]> The Tcpdump Group git mirrors - tcpdump/blob - print-ntp.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
NTP: Print kiss codes relevant for NTP debugging
[tcpdump] / print-ntp.c
1 /*
2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * By Jeffrey Mogul/DECWRL
22 * loosely based on print-bootp.c
23 */
24
25 /* \summary: Network Time Protocol (NTP) printer */
26
27 /*
28 * specification:
29 *
30 * RFC 1119 - NTPv2
31 * RFC 1305 - NTPv3
32 * RFC 5905 - NTPv4
33 */
34
35 #include <config.h>
36
37 #include "netdissect-stdinc.h"
38 #include "netdissect-ctype.h"
39
40 #define ND_LONGJMP_FROM_TCHECK
41 #include "netdissect.h"
42 #include "addrtoname.h"
43 #include "extract.h"
44
45 #include "ntp.h"
46
47 /*
48 * Based on ntp.h from the U of MD implementation
49 * This file is based on Version 2 of the NTP spec (RFC1119).
50 */
51
52 /* RFC 5905 updated by RFC 7822
53 * 1 2 3
54 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
55 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
56 * |LI | VN |Mode | Stratum | Poll | Precision |
57 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
58 * | Root Delay |
59 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
60 * | Root Dispersion |
61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
62 * | Reference Identifier |
63 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
64 * | |
65 * | Reference Timestamp (64) |
66 * | |
67 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
68 * | |
69 * | Originate Timestamp (64) |
70 * | |
71 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
72 * | |
73 * | Receive Timestamp (64) |
74 * | |
75 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
76 * | |
77 * | Transmit Timestamp (64) |
78 * | |
79 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
80 * | |
81 * . .
82 * . Optional Extensions (variable) .
83 * . .
84 * | |
85 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
86 */
87
88 /* Length of the NTP data message with the mandatory fields ("the header")
89 * and without any optional fields (extension, Key Identifier,
90 * Message Digest).
91 */
92 #define NTP_TIMEMSG_MINLEN 48U
93
94 struct ntp_time_data {
95 nd_uint8_t status; /* status of local clock and leap info */
96 nd_uint8_t stratum; /* Stratum level */
97 nd_int8_t ppoll; /* poll value */
98 nd_int8_t precision;
99 struct s_fixedpt root_delay;
100 struct s_fixedpt root_dispersion;
101 nd_uint32_t refid;
102 struct l_fixedpt ref_timestamp;
103 struct l_fixedpt org_timestamp;
104 struct l_fixedpt rec_timestamp;
105 struct l_fixedpt xmt_timestamp;
106 /* extension fields and/or MAC follow */
107 };
108
109 struct ntp_extension_field {
110 nd_uint16_t type;
111 nd_uint16_t length;
112 /* body follows */
113 };
114
115 /*
116 * Leap Second Codes (high order two bits)
117 */
118 #define NO_WARNING 0x00 /* no warning */
119 #define PLUS_SEC 0x40 /* add a second (61 seconds) */
120 #define MINUS_SEC 0x80 /* minus a second (59 seconds) */
121 #define ALARM 0xc0 /* alarm condition (clock unsynchronized) */
122
123 /*
124 * Clock Status Bits that Encode Version
125 */
126 #define NTPVERSION_1 0x08
127 #define VERSIONMASK 0x38
128 #define VERSIONSHIFT 3
129 #define LEAPMASK 0xc0
130 #define LEAPSHIFT 6
131 #ifdef MODEMASK
132 #undef MODEMASK /* Solaris sucks */
133 #endif
134 #define MODEMASK 0x07
135 #define MODESHIFT 0
136
137 /*
138 * Code values
139 */
140 #define MODE_UNSPEC 0 /* unspecified */
141 #define MODE_SYM_ACT 1 /* symmetric active */
142 #define MODE_SYM_PAS 2 /* symmetric passive */
143 #define MODE_CLIENT 3 /* client */
144 #define MODE_SERVER 4 /* server */
145 #define MODE_BROADCAST 5 /* broadcast */
146 #define MODE_CONTROL 6 /* control message */
147 #define MODE_RES2 7 /* reserved */
148
149 /*
150 * Stratum Definitions
151 */
152 #define UNSPECIFIED 0
153 #define PRIM_REF 1 /* radio clock */
154 #define INFO_QUERY 62 /* **** THIS implementation dependent **** */
155 #define INFO_REPLY 63 /* **** THIS implementation dependent **** */
156
157 static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *);
