* RFC 5905 - NTPv4
*/
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
#include "netdissect-stdinc.h"
+#include "netdissect-ctype.h"
-#ifdef HAVE_STRFTIME
-#include <time.h>
-#endif
-
+#define ND_LONGJMP_FROM_TCHECK
#include "netdissect.h"
#include "addrtoname.h"
#include "extract.h"
-static const char tstr[] = " [|ntp]";
+#include "ntp.h"
/*
* Based on ntp.h from the U of MD implementation
* This file is based on Version 2 of the NTP spec (RFC1119).
*/
-/*
- * Definitions for the masses
- */
-#define JAN_1970 INT64_T_CONSTANT(2208988800) /* 1970 - 1900 in seconds */
-
-/*
- * Structure definitions for NTP fixed point values
- *
- * 0 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Integer Part |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Fraction Part |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * 0 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Integer Part | Fraction Part |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-*/
-struct l_fixedpt {
- nd_uint32_t int_part;
- nd_uint32_t fraction;
-};
-
-struct s_fixedpt {
- nd_uint16_t int_part;
- nd_uint16_t fraction;
-};
-
-/* rfc2030
+/* RFC 5905 updated by RFC 7822
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | |
- * | Originate Timestamp (64) |
+ * | Origin Timestamp (64) |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | |
* | Transmit Timestamp (64) |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Key Identifier (optional) (32) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | |
- * | |
- * | Message Digest (optional) (128) |
* | |
+ * . .
+ * . Optional Extensions (variable) .
+ * . .
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
struct l_fixedpt org_timestamp;
struct l_fixedpt rec_timestamp;
struct l_fixedpt xmt_timestamp;
- nd_uint32_t key_id;
- nd_uint8_t message_digest[20];
+ /* extension fields and/or MAC follow */
+};
+
+struct ntp_extension_field {
+ nd_uint16_t type;
+ nd_uint16_t length;
+ /* body follows */
};
+
/*
* Leap Second Codes (high order two bits)
*/
#define INFO_REPLY 63 /* **** THIS implementation dependent **** */
static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *);
-static void p_ntp_time(netdissect_options *, const struct l_fixedpt *);
static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *);
static void p_poll(netdissect_options *, const int);
+static u_int p_ext_fields(netdissect_options *, const u_char *, u_int length);
static const struct tok ntp_mode_values[] = {
{ MODE_UNSPEC, "unspecified" },
static const struct tok ntp_stratum_values[] = {
{ UNSPECIFIED, "unspecified" },
- { PRIM_REF, "primary reference" },
+ { PRIM_REF, "primary reference" },
+ { 0, NULL }
+};
+
+static const struct tok ntp_ef_types[] = {
+ { 0x0104, "Unique Identifier" },
+ { 0x0204, "NTS Cookie" },
+ { 0x0304, "NTS Cookie Placeholder" },
+ { 0x0404, "NTS Authenticator and Encrypted Extension Fields" },
+ { 0x2005, "Checksum Complement" },
{ 0, NULL }
};
*/
static void
ntp_time_print(netdissect_options *ndo,
- const struct ntp_time_data *bp, u_int length)
