* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * Format and print ntp packets.
* By Jeffrey Mogul/DECWRL
* loosely based on print-bootp.c
*/
+/* \summary: Network Time Protocol (NTP) printer */
+
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "addrtoname.h"
#include "extract.h"
+static const char tstr[] = " [|ntp]";
+
/*
* Based on ntp.h from the U of MD implementation
* This file is based on Version 2 of the NTP spec (RFC1119).
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
struct l_fixedpt {
- uint32_t int_part;
- uint32_t fraction;
+ nd_uint32_t int_part;
+ nd_uint32_t fraction;
};
struct s_fixedpt {
- uint16_t int_part;
- uint16_t fraction;
+ nd_uint16_t int_part;
+ nd_uint16_t fraction;
};
/* rfc2030
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
-struct ntpdata {
- u_char status; /* status of local clock and leap info */
- u_char stratum; /* Stratum level */
- u_char ppoll; /* poll value */
- int precision:8;
+/* Length of the NTP message with the mandatory fields ("the header")
+ * and without any optional fields (extension, Key Identifier,
+ * Message Digest).
+ */
+#define NTP_MSG_MINLEN 48
+
+struct ntp_time_data {
+ nd_uint8_t status; /* status of local clock and leap info */
+ nd_uint8_t stratum; /* Stratum level */
+ nd_int8_t ppoll; /* poll value */
+ nd_int8_t precision;
struct s_fixedpt root_delay;
struct s_fixedpt root_dispersion;
- uint32_t refid;
+ nd_uint32_t refid;
struct l_fixedpt ref_timestamp;
struct l_fixedpt org_timestamp;
struct l_fixedpt rec_timestamp;
struct l_fixedpt xmt_timestamp;
- uint32_t key_id;
- uint8_t message_digest[16];
+ nd_uint32_t key_id;
+ nd_uint8_t message_digest[20];
};
/*
* Leap Second Codes (high order two bits)
*/
#define NTPVERSION_1 0x08
#define VERSIONMASK 0x38
+#define VERSIONSHIFT 3
#define LEAPMASK 0xc0
+#define LEAPSHIFT 6
#ifdef MODEMASK
#undef MODEMASK /* Solaris sucks */
#endif
#define MODEMASK 0x07
+#define MODESHIFT 0
/*
* Code values
#define MODE_CLIENT 3 /* client */
#define MODE_SERVER 4 /* server */
#define MODE_BROADCAST 5 /* broadcast */
-#define MODE_RES1 6 /* reserved */
+#define MODE_CONTROL 6 /* control message */
#define MODE_RES2 7 /* reserved */
/*
static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *);
static void p_ntp_time(netdissect_options *, const struct l_fixedpt *);
static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *);
+static void p_poll(netdissect_options *, register const int);
static const struct tok ntp_mode_values[] = {
{ MODE_UNSPEC, "unspecified" },
{ MODE_CLIENT, "Client" },
{ MODE_SERVER, "Server" },
{ MODE_BROADCAST, "Broadcast" },
- { MODE_RES1, "Reserved" },
+ { MODE_CONTROL, "Control Message" },
{ MODE_RES2, "Reserved" },
{ 0, NULL }
};
{ 0, NULL }
};
+/* draft-ietf-ntp-mode-6-cmds-02
+ * 0 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * |LI | VN |Mode |R|E|M| OpCode | Sequence Number |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Status | Association ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Offset | Count |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | |
+ * / Data (up to 468 bytes) /
+ * | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Padding (optional) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | |
+ * / Authenticator (optional, 96 bytes) /
+ * | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ * Figure 1: NTP Control Message Header
+ */
+struct ntp_control_data {
+ nd_uint8_t magic; /* LI, VN, Mode */
+ nd_uint8_t control; /* R, E, M, OpCode */
+ nd_uint16_t sequence; /* Sequence Number */
+ nd_uint16_t status; /* Status */
+ nd_uint16_t assoc; /* Association ID */
+ nd_uint16_t offset; /* Offset */
+ nd_uint16_t count; /* Count */
+ nd_uint8_t data[564]; /* Data, [Padding, [Authenticator]] */
+};
+
/*
- * Print ntp requests
+ * Print NTP time requests and responses
*/
-void
-ntp_print(netdissect_options *ndo,
- register const u_char *cp, u_int length)