158 static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *);
159 static void p_poll(netdissect_options *, const int);
160 static u_int p_ext_fields(netdissect_options *, const u_char *, u_int length);
161
162 static const struct tok ntp_mode_values[] = {
163 { MODE_UNSPEC, "unspecified" },
164 { MODE_SYM_ACT, "symmetric active" },
165 { MODE_SYM_PAS, "symmetric passive" },
166 { MODE_CLIENT, "Client" },
167 { MODE_SERVER, "Server" },
168 { MODE_BROADCAST, "Broadcast" },
169 { MODE_CONTROL, "Control Message" },
170 { MODE_RES2, "Reserved" },
171 { 0, NULL }
172 };
173
174 static const struct tok ntp_leapind_values[] = {
175 { NO_WARNING, "" },
176 { PLUS_SEC, "+1s" },
177 { MINUS_SEC, "-1s" },
178 { ALARM, "clock unsynchronized" },
179 { 0, NULL }
180 };
181
182 static const struct tok ntp_stratum_values[] = {
183 { UNSPECIFIED, "unspecified" },
184 { PRIM_REF, "primary reference" },
185 { 0, NULL }
186 };
187
188 static const struct tok ntp_ef_types[] = {
189 { 0x0104, "Unique Identifier" },
190 { 0x0204, "NTS Cookie" },
191 { 0x0304, "NTS Cookie Placeholder" },
192 { 0x0404, "NTS Authenticator and Encrypted Extension Fields" },
193 { 0x2005, "Checksum Complement" },
194 { 0, NULL }
195 };
196
197 /* draft-ietf-ntp-mode-6-cmds-02
198 * 0 1 2 3
199 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
200 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
201 * |LI | VN |Mode |R|E|M| OpCode | Sequence Number |
202 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
203 * | Status | Association ID |
204 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
205 * | Offset | Count |
206 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
207 * | |
208 * / Data (up to 468 bytes) /
209 * | |
210 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
211 * | Padding (optional) |
212 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
213 * | |
214 * / Authenticator (optional, 96 bytes) /
215 * | |
216 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
217 *
218 * Figure 1: NTP Control Message Header
219 */
220
221 /* Length of the NTP control message with the mandatory fields ("the header")
222 * and without any optional fields (Data, Padding, Authenticator).
223 */
224 #define NTP_CTRLMSG_MINLEN 12U
225
226 struct ntp_control_data {
227 nd_uint8_t magic; /* LI, VN, Mode */
228 nd_uint8_t control; /* R, E, M, OpCode */
229 nd_uint16_t sequence; /* Sequence Number */
230 nd_uint16_t status; /* Status */
231 nd_uint16_t assoc; /* Association ID */
232 nd_uint16_t offset; /* Offset */
233 nd_uint16_t count; /* Count */
234 nd_uint8_t data[564]; /* Data, [Padding, [Authenticator]] */
235 };
236
237 /*
238 * Print NTP time requests and responses
239 */
240 static void
241 ntp_time_print(netdissect_options *ndo,
242 const struct ntp_time_data *bp, u_int length, u_int version)
243 {
244 const u_char *mac;
245 uint8_t stratum;
246 u_int efs_len;
247
248 if (length < NTP_TIMEMSG_MINLEN)
249 goto invalid;
250
251 stratum = GET_U_1(bp->stratum);
252 ND_PRINT(", Stratum %u (%s)",
253 stratum,
254 tok2str(ntp_stratum_values, (stratum >=2 && stratum<=15) ? "secondary reference" : "reserved", stratum));
255
256 ND_PRINT(", poll %d", GET_S_1(bp->ppoll));
257 p_poll(ndo, GET_S_1(bp->ppoll));
258
259 ND_PRINT(", precision %d", GET_S_1(bp->precision));
260
261 ND_PRINT("\n\tRoot Delay: ");
262 p_sfix(ndo, &bp->root_delay);
263
264 ND_PRINT(", Root dispersion: ");
265 p_sfix(ndo, &bp->root_dispersion);
266
267 ND_PRINT(", Reference-ID: ");
268 /* Interpretation depends on stratum */
269 switch (stratum) {
270
271 case UNSPECIFIED:
272 /* NTPv4 (RFC 5905, section 7.4) formalizes that refid _may_
273 * contain a printable, four-character, left justified, zero
274 * filled ASCII string ("kiss code") for status reporting
275 * and debugging. Some kiss codes are defined in the RFC as
276 * initial set for a new IANA registry, but the list may be
277 * modified or extended in the future, and unregistered kiss
278 * codes are possible (and are being seen in the field).