+ const struct ntp_time_data *bp, u_int length, u_int version)
{
+ const u_char *mac;
uint8_t stratum;
+ u_int efs_len;
if (length < NTP_TIMEMSG_MINLEN)
goto invalid;
- ND_TCHECK_1(bp->stratum);
- stratum = EXTRACT_U_1(bp->stratum);
+ stratum = GET_U_1(bp->stratum);
ND_PRINT(", Stratum %u (%s)",
stratum,
tok2str(ntp_stratum_values, (stratum >=2 && stratum<=15) ? "secondary reference" : "reserved", stratum));
- ND_TCHECK_1(bp->ppoll);
- ND_PRINT(", poll %d", EXTRACT_S_1(bp->ppoll));
- p_poll(ndo, EXTRACT_U_1(bp->ppoll));
+ ND_PRINT(", poll %d", GET_S_1(bp->ppoll));
+ p_poll(ndo, GET_S_1(bp->ppoll));
- ND_TCHECK_1(bp->precision);
- ND_PRINT(", precision %d", EXTRACT_S_1(bp->precision));
+ ND_PRINT(", precision %d", GET_S_1(bp->precision));
- ND_TCHECK_SIZE(&bp->root_delay);
ND_PRINT("\n\tRoot Delay: ");
p_sfix(ndo, &bp->root_delay);
- ND_TCHECK_SIZE(&bp->root_dispersion);
ND_PRINT(", Root dispersion: ");
p_sfix(ndo, &bp->root_dispersion);
- ND_TCHECK_4(bp->refid);
ND_PRINT(", Reference-ID: ");
/* Interpretation depends on stratum */
switch (stratum) {
case UNSPECIFIED:
- ND_PRINT("(unspec)");
+ /* NTPv4 (RFC 5905, section 7.4) formalizes that refid _may_
+ * contain a printable, four-character, left justified, zero
+ * filled ASCII string ("kiss code") for status reporting
+ * and debugging. Some kiss codes are defined in the RFC as
+ * initial set for a new IANA registry, but the list may be
+ * modified or extended in the future, and unregistered kiss
+ * codes are possible (and are being seen in the field).
+ */
+ if (!ND_ASCII_ISPRINT(GET_U_1(bp->refid))) {
+ ND_PRINT("(unspec)");
+ ND_TCHECK_4(bp->refid);
+ } else {
+ nd_printjn(ndo, (const u_char *)&(bp->refid), 4);
+ }
break;
case PRIM_REF:
- if (fn_printn(ndo, (const u_char *)&(bp->refid), 4, ndo->ndo_snapend))
- goto trunc;
+ nd_printjn(ndo, (const u_char *)&(bp->refid), 4);
break;
case INFO_QUERY:
- ND_PRINT("%s INFO_QUERY", ipaddr_string(ndo, bp->refid));
+ ND_PRINT("%s INFO_QUERY", GET_IPADDR_STRING(bp->refid));
/* this doesn't have more content */
return;
case INFO_REPLY:
- ND_PRINT("%s INFO_REPLY", ipaddr_string(ndo, bp->refid));
+ ND_PRINT("%s INFO_REPLY", GET_IPADDR_STRING(bp->refid));
/* this is too complex to be worth printing */
return;
default:
/* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of
MD5 sum of IPv6 address */
- ND_PRINT("0x%08x", EXTRACT_BE_U_4(bp->refid));
+ ND_PRINT("0x%08x", GET_BE_U_4(bp->refid));
break;
}
- ND_TCHECK_SIZE(&bp->ref_timestamp);
ND_PRINT("\n\t Reference Timestamp: ");
p_ntp_time(ndo, &(bp->ref_timestamp));
- ND_TCHECK_SIZE(&bp->org_timestamp);
- ND_PRINT("\n\t Originator Timestamp: ");
+ ND_PRINT("\n\t Origin Timestamp: ");
p_ntp_time(ndo, &(bp->org_timestamp));
- ND_TCHECK_SIZE(&bp->rec_timestamp);
ND_PRINT("\n\t Receive Timestamp: ");
p_ntp_time(ndo, &(bp->rec_timestamp));
- ND_TCHECK_SIZE(&bp->xmt_timestamp);
ND_PRINT("\n\t Transmit Timestamp: ");
p_ntp_time(ndo, &(bp->xmt_timestamp));
ND_PRINT("\n\t Originator - Transmit Timestamp: ");
p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
- /* FIXME: this code is not aware of any extension fields */