+static void
+ntp_time_print(netdissect_options *ndo,
+ register const struct ntp_time_data *bp, u_int length)
{
- register const struct ntpdata *bp;
int mode, version, leapind;
- bp = (const struct ntpdata *)cp;
+ if (length < NTP_MSG_MINLEN) {
+ ND_PRINT((ndo, "NTP, length %u", length));
+ goto invalid;
+ }
ND_TCHECK(bp->status);
- version = (int)(bp->status & VERSIONMASK) >> 3;
+ version = (int)(bp->status & VERSIONMASK) >> VERSIONSHIFT;
ND_PRINT((ndo, "NTPv%d", version));
mode = bp->status & MODEMASK;
tok2str(ntp_stratum_values, (bp->stratum >=2 && bp->stratum<=15) ? "secondary reference" : "reserved", bp->stratum)));
ND_TCHECK(bp->ppoll);
- ND_PRINT((ndo, ", poll %u (%us)", bp->ppoll, 1 << bp->ppoll));
+ ND_PRINT((ndo, ", poll %d", bp->ppoll));
+ p_poll(ndo, bp->ppoll);
- /* Can't ND_TCHECK bp->precision bitfield so bp->distance + 0 instead */
- ND_TCHECK2(bp->root_delay, 0);
+ ND_TCHECK(bp->precision);
ND_PRINT((ndo, ", precision %d", bp->precision));
ND_TCHECK(bp->root_delay);
return;
default:
- ND_PRINT((ndo, "%s", ipaddr_string(ndo, &(bp->refid))));
+ /* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of
+ MD5 sum of IPv6 address */
+ ND_PRINT((ndo, "0x%08x", EXTRACT_32BITS(&bp->refid)));
break;
}
ND_PRINT((ndo, "\n\t Originator - Transmit Timestamp: "));
p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
- if ( (sizeof(struct ntpdata) - length) == 16) { /* Optional: key-id */
+ /* FIXME: this code is not aware of any extension fields */
+ if (length == NTP_MSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */
ND_TCHECK(bp->key_id);
- ND_PRINT((ndo, "\n\tKey id: %u", bp->key_id));
- } else if ( (sizeof(struct ntpdata) - length) == 0) { /* Optional: key-id + authentication */
+ ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id)));
+ } else if (length == NTP_MSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */
ND_TCHECK(bp->key_id);
- ND_PRINT((ndo, "\n\tKey id: %u", bp->key_id));
- ND_TCHECK2(bp->message_digest, sizeof (bp->message_digest));
+ ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id)));
+ ND_TCHECK2(bp->message_digest, 16);
ND_PRINT((ndo, "\n\tAuthentication: %08x%08x%08x%08x",
EXTRACT_32BITS(bp->message_digest),
EXTRACT_32BITS(bp->message_digest + 4),
EXTRACT_32BITS(bp->message_digest + 8),
EXTRACT_32BITS(bp->message_digest + 12)));
- }
+ } else if (length == NTP_MSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */
+ ND_TCHECK(bp->key_id);
+ ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id)));
+ ND_TCHECK2(bp->message_digest, 20);
+ ND_PRINT((ndo, "\n\tAuthentication: %08x%08x%08x%08x%08x",
+ EXTRACT_32BITS(bp->message_digest),
+ EXTRACT_32BITS(bp->message_digest + 4),
+ EXTRACT_32BITS(bp->message_digest + 8),
+ EXTRACT_32BITS(bp->message_digest + 12),
+ EXTRACT_32BITS(bp->message_digest + 16)));
+ } else if (length > NTP_MSG_MINLEN) {
+ ND_PRINT((ndo, "\n\t(%u more bytes after the header)", length - NTP_MSG_MINLEN));
+ }
+ return;
+
+invalid:
+ ND_PRINT((ndo, " %s", istr));
+ ND_TCHECK2(*bp, length);
+ return;
+
+trunc:
+ ND_PRINT((ndo, " %s", tstr));
+}
+
+/*
+ * Print NTP control message requests and responses
+ */
+static void
+ntp_control_print(netdissect_options *ndo,
+ register const struct ntp_control_data *cd, u_int length)
+{
+ u_char R, E, M, opcode;
+ uint16_t sequence, status, assoc, offset, count;
+
+ R = (cd->control & 0x80) != 0;
+ E = (cd->control & 0x40) != 0;
+ M = (cd->control & 0x20) != 0;
+ opcode = cd->control & 0x1f;
+ ND_PRINT((ndo, ", %s, %s, %s, OpCode=%u\n",
+ R ? "Response" : "Request", E ? "Error" : "OK",
+ M ? "More" : "Last", (unsigned)opcode));
+
+ sequence = EXTRACT_16BITS(&cd->sequence);
+ ND_PRINT((ndo, "\tSequence=%hu", sequence));
+
+ status = EXTRACT_16BITS(&cd->status);
+ ND_PRINT((ndo, ", Status=%#hx", status));
+
+ assoc = EXTRACT_16BITS(&cd->assoc);
+ ND_PRINT((ndo, ", Assoc.=%hu", assoc));
+
+ offset = EXTRACT_16BITS(&cd->offset);