279 */
280 if (!ND_ASCII_ISPRINT((bp->refid)[0])) {
281 ND_PRINT("(unspec)");
282 ND_TCHECK_4(bp->refid);
283 } else {
284 nd_printjn(ndo, (const u_char *)&(bp->refid), 4);
285 }
286 break;
287
288 case PRIM_REF:
289 nd_printjn(ndo, (const u_char *)&(bp->refid), 4);
290 break;
291
292 case INFO_QUERY:
293 ND_PRINT("%s INFO_QUERY", GET_IPADDR_STRING(bp->refid));
294 /* this doesn't have more content */
295 return;
296
297 case INFO_REPLY:
298 ND_PRINT("%s INFO_REPLY", GET_IPADDR_STRING(bp->refid));
299 /* this is too complex to be worth printing */
300 return;
301
302 default:
303 /* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of
304 MD5 sum of IPv6 address */
305 ND_PRINT("0x%08x", GET_BE_U_4(bp->refid));
306 break;
307 }
308
309 ND_PRINT("\n\t Reference Timestamp: ");
310 p_ntp_time(ndo, &(bp->ref_timestamp));
311
312 ND_PRINT("\n\t Originator Timestamp: ");
313 p_ntp_time(ndo, &(bp->org_timestamp));
314
315 ND_PRINT("\n\t Receive Timestamp: ");
316 p_ntp_time(ndo, &(bp->rec_timestamp));
317
318 ND_PRINT("\n\t Transmit Timestamp: ");
319 p_ntp_time(ndo, &(bp->xmt_timestamp));
320
321 ND_PRINT("\n\t Originator - Receive Timestamp: ");
322 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->rec_timestamp));
323
324 ND_PRINT("\n\t Originator - Transmit Timestamp: ");
325 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
326
327 if (version == 4)
328 efs_len = p_ext_fields(ndo, (const u_char *)bp + NTP_TIMEMSG_MINLEN, length - NTP_TIMEMSG_MINLEN);
329 else
330 efs_len = 0;
331
332 mac = (const u_char *)bp + NTP_TIMEMSG_MINLEN + efs_len;
333
334 if (length == NTP_TIMEMSG_MINLEN + efs_len + 4) { /* Optional: key-id (crypto-NAK) */
335 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac));
336 } else if (length == NTP_TIMEMSG_MINLEN + efs_len + 4 + 16) { /* Optional: key-id + 128-bit digest */
337 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac));
338 ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x",
339 GET_BE_U_4(mac + 4),
340 GET_BE_U_4(mac + 8),
341 GET_BE_U_4(mac + 12),
342 GET_BE_U_4(mac + 16));
343 } else if (length == NTP_TIMEMSG_MINLEN + efs_len + 4 + 20) { /* Optional: key-id + 160-bit digest */
344 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac));
345 ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x%08x",
346 GET_BE_U_4(mac + 4),
347 GET_BE_U_4(mac + 8),
348 GET_BE_U_4(mac + 12),
349 GET_BE_U_4(mac + 16),
350 GET_BE_U_4(mac + 20));
351 } else if (length > NTP_TIMEMSG_MINLEN + efs_len) {
352 ND_PRINT("\n\t(%u more bytes after the header and extension fields)",
353 length - NTP_TIMEMSG_MINLEN - efs_len);
354 }
355 return;
356
357 invalid:
358 nd_print_invalid(ndo);
359 ND_TCHECK_LEN(bp, length);
360 }
361
362 /*
363 * Print NTP control message requests and responses
364 */
365 static void
366 ntp_control_print(netdissect_options *ndo,
367 const struct ntp_control_data *cd, u_int length)
368 {
369 uint8_t control, R, E, M, opcode;
370 uint16_t sequence, status, assoc, offset, count;
371
372 if (length < NTP_CTRLMSG_MINLEN)
373 goto invalid;
374
375 control = GET_U_1(cd->control);
376 R = (control & 0x80) != 0;
