X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/10f1fe5fd8dfaa321621a1063d252940bb65029e..HEAD:/print-ntp.c diff --git a/print-ntp.c b/print-ntp.c index b4fa6129..5f791feb 100644 --- a/print-ntp.c +++ b/print-ntp.c @@ -32,60 +32,24 @@ * RFC 5905 - NTPv4 */ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include +#include -#ifdef HAVE_STRFTIME -#include -#endif +#include "netdissect-stdinc.h" +#include "netdissect-ctype.h" +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "addrtoname.h" #include "extract.h" -static const char tstr[] = " [|ntp]"; +#include "ntp.h" /* * Based on ntp.h from the U of MD implementation * This file is based on Version 2 of the NTP spec (RFC1119). */ -/* - * Definitions for the masses - */ -#define JAN_1970 INT64_T_CONSTANT(2208988800) /* 1970 - 1900 in seconds */ - -/* - * Structure definitions for NTP fixed point values - * - * 0 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Integer Part | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Fraction Part | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * - * 0 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Integer Part | Fraction Part | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -*/ -struct l_fixedpt { - nd_uint32_t int_part; - nd_uint32_t fraction; -}; - -struct s_fixedpt { - nd_uint16_t int_part; - nd_uint16_t fraction; -}; - -/* rfc2030 +/* RFC 5905 updated by RFC 7822 * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -102,7 +66,7 @@ struct s_fixedpt { * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | | - * | Originate Timestamp (64) | + * | Origin Timestamp (64) | * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | | @@ -113,12 +77,10 @@ struct s_fixedpt { * | Transmit Timestamp (64) | * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Key Identifier (optional) (32) | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | | - * | | - * | Message Digest (optional) (128) | * | | + * . . + * . Optional Extensions (variable) . + * . . * | | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ @@ -141,9 +103,15 @@ struct ntp_time_data { struct l_fixedpt org_timestamp; struct l_fixedpt rec_timestamp; struct l_fixedpt xmt_timestamp; - nd_uint32_t key_id; - nd_uint8_t message_digest[20]; + /* extension fields and/or MAC follow */ +}; + +struct ntp_extension_field { + nd_uint16_t type; + nd_uint16_t length; + /* body follows */ }; + /* * Leap Second Codes (high order two bits) */ @@ -187,9 +155,9 @@ struct ntp_time_data { #define INFO_REPLY 63 /* **** THIS implementation dependent **** */ static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *); -static void p_ntp_time(netdissect_options *, const struct l_fixedpt *); static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *); static void p_poll(netdissect_options *, const int); +static u_int p_ext_fields(netdissect_options *, const u_char *, u_int length); static const struct tok ntp_mode_values[] = { { MODE_UNSPEC, "unspecified" }, @@ -213,7 +181,16 @@ static const struct tok ntp_leapind_values[] = { static const struct tok ntp_stratum_values[] = { { UNSPECIFIED, "unspecified" }, - { PRIM_REF, "primary reference" }, + { PRIM_REF, "primary reference" }, + { 0, NULL } +}; + +static const struct tok ntp_ef_types[] = { + { 0x0104, "Unique Identifier" }, + { 0x0204, "NTS Cookie" }, + { 0x0304, "NTS Cookie Placeholder" }, + { 0x0404, "NTS Authenticator and Encrypted Extension Fields" }, + { 0x2005, "Checksum