+ ND_PRINT((ndo, ", Offset=%hu", offset));
+
+ count = EXTRACT_16BITS(&cd->count);
+ ND_PRINT((ndo, ", Count=%hu", count));
+
+ if ((cd->data - (const u_char *)cd) + count > length)
+ goto trunc;
+ if (count != 0)
+ ND_PRINT((ndo, "\n\tTO-BE-DONE: data not interpreted"));
return;
trunc:
- ND_PRINT((ndo, " [|ntp]"));
+ ND_PRINT((ndo, " %s", tstr));
+}
+
+union ntpdata {
+ struct ntp_time_data td;
+ struct ntp_control_data cd;
+};
+
+/*
+ * Print NTP requests, handling the common VN, LI, and Mode
+ */
+void
+ntp_print(netdissect_options *ndo,
+ register const u_char *cp, u_int length)
+{
+ register const union ntpdata *bp = (const union ntpdata *)cp;
+ int mode, version, leapind;
+
+ ND_TCHECK(bp->td.status);
+
+ version = (bp->td.status & VERSIONMASK) >> VERSIONSHIFT;
+ ND_PRINT((ndo, "NTPv%d", version));
+
+ mode = (bp->td.status & MODEMASK) >> MODESHIFT;
+ if (!ndo->ndo_vflag) {
+ ND_PRINT((ndo, ", %s, length %u",
+ tok2str(ntp_mode_values, "Unknown mode", mode),
+ length));
+ return;
+ }
+
+ ND_PRINT((ndo, ", %s, length %u\n",
+ tok2str(ntp_mode_values, "Unknown mode", mode), length));
+
+ /* leapind = (bp->td.status & LEAPMASK) >> LEAPSHIFT; */
+ leapind = (bp->td.status & LEAPMASK);
+ ND_PRINT((ndo, "\tLeap indicator: %s (%u)",
+ tok2str(ntp_leapind_values, "Unknown", leapind),
+ leapind));
+
+ if (mode >= MODE_UNSPEC && mode <= MODE_BROADCAST)
+ ntp_time_print(ndo, &bp->td, length);
+ else if (mode == MODE_CONTROL)
+ ntp_control_print(ndo, &bp->cd, length);
+ else
+ {;} /* XXX: not implemented! */
+ return;
+
+trunc:
+ ND_PRINT((ndo, " %s", tstr));
}
static void
{
register int i;
register int f;
- register float ff;
+ register double ff;
i = EXTRACT_16BITS(&sfp->int_part);
f = EXTRACT_16BITS(&sfp->fraction);
- ff = f / 65536.0; /* shift radix point by 16 bits */
- f = ff * 1000000.0; /* Treat fraction as parts per million */
+ ff = f / 65536.0; /* shift radix point by 16 bits */
+ f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */
ND_PRINT((ndo, "%d.%06d", i, f));
}
register int32_t i;
register uint32_t uf;
register uint32_t f;
- register float ff;
+ register double ff;
i = EXTRACT_32BITS(&lfp->int_part);
uf = EXTRACT_32BITS(&lfp->fraction);
ff = uf;
if (ff < 0.0) /* some compilers are buggy */
ff += FMAXINT;
- ff = ff / FMAXINT; /* shift radix point by 32 bits */
- f = ff * 1000000000.0; /* treat fraction as parts per billion */
+ ff = ff / FMAXINT; /* shift radix point by 32 bits */
+ f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */
ND_PRINT((ndo, "%u.%09d", i, f));
#ifdef HAVE_STRFTIME
/*
- * print the time in human-readable format.
+ * print the UTC time in human-readable format.
*/
if (i) {
time_t seconds = i - JAN_1970;
struct tm *tm;
char time_buf[128];
- tm = localtime(&seconds);
- strftime(time_buf, sizeof (time_buf), "%Y/%m/%d %H:%M:%S", tm);
+ tm = gmtime(&seconds);
+ /* use ISO 8601 (RFC3339) format */
+ strftime(time_buf, sizeof (time_buf), "%Y-%m-%dT%H:%M:%S", tm);
ND_PRINT((ndo, " (%s)", time_buf));
}
#endif
register uint32_t u, uf;
register uint32_t ou, ouf;
register uint32_t f;
- register float ff;
+ register double ff;
int signbit;
u = EXTRACT_32BITS(&lfp->int_part);
ff = f;
if (ff < 0.0) /* some compilers are buggy */
ff += FMAXINT;
- ff = ff / FMAXINT; /* shift radix point by 32 bits */
- f = ff * 1000000000.0; /* treat fraction as parts per billion */
+ ff = ff / FMAXINT; /* shift radix point by 32 bits */
+ f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */
ND_PRINT((ndo, "%s%d.%09d", signbit ? "-" : "+", i, f));
}
+/* Prints polling interval in log2 as seconds or fraction of second */
+static void
+p_poll(netdissect_options *ndo,
+ register const int poll_interval)
+{
+ if (poll_interval <= -32 || poll_interval >= 32)
+ return;
+
+ if (poll_interval >= 0)
+ ND_PRINT((ndo, " (%us)", 1U << poll_interval));
+ else
+ ND_PRINT((ndo, " (1/%us)", 1U << -poll_interval));
+}
+
projects / tcpdump / blobdiff