377 E = (control & 0x40) != 0;
378 M = (control & 0x20) != 0;
379 opcode = control & 0x1f;
380 ND_PRINT(", %s, %s, %s, OpCode=%u\n",
381 R ? "Response" : "Request", E ? "Error" : "OK",
382 M ? "More" : "Last", opcode);
383
384 sequence = GET_BE_U_2(cd->sequence);
385 ND_PRINT("\tSequence=%hu", sequence);
386
387 status = GET_BE_U_2(cd->status);
388 ND_PRINT(", Status=%#hx", status);
389
390 assoc = GET_BE_U_2(cd->assoc);
391 ND_PRINT(", Assoc.=%hu", assoc);
392
393 offset = GET_BE_U_2(cd->offset);
394 ND_PRINT(", Offset=%hu", offset);
395
396 count = GET_BE_U_2(cd->count);
397 ND_PRINT(", Count=%hu", count);
398
399 if (NTP_CTRLMSG_MINLEN + count > length)
400 goto invalid;
401 if (count != 0) {
402 ND_TCHECK_LEN(cd->data, count);
403 ND_PRINT("\n\tTO-BE-DONE: data not interpreted");
404 }
405 return;
406
407 invalid:
408 nd_print_invalid(ndo);
409 ND_TCHECK_LEN(cd, length);
410 }
411
412 union ntpdata {
413 struct ntp_time_data td;
414 struct ntp_control_data cd;
415 };
416
417 /*
418 * Print NTP requests, handling the common VN, LI, and Mode
419 */
420 void
421 ntp_print(netdissect_options *ndo,
422 const u_char *cp, u_int length)
423 {
424 const union ntpdata *bp = (const union ntpdata *)cp;
425 u_int mode, version, leapind;
426 uint8_t status;
427
428 ndo->ndo_protocol = "ntp";
429 status = GET_U_1(bp->td.status);
430
431 version = (status & VERSIONMASK) >> VERSIONSHIFT;
432 ND_PRINT("NTPv%u", version);
433
434 mode = (status & MODEMASK) >> MODESHIFT;
435 if (!ndo->ndo_vflag) {
436 ND_PRINT(", %s, length %u",
437 tok2str(ntp_mode_values, "Unknown mode", mode),
438 length);
439 return;
440 }
441
442 ND_PRINT(", %s, length %u\n",
443 tok2str(ntp_mode_values, "Unknown mode", mode), length);
444
445 /* leapind = (status & LEAPMASK) >> LEAPSHIFT; */
446 leapind = (status & LEAPMASK);
447 ND_PRINT("\tLeap indicator: %s (%u)",
448 tok2str(ntp_leapind_values, "Unknown", leapind),
449 leapind);
450
451 switch (mode) {
452
453 case MODE_UNSPEC:
454 case MODE_SYM_ACT:
455 case MODE_SYM_PAS:
456 case MODE_CLIENT:
457 case MODE_SERVER:
458 case MODE_BROADCAST:
459 ntp_time_print(ndo, &bp->td, length, version);
460 break;
461
462 case MODE_CONTROL:
463 ntp_control_print(ndo, &bp->cd, length);
464 break;
465
466 default:
467 break; /* XXX: not implemented! */
468 }
469 }
470
471 static void
472 p_sfix(netdissect_options *ndo,
473 const struct s_fixedpt *sfp)
474 {
475 int i;
476 int f;
477 double ff;
478
479 i = GET_BE_U_2(sfp->int_part);
480 f = GET_BE_U_2(sfp->fraction);
481 ff = f / 65536.0; /* shift radix point by 16 bits */
482 f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */
483 ND_PRINT("%d.%06d", i, f);
484 }
485
486 /* Prints time difference between *lfp and *olfp */
487 static void
488 p_ntp_delta(netdissect_options *ndo,
489 const struct l_fixedpt *olfp,
490 const struct l_fixedpt *lfp)
491 {
492 uint32_t u, uf;
493 uint32_t ou, ouf;
494 uint32_t i;
495 uint32_t f;
496 double ff;
497 int signbit;
498
499 u = GET_BE_U_4(lfp->int_part);
500 ou = GET_BE_U_4(olfp->int_part);
501 uf = GET_BE_U_4(lfp->fraction);
502 ouf = GET_BE_U_4(olfp->fraction);