Complement" }, { 0, NULL } }; @@ -262,78 +239,82 @@ struct ntp_control_data { */ static void ntp_time_print(netdissect_options *ndo, - const struct ntp_time_data *bp, u_int length) + const struct ntp_time_data *bp, u_int length, u_int version) { + const u_char *mac; uint8_t stratum; + u_int efs_len; if (length < NTP_TIMEMSG_MINLEN) goto invalid; - ND_TCHECK_1(bp->stratum); - stratum = EXTRACT_U_1(bp->stratum); + stratum = GET_U_1(bp->stratum); ND_PRINT(", Stratum %u (%s)", stratum, tok2str(ntp_stratum_values, (stratum >=2 && stratum<=15) ? "secondary reference" : "reserved", stratum)); - ND_TCHECK_1(bp->ppoll); - ND_PRINT(", poll %d", EXTRACT_S_1(bp->ppoll)); - p_poll(ndo, EXTRACT_U_1(bp->ppoll)); + ND_PRINT(", poll %d", GET_S_1(bp->ppoll)); + p_poll(ndo, GET_S_1(bp->ppoll)); - ND_TCHECK_1(bp->precision); - ND_PRINT(", precision %d", EXTRACT_S_1(bp->precision)); + ND_PRINT(", precision %d", GET_S_1(bp->precision)); - ND_TCHECK(bp->root_delay); ND_PRINT("\n\tRoot Delay: "); p_sfix(ndo, &bp->root_delay); - ND_TCHECK(bp->root_dispersion); ND_PRINT(", Root dispersion: "); p_sfix(ndo, &bp->root_dispersion); - ND_TCHECK_4(bp->refid); ND_PRINT(", Reference-ID: "); /* Interpretation depends on stratum */ switch (stratum) { case UNSPECIFIED: - ND_PRINT("(unspec)"); + /* NTPv4 (RFC 5905, section 7.4) formalizes that refid _may_ + * contain a printable, four-character, left justified, zero + * filled ASCII string ("kiss code") for status reporting + * and debugging. Some kiss codes are defined in the RFC as + * initial set for a new IANA registry, but the list may be + * modified or extended in the future, and unregistered kiss + * codes are possible (and are being seen in the field). + */ + if (!ND_ASCII_ISPRINT(GET_U_1(bp->refid))) { + ND_PRINT("(unspec)"); + ND_TCHECK_4(bp->refid); + } else { + nd_printjn(ndo, (const u_char *)&(bp->refid), 4); + } break; case PRIM_REF: - if (fn_printn(ndo, (const u_char *)&(bp->refid), 4, ndo->ndo_snapend)) - goto trunc; + nd_printjn(ndo, (const u_char *)&(bp->refid), 4); break; case INFO_QUERY: - ND_PRINT("%s INFO_QUERY", ipaddr_string(ndo, &(bp->refid))); + ND_PRINT("%s INFO_QUERY", GET_IPADDR_STRING(bp->refid)); /* this doesn't have more content */ return; case INFO_REPLY: - ND_PRINT("%s INFO_REPLY", ipaddr_string(ndo, &(bp->refid))); + ND_PRINT("%s INFO_REPLY", GET_IPADDR_STRING(bp->refid)); /* this is too complex to be worth printing */ return; default: /* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of MD5 sum of IPv6 address */ - ND_PRINT("0x%08x", EXTRACT_BE_U_4(bp->refid)); + ND_PRINT("0x%08x", GET_BE_U_4(bp->refid)); break; } - ND_TCHECK(bp->ref_timestamp); ND_PRINT("\n\t Reference Timestamp: "); p_ntp_time(ndo, &(bp->ref_timestamp)); - ND_TCHECK(bp->org_timestamp); - ND_PRINT("\n\t Originator Timestamp: "); + ND_PRINT("\n\t Origin Timestamp: "); p_ntp_time(ndo, &(bp->org_timestamp)); - ND_TCHECK(bp->rec_timestamp); ND_PRINT("\n\t Receive Timestamp: "); p_ntp_time(ndo, &(bp->rec_timestamp)); - ND_TCHECK(bp->xmt_timestamp); ND_PRINT("\n\t Transmit Timestamp: "); p_ntp_time(ndo, &(bp->xmt_timestamp)); @@ -343,41 +324,39 @@ ntp_time_print(netdissect_options *ndo, ND_PRINT("\n\t Originator - Transmit Timestamp: "); p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp)); - /* FIXME: this code is not aware of any extension fields */ - if (length == NTP_TIMEMSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */ - ND_TCHECK_4(bp->key_id); - ND_PRINT("\n\tKey