ND_PRINT(", Assoc.=%hu", assoc);
360
361 offset = GET_BE_U_2(cd->offset);
362 ND_PRINT(", Offset=%hu", offset);
363
364 count = GET_BE_U_2(cd->count);
365 ND_PRINT(", Count=%hu", count);
366
367 if (NTP_CTRLMSG_MINLEN + count > length)
368 goto invalid;
369 if (count != 0) {
370 ND_TCHECK_LEN(cd->data, count);
371 ND_PRINT("\n\tTO-BE-DONE: data not interpreted");
372 }
373 return;
374
375 invalid:
376 nd_print_invalid(ndo);
377 ND_TCHECK_LEN(cd, length);
378 }
379
380 union ntpdata {
381 struct ntp_time_data td;
382 struct ntp_control_data cd;
383 };
384
385 /*
386 * Print NTP requests, handling the common VN, LI, and Mode
387 */
388 void
389 ntp_print(netdissect_options *ndo,
390 const u_char *cp, u_int length)
391 {
392 const union ntpdata *bp = (const union ntpdata *)cp;
393 u_int mode, version, leapind;
394 uint8_t status;
395
396 ndo->ndo_protocol = "ntp";
397 status = GET_U_1(bp->td.status);
398
399 version = (status & VERSIONMASK) >> VERSIONSHIFT;
400 ND_PRINT("NTPv%u", version);
401
402 mode = (status & MODEMASK) >> MODESHIFT;
403 if (!ndo->ndo_vflag) {
404 ND_PRINT(", %s, length %u",
405 tok2str(ntp_mode_values, "Unknown mode", mode),
406 length);
407 return;
408 }
409
410 ND_PRINT(", %s, length %u\n",
411 tok2str(ntp_mode_values, "Unknown mode", mode), length);
412
413 /* leapind = (status & LEAPMASK) >> LEAPSHIFT; */
414 leapind = (status & LEAPMASK);
415 ND_PRINT("\tLeap indicator: %s (%u)",
416 tok2str(ntp_leapind_values, "Unknown", leapind),
417 leapind);
418
419 switch (mode) {
420
421 case MODE_UNSPEC:
422 case MODE_SYM_ACT:
423 case MODE_SYM_PAS:
424 case MODE_CLIENT:
425 case MODE_SERVER:
426 case MODE_BROADCAST:
427 ntp_time_print(ndo, &bp->td, length);
428 break;
429
430 case MODE_CONTROL:
431 ntp_control_print(ndo, &bp->cd, length);
432 break;
433
434 default:
435 break; /* XXX: not implemented! */
436 }
437 }
438
439 static void
440 p_sfix(netdissect_options *ndo,
441 const struct s_fixedpt *sfp)
442 {
443 int i;
444 int f;
445 double ff;
446
447 i = GET_BE_U_2(sfp->int_part);
448 f = GET_BE_U_2(sfp->fraction);
449 ff = f / 65536.0; /* shift radix point by 16 bits */
450 f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */
451 ND_PRINT("%d.%06d", i, f);
452 }
453
454 /* Prints time difference between *lfp and *olfp */
455 static void
456 p_ntp_delta(netdissect_options *ndo,
457 const struct l_fixedpt *olfp,
458 const struct l_fixedpt *lfp)
459 {
460 uint32_t u, uf;
461 uint32_t ou, ouf;
462 uint32_t i;
463 uint32_t f;
464 double ff;
465 int signbit;
466
467 u = GET_BE_U_4(lfp->int_part);
468 ou = GET_BE_U_4(olfp->int_part);
469 uf = GET_BE_U_4(lfp->fraction);
470 ouf = GET_BE_U_4(olfp->fraction);
471 if (ou == 0 && ouf == 0) {
472 p_ntp_time(ndo, lfp);
473 return;
474 }
475
476 if (u > ou) { /* new is definitely greater than old */
477 signbit = 0;
478 i = u - ou;
479 f = uf - ouf;
480 if (ouf > uf) /* must borrow from high-order bits */
481 i -= 1;
482 } else if (u < ou) { /* new is definitely less than old */
483 signbit = 1;
484 i = ou - u;
485 f = ouf - uf;
486 if (uf > ouf) /* must borrow from the high-order bits */
487 i -= 1;
488 } else { /* int_part is zero */
489 i = 0;
490 if (uf > ouf) {
491 signbit = 0;
492 f = uf - ouf;
493 } else {
494 signbit = 1;
495 f = ouf - uf;
496 }
497 }
498
499 ff = f;
500 if (ff < 0.0) /* some compilers are buggy */
501 ff += FMAXINT;
502 ff = ff / FMAXINT; /* shift radix point by 32 bits */
503 f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */
504 ND_PRINT("%s%u.%09u", signbit ? "-" : "+", i, f);
505 }
506
507 /* Prints polling interval in log2 as seconds or fraction of second */
508 static void
509 p_poll(netdissect_options *ndo,
510 const int poll_interval)
511 {
512 if (poll_interval <= -32 || poll_interval >= 32)
513 return;
514
515 if (poll_interval >= 0)
516 ND_PRINT(" (%us)", 1U << poll_interval);
517 else
518 ND_PRINT(" (1/%us)", 1U << -poll_interval);
519 }
520
[mirror] the TCPdump network dissector