- if (length == NTP_TIMEMSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */
- ND_TCHECK_4(bp->key_id);
- ND_PRINT("\n\tKey id: %u", EXTRACT_BE_U_4(bp->key_id));
- } else if (length == NTP_TIMEMSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */
- ND_TCHECK_4(bp->key_id);
- ND_PRINT("\n\tKey id: %u", EXTRACT_BE_U_4(bp->key_id));
- ND_TCHECK_LEN(bp->message_digest, 16);
- ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x",
- EXTRACT_BE_U_4(bp->message_digest),
- EXTRACT_BE_U_4(bp->message_digest + 4),
- EXTRACT_BE_U_4(bp->message_digest + 8),
- EXTRACT_BE_U_4(bp->message_digest + 12));
- } else if (length == NTP_TIMEMSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */
- ND_TCHECK_4(bp->key_id);
- ND_PRINT("\n\tKey id: %u", EXTRACT_BE_U_4(bp->key_id));
- ND_TCHECK_LEN(bp->message_digest, 20);
+ if (version == 4)
+ efs_len = p_ext_fields(ndo, (const u_char *)bp + NTP_TIMEMSG_MINLEN, length - NTP_TIMEMSG_MINLEN);
+ else
+ efs_len = 0;
+
+ mac = (const u_char *)bp + NTP_TIMEMSG_MINLEN + efs_len;
+
+ if (length == NTP_TIMEMSG_MINLEN + efs_len + 4) { /* Optional: key-id (crypto-NAK) */
+ ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac));
+ } else if (length == NTP_TIMEMSG_MINLEN + efs_len + 4 + 16) { /* Optional: key-id + 128-bit digest */
+ ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac));
+ ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x",
+ GET_BE_U_4(mac + 4),
+ GET_BE_U_4(mac + 8),
+ GET_BE_U_4(mac + 12),
+ GET_BE_U_4(mac + 16));
+ } else if (length == NTP_TIMEMSG_MINLEN + efs_len + 4 + 20) { /* Optional: key-id + 160-bit digest */
+ ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac));
ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x%08x",
- EXTRACT_BE_U_4(bp->message_digest),
- EXTRACT_BE_U_4(bp->message_digest + 4),
- EXTRACT_BE_U_4(bp->message_digest + 8),
- EXTRACT_BE_U_4(bp->message_digest + 12),
- EXTRACT_BE_U_4(bp->message_digest + 16));
- } else if (length > NTP_TIMEMSG_MINLEN) {
- ND_PRINT("\n\t(%u more bytes after the header)", length - NTP_TIMEMSG_MINLEN);
+ GET_BE_U_4(mac + 4),
+ GET_BE_U_4(mac + 8),
+ GET_BE_U_4(mac + 12),
+ GET_BE_U_4(mac + 16),
+ GET_BE_U_4(mac + 20));
+ } else if (length > NTP_TIMEMSG_MINLEN + efs_len) {
+ ND_PRINT("\n\t(%u more bytes after the header and extension fields)",
+ length - NTP_TIMEMSG_MINLEN - efs_len);
}
return;
invalid:
- ND_PRINT(" %s", istr);
+ nd_print_invalid(ndo);
ND_TCHECK_LEN(bp, length);
- return;
-
-trunc:
- ND_PRINT(" %s", tstr);
}
/*
if (length < NTP_CTRLMSG_MINLEN)
goto invalid;
- ND_TCHECK_1(cd->control);
- control = EXTRACT_U_1(cd->control);
+ control = GET_U_1(cd->control);
R = (control & 0x80) != 0;
E = (control & 0x40) != 0;
M = (control & 0x20) != 0;
R ? "Response" : "Request", E ? "Error" : "OK",
M ? "More" : "Last", opcode);
- ND_TCHECK_2(cd->sequence);
- sequence = EXTRACT_BE_U_2(cd->sequence);
+ sequence = GET_BE_U_2(cd->sequence);
ND_PRINT("\tSequence=%hu", sequence);
- ND_TCHECK_2(cd->status);
- status = EXTRACT_BE_U_2(cd->status);
+ status = GET_BE_U_2(cd->status);
ND_PRINT(", Status=%#hx", status);