id: %u", EXTRACT_BE_U_4(bp->key_id)); - } else if (length == NTP_TIMEMSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */ - ND_TCHECK_4(bp->key_id); - ND_PRINT("\n\tKey id: %u", EXTRACT_BE_U_4(bp->key_id)); - ND_TCHECK_LEN(bp->message_digest, 16); - ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x", - EXTRACT_BE_U_4(bp->message_digest), - EXTRACT_BE_U_4(bp->message_digest + 4), - EXTRACT_BE_U_4(bp->message_digest + 8), - EXTRACT_BE_U_4(bp->message_digest + 12)); - } else if (length == NTP_TIMEMSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */ - ND_TCHECK_4(bp->key_id); - ND_PRINT("\n\tKey id: %u", EXTRACT_BE_U_4(bp->key_id)); - ND_TCHECK_LEN(bp->message_digest, 20); + if (version == 4) + efs_len = p_ext_fields(ndo, (const u_char *)bp + NTP_TIMEMSG_MINLEN, length - NTP_TIMEMSG_MINLEN); + else + efs_len = 0; + + mac = (const u_char *)bp + NTP_TIMEMSG_MINLEN + efs_len; + + if (length == NTP_TIMEMSG_MINLEN + efs_len + 4) { /* Optional: key-id (crypto-NAK) */ + ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac)); + } else if (length == NTP_TIMEMSG_MINLEN + efs_len + 4 + 16) { /* Optional: key-id + 128-bit digest */ + ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac)); + ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x", + GET_BE_U_4(mac + 4), + GET_BE_U_4(mac + 8), + GET_BE_U_4(mac + 12), + GET_BE_U_4(mac + 16)); + } else if (length == NTP_TIMEMSG_MINLEN + efs_len + 4 + 20) { /* Optional: key-id + 160-bit digest */ + ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac)); ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x%08x", - EXTRACT_BE_U_4(bp->message_digest), - EXTRACT_BE_U_4(bp->message_digest + 4), - EXTRACT_BE_U_4(bp->message_digest + 8), - EXTRACT_BE_U_4(bp->message_digest + 12), - EXTRACT_BE_U_4(bp->message_digest + 16)); - } else if (length > NTP_TIMEMSG_MINLEN) { - ND_PRINT("\n\t(%u more bytes after the header)", length - NTP_TIMEMSG_MINLEN); + GET_BE_U_4(mac + 4), + GET_BE_U_4(mac + 8), + GET_BE_U_4(mac + 12), + GET_BE_U_4(mac + 16), + GET_BE_U_4(mac + 20)); + } else if (length > NTP_TIMEMSG_MINLEN + efs_len) { + ND_PRINT("\n\t(%u more bytes after the header and extension fields)", + length - NTP_TIMEMSG_MINLEN - efs_len); } return; invalid: - ND_PRINT(" %s", istr); + nd_print_invalid(ndo); ND_TCHECK_LEN(bp, length); - return; - -trunc: - ND_PRINT(" %s", tstr); } /* @@ -393,8 +372,7 @@ ntp_control_print(netdissect_options *ndo, if (length < NTP_CTRLMSG_MINLEN) goto invalid; - ND_TCHECK_1(cd->control); - control = EXTRACT_U_1(cd->control); + control = GET_U_1(cd->control); R = (control & 0x80) != 0; E = (control & 0x40) != 0; M = (control & 0x20) != 0; @@ -403,24 +381,19 @@ ntp_control_print(netdissect_options *ndo, R ? "Response" : "Request", E ? "Error" : "OK", M ? "More" : "Last", opcode); - ND_TCHECK_2(cd->sequence); - sequence = EXTRACT_BE_U_2(cd->sequence); + sequence = GET_BE_U_2(cd->sequence); ND_PRINT("\tSequence=%hu", sequence); - ND_TCHECK_2(cd->status); - status = EXTRACT_BE_U_2(cd->status); + status = GET_BE_U_2(cd->status); ND_PRINT(", Status=%#hx", status); - ND_TCHECK_2(cd->assoc); - assoc = EXTRACT_BE_U_2(cd->assoc); + assoc = GET_BE_U_2(cd->assoc); ND_PRINT(", Assoc.