503 if (ou == 0 && ouf == 0) {
504 p_ntp_time(ndo, lfp);
505 return;
506 }
507
508 if (u > ou) { /* new is definitely greater than old */
509 signbit = 0;
510 i = u - ou;
511 f = uf - ouf;
512 if (ouf > uf) /* must borrow from high-order bits */
513 i -= 1;
514 } else if (u < ou) { /* new is definitely less than old */
515 signbit = 1;
516 i = ou - u;
517 f = ouf - uf;
518 if (uf > ouf) /* must borrow from the high-order bits */
519 i -= 1;
520 } else { /* int_part is zero */
521 i = 0;
522 if (uf > ouf) {
523 signbit = 0;
524 f = uf - ouf;
525 } else {
526 signbit = 1;
527 f = ouf - uf;
528 }
529 }
530
531 ff = f;
532 if (ff < 0.0) /* some compilers are buggy */
533 ff += FMAXINT;
534 ff = ff / FMAXINT; /* shift radix point by 32 bits */
535 f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */
536 ND_PRINT("%s%u.%09u", signbit ? "-" : "+", i, f);
537 }
538
539 /* Prints polling interval in log2 as seconds or fraction of second */
540 static void
541 p_poll(netdissect_options *ndo,
542 const int poll_interval)
543 {
544 if (poll_interval <= -32 || poll_interval >= 32)
545 return;
546
547 if (poll_interval >= 0)
548 ND_PRINT(" (%us)", 1U << poll_interval);
549 else
550 ND_PRINT(" (1/%us)", 1U << -poll_interval);
551 }
552
553 /* Prints an NTPv4 extension field */
554 static void
555 p_ntp_ef(netdissect_options *ndo, u_int type, u_int length, const u_char *ef_body)
556 {
557 ND_PRINT("\n\t %s", tok2str(ntp_ef_types, "Unknown type", type));
558 ND_PRINT(" (0x%04x), length %u", type, length);
559
560 if (ndo->ndo_vflag > 2)
561 hex_print(ndo, "\n\t ", ef_body, length - 4);
562 else {
563 /*
564 * If we're not going to print it, at least make sure
565 * it's present in the packet, so if ef_len is too long,
566 * we stop.
567 */
568 ND_TCHECK_LEN(ef_body, length - 4);
569 }
570 }
571
572 /* Prints list of extension fields per RFC 7822 */
573 static u_int
574 p_ext_fields(netdissect_options *ndo, const u_char *cp, u_int length)
575 {
576 const struct ntp_extension_field *ef;
577 u_int ef_type, ef_len, efs_len;
578 int first_ef;
579
580 first_ef = 1;
581 efs_len = 0;
582
583 /* RFC 7822 requires the last EF in the packet to have at least
584 28 octets to avoid ambiguity with MACs */
585 while (length - efs_len >= 28) {
586 ef = (const struct ntp_extension_field *)(cp + efs_len);
587 ef_type = GET_BE_U_2(ef->type);
588 ef_len = GET_BE_U_2(ef->length);
589
590 if (efs_len + ef_len > length || ef_len < 4 || ef_len % 4 != 0) {
591 nd_print_invalid(ndo);
592 break;
593 }
594
595 if (first_ef) {
596 ND_PRINT("\n\tExtension fields:");
597 first_ef = 0;
598 }
599
600 p_ntp_ef(ndo, ef_type, ef_len, (const u_char *)(ef + 1));
601
602 /*
603 * The entire extension field is guaranteed to be in the
604 * captured data, as p_ntp_ef() will longjmp out if it
605 * isn't.
606 *
607 * As the total length of the captured data fits in a
608 * u_int, this means that the total length of all the
609 * extension fields will fit in a u_int, so this will
610 * never overflow.
611 */
612 efs_len += ef_len;
613 }
614
615 return efs_len;
616 }
[mirror] the TCPdump network dissector