- ND_TCHECK_2(cd->assoc);
- assoc = EXTRACT_BE_U_2(cd->assoc);
+ assoc = GET_BE_U_2(cd->assoc);
ND_PRINT(", Assoc.=%hu", assoc);
- ND_TCHECK_2(cd->offset);
- offset = EXTRACT_BE_U_2(cd->offset);
+ offset = GET_BE_U_2(cd->offset);
ND_PRINT(", Offset=%hu", offset);
- ND_TCHECK_2(cd->count);
- count = EXTRACT_BE_U_2(cd->count);
+ count = GET_BE_U_2(cd->count);
ND_PRINT(", Count=%hu", count);
if (NTP_CTRLMSG_MINLEN + count > length)
return;
invalid:
- ND_PRINT(" %s", istr);
+ nd_print_invalid(ndo);
ND_TCHECK_LEN(cd, length);
- return;
-
-trunc:
- ND_PRINT(" %s", tstr);
}
union ntpdata {
*/
void
ntp_print(netdissect_options *ndo,
- const u_char *cp, u_int length)
+ const u_char *cp, u_int length)
{
const union ntpdata *bp = (const union ntpdata *)cp;
u_int mode, version, leapind;
uint8_t status;
ndo->ndo_protocol = "ntp";
- ND_TCHECK_1(bp->td.status);
- status = EXTRACT_U_1(bp->td.status);
+ status = GET_U_1(bp->td.status);
version = (status & VERSIONMASK) >> VERSIONSHIFT;
ND_PRINT("NTPv%u", version);
mode = (status & MODEMASK) >> MODESHIFT;
if (!ndo->ndo_vflag) {
ND_PRINT(", %s, length %u",
- tok2str(ntp_mode_values, "Unknown mode", mode),
- length);
+ tok2str(ntp_mode_values, "Unknown mode", mode),
+ length);
return;
}
ND_PRINT(", %s, length %u\n",
- tok2str(ntp_mode_values, "Unknown mode", mode), length);
+ tok2str(ntp_mode_values, "Unknown mode", mode), length);
/* leapind = (status & LEAPMASK) >> LEAPSHIFT; */
leapind = (status & LEAPMASK);
ND_PRINT("\tLeap indicator: %s (%u)",
- tok2str(ntp_leapind_values, "Unknown", leapind),
- leapind);
+ tok2str(ntp_leapind_values, "Unknown", leapind),
+ leapind);
switch (mode) {
case MODE_CLIENT:
case MODE_SERVER:
case MODE_BROADCAST:
- ntp_time_print(ndo, &bp->td, length);
+ ntp_time_print(ndo, &bp->td, length, version);
break;
case MODE_CONTROL:
default:
break; /* XXX: not implemented! */
}
- return;
-
-trunc:
- ND_PRINT(" %s", tstr);
}
static void
int f;
double ff;
- i = EXTRACT_BE_U_2(sfp->int_part);
- f = EXTRACT_BE_U_2(sfp->fraction);
+ i = GET_BE_U_2(sfp->int_part);
+ f = GET_BE_U_2(sfp->fraction);
ff = f / 65536.0; /* shift radix point by 16 bits */
f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */
ND_PRINT("%d.%06d", i, f);
}
-#define FMAXINT (4294967296.0) /* floating point rep. of MAXINT */
-
-static void
-p_ntp_time(netdissect_options *ndo,
- const struct l_fixedpt *lfp)
-{
- uint32_t i;
- uint32_t uf;
- uint32_t f;
- double ff;
-
- i = EXTRACT_BE_U_4(lfp->int_part);
- uf = EXTRACT_BE_U_4(lfp->fraction);
- ff = uf;
- if (ff < 0.0) /* some compilers are buggy */
- ff += FMAXINT;
- ff = ff / FMAXINT; /* shift radix point by 32 bits */
- f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */
- ND_PRINT("%u.%09u", i, f);
-
-#ifdef HAVE_STRFTIME
- /*
- * print the UTC time in human-readable format.
- */
- if (i) {
- int64_t seconds_64bit = (int64_t)i - JAN_1970;
- time_t seconds;
- struct tm *tm;
- char time_buf[128];
-
- seconds = (time_t)seconds_64bit;
- if (seconds != seconds_64bit) {
- /*
- * It doesn't fit into a time_t, so we can't hand it
- * to gmtime.