=%hu", assoc); - ND_TCHECK_2(cd->offset); - offset = EXTRACT_BE_U_2(cd->offset); + offset = GET_BE_U_2(cd->offset); ND_PRINT(", Offset=%hu", offset); - ND_TCHECK_2(cd->count); - count = EXTRACT_BE_U_2(cd->count); + count = GET_BE_U_2(cd->count); ND_PRINT(", Count=%hu", count); if (NTP_CTRLMSG_MINLEN + count > length) @@ -432,12 +405,8 @@ ntp_control_print(netdissect_options *ndo, return; invalid: - ND_PRINT(" %s", istr); + nd_print_invalid(ndo); ND_TCHECK_LEN(cd, length); - return; - -trunc: - ND_PRINT(" %s", tstr); } union ntpdata { @@ -450,14 +419,14 @@ union ntpdata { */ void ntp_print(netdissect_options *ndo, - const u_char *cp, u_int length) + const u_char *cp, u_int length) { const union ntpdata *bp = (const union ntpdata *)cp; u_int mode, version, leapind; uint8_t status; - ND_TCHECK_1(bp->td.status); - status = EXTRACT_U_1(bp->td.status); + ndo->ndo_protocol = "ntp"; + status = GET_U_1(bp->td.status); version = (status & VERSIONMASK) >> VERSIONSHIFT; ND_PRINT("NTPv%u", version); @@ -465,19 +434,19 @@ ntp_print(netdissect_options *ndo, mode = (status & MODEMASK) >> MODESHIFT; if (!ndo->ndo_vflag) { ND_PRINT(", %s, length %u", - tok2str(ntp_mode_values, "Unknown mode", mode), - length); + tok2str(ntp_mode_values, "Unknown mode", mode), + length); return; } ND_PRINT(", %s, length %u\n", - tok2str(ntp_mode_values, "Unknown mode", mode), length); + tok2str(ntp_mode_values, "Unknown mode", mode), length); /* leapind = (status & LEAPMASK) >> LEAPSHIFT; */ leapind = (status & LEAPMASK); ND_PRINT("\tLeap indicator: %s (%u)", - tok2str(ntp_leapind_values, "Unknown", leapind), - leapind); + tok2str(ntp_leapind_values, "Unknown", leapind), + leapind); switch (mode) { @@ -487,7 +456,7 @@ ntp_print(netdissect_options *ndo, case MODE_CLIENT: case MODE_SERVER: case MODE_BROADCAST: - ntp_time_print(ndo, &bp->td, length); + ntp_time_print(ndo, &bp->td, length, version); break; case MODE_CONTROL: @@ -497,10 +466,6 @@ ntp_print(netdissect_options *ndo, default: break; /* XXX: not implemented! */ } - return; - -trunc: - ND_PRINT(" %s", tstr); } static void @@ -511,105 +476,49 @@ p_sfix(netdissect_options *ndo, int f; double ff; - i = EXTRACT_BE_U_2(sfp->int_part); - f = EXTRACT_BE_U_2(sfp->fraction); + i = GET_BE_U_2(sfp->int_part); + f = GET_BE_U_2(sfp->fraction); ff = f / 65536.0; /* shift radix point by 16 bits */ f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */ ND_PRINT("%d.%06d", i, f); } -#define FMAXINT (4294967296.0) /* floating point rep. of MAXINT */ - -static void -p_ntp_time(netdissect_options *ndo, - const struct l_fixedpt *lfp) -{ - uint32_t i; - uint32_t uf; - uint32_t f; - double ff; - - i = EXTRACT_BE_U_4(lfp->int_part); - uf = EXTRACT_BE_U_4(lfp->fraction); - ff = uf; - if (ff < 0.0) /* some compilers are buggy */ - ff += FMAXINT; - ff = ff / FMAXINT; /* shift radix point by 32 bits */ - f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */ - ND_PRINT("%u.%09d", i, f); - -#ifdef HAVE_STRFTIME - /* - * print the UTC time in human-readable format. - */ - if (i) { - int64_t seconds_64bit = (int64_t)i - JAN_1970; - time_t seconds; - struct tm *tm; - char time_buf[128]; - - seconds = (time_t)seconds_64bit; - if (seconds != seconds_64bit) { - /* - * It doesn't fit into a time_t, so we can't hand it - * to gmtime. - */ - ND_PRINT(" (unrepresentable)"); - } else { - tm = gmtime(&seconds); - if (tm == NULL) { - /* - * gmtime() can't handle it. - * (Yes, that might happen with some version of - * Microsoft's C library.) - */ - ND_PRINT(" (unrepresentable)"); - } else { - /* use ISO 8601 (RFC3339) format */ - strftime(time_buf, sizeof (time_buf), "%Y-%m-%dT%H:%M:%S", tm); - ND_PRINT(" (%s)", time_buf); - } - } - } -#endif -} - /* Prints time difference between *lfp and *olfp */ static void p_ntp_delta(netdissect_options *ndo, - const struct l_fixedpt *olfp, - const struct l_fixedpt *lfp) + const struct l_fixedpt *olfp, + const struct l_fixedpt *lfp) { - int32_t i; uint32_t u, uf; uint32_t ou, ouf; + uint32_t i; uint32_t f; double ff; int signbit; - u = EXTRACT_BE_U_4(lfp->int_part); - ou = EXTRACT_BE_U_4(olfp->int_part); - uf = EXTRACT_BE_U_4(lfp->fraction); - ouf = EXTRACT_BE_U_4(olfp->fraction); + u = GET_BE_U_4(lfp->int_part); + ou = GET_BE_U_4(olfp->int_part); + uf = GET_BE_U_4(lfp->fraction); + ouf = GET_BE_U_4(olfp->fraction); if (ou == 0 && ouf == 0) { p_ntp_time(ndo, lfp); return; } - i = u - ou; - - if (i > 0) { /* new is definitely greater than old */ + if (u > ou) { /* new is definitely greater than old */ signbit = 0; + i = u - ou; f = uf - ouf; if (ouf > uf) /* must borrow from high-order bits */ i -= 1; - } else if (i < 0) { /* new is definitely less than old */ + } else if (u < ou) { /* new is definitely less than old */ signbit = 1; + i = ou - u; f = ouf - uf; - if (uf > ouf) /* must carry into the high-order bits */ - i += 1; - i = -i; + if (uf > ouf) /* must borrow from the high-order bits */ + i -= 1; } else { /* int_part is zero */ + i = 0; if (uf > ouf) { signbit = 0; f = uf - ouf; @@ -624,7 +533,7 @@ p_ntp_delta(netdissect_options *ndo, ff += FMAXINT; ff = ff / FMAXINT; /* shift radix point by 32 bits */ f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */ - ND_PRINT("%s%d.%09d", signbit ? "-" : "+", i, f); + ND_PRINT("%s%u.%09u", signbit ? "-" : "+", i, f); } /* Prints polling interval in log2 as seconds or fraction of second */ @@ -641,3 +550,67 @@ p_poll(netdissect_options *ndo, ND_PRINT(" (1/%us)", 1U << -poll_interval); } +/* Prints an NTPv4 extension field */ +static void +p_ntp_ef(netdissect_options *ndo, u_int type, u_int length, const u_char *ef_body) +{ + ND_PRINT("\n\t %s", tok2str(ntp_ef_types, "Unknown type", type)); + ND_PRINT(" (0x%04x), length %u", type, length); + + if (ndo->ndo_vflag > 2) + hex_print(ndo, "\n\t ", ef_body, length - 4); + else { + /* + * If we're not going to print it, at least make sure + * it's present in the packet, so if ef_len is too long, + * we stop. + */ + ND_TCHECK_LEN(ef_body, length - 4); + } +} + +/* Prints list of extension fields per RFC 7822 */ +static u_int +p_ext_fields(netdissect_options *ndo, const u_char *cp, u_int length) +{ + const struct ntp_extension_field *ef; + u_int ef_type, ef_len, efs_len; + int first_ef; + + first_ef = 1; + efs_len = 0; + + /* RFC 7822 requires the last EF in the packet to have at least + 28 octets to avoid ambiguity with MACs */ + while (length - efs_len >= 28) { + ef = (const struct ntp_extension_field *)(cp + efs_len); + ef_type = GET_BE_U_2(ef->type); + ef_len = GET_BE_U_2(ef->length); + + if (efs_len + ef_len > length || ef_len < 4 || ef_len % 4 != 0) { + nd_print_invalid(ndo); + break; + } + + if (first_ef) { + ND_PRINT("\n\tExtension fields:"); + first_ef = 0; + } + + p_ntp_ef(ndo, ef_type, ef_len, (const u_char *)(ef + 1)); + + /* + * The entire extension field is guaranteed to be in the + * captured data, as p_ntp_ef() will longjmp out if it + * isn't. + * + * As the total length of the captured data fits in a + * u_int, this means that the total length of all the + * extension fields will fit in a u_int, so this will + * never overflow. + */ + efs_len += ef_len; + } + + return efs_len; +}