- */
- ND_PRINT(" (unrepresentable)");
- } else {
- tm = gmtime(&seconds);
- if (tm == NULL) {
- /*
- * gmtime() can't handle it.
- * (Yes, that might happen with some version of
- * Microsoft's C library.)
- */
- ND_PRINT(" (unrepresentable)");
- } else {
- /* use ISO 8601 (RFC3339) format */
- strftime(time_buf, sizeof (time_buf), "%Y-%m-%dT%H:%M:%S", tm);
- ND_PRINT(" (%s)", time_buf);
- }
- }
- }
-#endif
-}
-
/* Prints time difference between *lfp and *olfp */
static void
p_ntp_delta(netdissect_options *ndo,
- const struct l_fixedpt *olfp,
- const struct l_fixedpt *lfp)
+ const struct l_fixedpt *olfp,
+ const struct l_fixedpt *lfp)
{
uint32_t u, uf;
uint32_t ou, ouf;
double ff;
int signbit;
- u = EXTRACT_BE_U_4(lfp->int_part);
- ou = EXTRACT_BE_U_4(olfp->int_part);
- uf = EXTRACT_BE_U_4(lfp->fraction);
- ouf = EXTRACT_BE_U_4(olfp->fraction);
+ u = GET_BE_U_4(lfp->int_part);
+ ou = GET_BE_U_4(olfp->int_part);
+ uf = GET_BE_U_4(lfp->fraction);
+ ouf = GET_BE_U_4(olfp->fraction);
if (ou == 0 && ouf == 0) {
p_ntp_time(ndo, lfp);
return;
ND_PRINT(" (1/%us)", 1U << -poll_interval);
}
+/* Prints an NTPv4 extension field */
+static void
+p_ntp_ef(netdissect_options *ndo, u_int type, u_int length, const u_char *ef_body)
+{
+ ND_PRINT("\n\t %s", tok2str(ntp_ef_types, "Unknown type", type));
+ ND_PRINT(" (0x%04x), length %u", type, length);
+
+ if (ndo->ndo_vflag > 2)
+ hex_print(ndo, "\n\t ", ef_body, length - 4);
+ else {
+ /*
+ * If we're not going to print it, at least make sure
+ * it's present in the packet, so if ef_len is too long,
+ * we stop.
+ */
+ ND_TCHECK_LEN(ef_body, length - 4);
+ }
+}
+
+/* Prints list of extension fields per RFC 7822 */
+static u_int
+p_ext_fields(netdissect_options *ndo, const u_char *cp, u_int length)
+{
+ const struct ntp_extension_field *ef;
+ u_int ef_type, ef_len, efs_len;
+ int first_ef;
+
+ first_ef = 1;
+ efs_len = 0;
+
+ /* RFC 7822 requires the last EF in the packet to have at least
+ 28 octets to avoid ambiguity with MACs */
+ while (length - efs_len >= 28) {
+ ef = (const struct ntp_extension_field *)(cp + efs_len);
+ ef_type = GET_BE_U_2(ef->type);
+ ef_len = GET_BE_U_2(ef->length);
+
+ if (efs_len + ef_len > length || ef_len < 4 || ef_len % 4 != 0) {
+ nd_print_invalid(ndo);
+ break;
+ }
+
+ if (first_ef) {
+ ND_PRINT("\n\tExtension fields:");
+ first_ef = 0;
+ }
+
+ p_ntp_ef(ndo, ef_type, ef_len, (const u_char *)(ef + 1));
+
+ /*
+ * The entire extension field is guaranteed to be in the
+ * captured data, as p_ntp_ef() will longjmp out if it
+ * isn't.
+ *
+ * As the total length of the captured data fits in a
+ * u_int, this means that the total length of all the
+ * extension fields will fit in a u_int, so this will
+ * never overflow.
+ */
+ efs_len += ef_len;
+ }
+
+ return efs_len;
+}
projects / tcpdump / blobdiff