X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/585ac3db0663f474fd3417ea91953b58022cc9d9..60128eebca8c4975a2f1c6a29e16a76f720cc924:/print-ntp.c diff --git a/print-ntp.c b/print-ntp.c index 21bb7374..ca96236f 100644 --- a/print-ntp.c +++ b/print-ntp.c @@ -18,27 +18,28 @@ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * Format and print ntp packets. * By Jeffrey Mogul/DECWRL * loosely based on print-bootp.c */ +/* \summary: Network Time Protocol (NTP) printer */ + #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include +#include -#include -#include #ifdef HAVE_STRFTIME #include #endif -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" #include "extract.h" +static const char tstr[] = " [|ntp]"; + /* * Based on ntp.h from the U of MD implementation * This file is based on Version 2 of the NTP spec (RFC1119). @@ -67,13 +68,13 @@ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ struct l_fixedpt { - u_int32_t int_part; - u_int32_t fraction; + nd_uint32_t int_part; + nd_uint32_t fraction; }; struct s_fixedpt { - u_int16_t int_part; - u_int16_t fraction; + nd_uint16_t int_part; + nd_uint16_t fraction; }; /* rfc2030 @@ -114,20 +115,26 @@ struct s_fixedpt { * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -struct ntpdata { - u_char status; /* status of local clock and leap info */ - u_char stratum; /* Stratum level */ - u_char ppoll; /* poll value */ - int precision:8; +/* Length of the NTP message with the mandatory fields ("the header") + * and without any optional fields (extension, Key Identifier, + * Message Digest). + */ +#define NTP_MSG_MINLEN 48 + +struct ntp_time_data { + nd_uint8_t status; /* status of local clock and leap info */ + nd_uint8_t stratum; /* Stratum level */ + nd_int8_t ppoll; /* poll value */ + nd_int8_t precision; struct s_fixedpt root_delay; struct s_fixedpt root_dispersion; - u_int32_t refid; + nd_uint32_t refid; struct l_fixedpt ref_timestamp; struct l_fixedpt org_timestamp; struct l_fixedpt rec_timestamp; struct l_fixedpt xmt_timestamp; - u_int32_t key_id; - u_int8_t message_digest[16]; + nd_uint32_t key_id; + nd_uint8_t message_digest[20]; }; /* * Leap Second Codes (high order two bits) @@ -142,11 +149,14 @@ struct ntpdata { */ #define NTPVERSION_1 0x08 #define VERSIONMASK 0x38 +#define VERSIONSHIFT 3 #define LEAPMASK 0xc0 +#define LEAPSHIFT 6 #ifdef MODEMASK #undef MODEMASK /* Solaris sucks */ #endif #define MODEMASK 0x07 +#define MODESHIFT 0 /* * Code values @@ -157,7 +167,7 @@ struct ntpdata { #define MODE_CLIENT 3 /* client */ #define MODE_SERVER 4 /* server */ #define MODE_BROADCAST 5 /* broadcast */ -#define MODE_RES1 6 /* reserved */ +#define MODE_CONTROL 6 /* control message */ #define MODE_RES2 7 /* reserved */ /* @@ -168,9 +178,10 @@ struct ntpdata { #define INFO_QUERY 62 /* **** THIS implementation dependent **** */ #define INFO_REPLY 63 /* **** THIS implementation dependent **** */ -static void p_sfix(const struct s_fixedpt *); -static void p_ntp_time(const struct l_fixedpt *); -static void p_ntp_delta(const struct l_fixedpt *, const struct l_fixedpt *); +static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *); +static void p_ntp_time(netdissect_options *, const struct l_fixedpt *); +static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *); +static void p_poll(netdissect_options *, register const int); static const struct tok ntp_mode_values[] = { { MODE_UNSPEC, "unspecified" }, @@ -179,7 +190,7 @@ static const struct tok ntp_mode_values[] = { { MODE_CLIENT, "Client" }, { MODE_SERVER, "Server" }, { MODE_BROADCAST, "Broadcast" }, - { MODE_RES1, "Reserved" }, + { MODE_CONTROL, "Control Message" }, { MODE_RES2, "Reserved" }, { 0, NULL } }; @@ -198,188 +209,341 @@ static const struct tok ntp_stratum_values[] = { { 0, NULL } }; +/* draft-ietf-ntp-mode-6-cmds-02 + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |LI | VN |Mode |R|E|M| OpCode | Sequence Number | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Status | Association ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Offset | Count | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | | + * / Data (up to 468 bytes) / + * | | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Padding (optional) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | | + * / Authenticator (optional, 96 bytes) / + * | | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * Figure 1: NTP Control Message Header + */ +struct ntp_control_data { + nd_uint8_t magic; /* LI, VN, Mode */ + nd_uint8_t control; /* R, E, M, OpCode */ + nd_uint16_t sequence; /* Sequence Number */ + nd_uint16_t status; /* Status */ + nd_uint16_t assoc; /* Association ID */ + nd_uint16_t offset; /* Offset */ + nd_uint16_t count; /* Count */ + nd_uint8_t data[564]; /* Data, [Padding, [Authenticator]] */ +}; + /* - * Print ntp requests + * Print NTP time requests and responses */ -void -ntp_print(register const u_char *cp, u_int length) +static void +ntp_time_print(netdissect_options *ndo, + register const struct ntp_time_data *bp, u_int length) { - register const struct ntpdata *bp; int mode, version, leapind; - bp = (struct ntpdata *)cp; + if (length < NTP_MSG_MINLEN) { + ND_PRINT((ndo, "NTP, length %u", length)); + goto invalid; + } - TCHECK(bp->status); + ND_TCHECK(bp->status); - version = (int)(bp->status & VERSIONMASK) >> 3; - printf("NTPv%d", version); + version = (int)(bp->status & VERSIONMASK) >> VERSIONSHIFT; + ND_PRINT((ndo, "NTPv%d", version)); mode = bp->status & MODEMASK; - if (!vflag) { - printf (", %s, length %u", - tok2str(ntp_mode_values, "Unknown mode", mode), - length); - return; - } + if (!ndo->ndo_vflag) { + ND_PRINT((ndo, ", %s, length %u", + tok2str(ntp_mode_values, "Unknown mode", mode), + length)); + return; + } - printf (", length %u\n\t%s", - length, - tok2str(ntp_mode_values, "Unknown mode", mode)); + ND_PRINT((ndo, ", length %u\n\t%s", + length, + tok2str(ntp_mode_values, "Unknown mode", mode))); leapind = bp->status & LEAPMASK; - printf (", Leap indicator: %s (%u)", - tok2str(ntp_leapind_values, "Unknown", leapind), - leapind); + ND_PRINT((ndo, ", Leap indicator: %s (%u)", + tok2str(ntp_leapind_values, "Unknown", leapind), + leapind)); - TCHECK(bp->stratum); - printf(", Stratum %u (%s)", + ND_TCHECK(bp->stratum); + ND_PRINT((ndo, ", Stratum %u (%s)", bp->stratum, - tok2str(ntp_stratum_values, (bp->stratum >=2 && bp->stratum<=15) ? "secondary reference" : "reserved", bp->stratum)); + tok2str(ntp_stratum_values, (bp->stratum >=2 && bp->stratum<=15) ? "secondary reference" : "reserved", bp->stratum))); - TCHECK(bp->ppoll); - printf(", poll %u (%us)", bp->ppoll, 1 << bp->ppoll); + ND_TCHECK(bp->ppoll); + ND_PRINT((ndo, ", poll %d", bp->ppoll)); + p_poll(ndo, bp->ppoll); - /* Can't TCHECK bp->precision bitfield so bp->distance + 0 instead */ - TCHECK2(bp->root_delay, 0); - printf(", precision %d", bp->precision); + ND_TCHECK(bp->precision); + ND_PRINT((ndo, ", precision %d", bp->precision)); - TCHECK(bp->root_delay); - fputs("\n\tRoot Delay: ", stdout); - p_sfix(&bp->root_delay); + ND_TCHECK(bp->root_delay); + ND_PRINT((ndo, "\n\tRoot Delay: ")); + p_sfix(ndo, &bp->root_delay); - TCHECK(bp->root_dispersion); - fputs(", Root dispersion: ", stdout); - p_sfix(&bp->root_dispersion); + ND_TCHECK(bp->root_dispersion); + ND_PRINT((ndo, ", Root dispersion: ")); + p_sfix(ndo, &bp->root_dispersion); - TCHECK(bp->refid); - fputs(", Reference-ID: ", stdout); + ND_TCHECK(bp->refid); + ND_PRINT((ndo, ", Reference-ID: ")); /* Interpretation depends on stratum */ switch (bp->stratum) { case UNSPECIFIED: - printf("(unspec)"); + ND_PRINT((ndo, "(unspec)")); break; case PRIM_REF: - if (fn_printn((u_char *)&(bp->refid), 4, snapend)) + if (fn_printn(ndo, (const u_char *)&(bp->refid), 4, ndo->ndo_snapend)) goto trunc; break; case INFO_QUERY: - printf("%s INFO_QUERY", ipaddr_string(&(bp->refid))); + ND_PRINT((ndo, "%s INFO_QUERY", ipaddr_string(ndo, &(bp->refid)))); /* this doesn't have more content */ return; case INFO_REPLY: - printf("%s INFO_REPLY", ipaddr_string(&(bp->refid))); + ND_PRINT((ndo, "%s INFO_REPLY", ipaddr_string(ndo, &(bp->refid)))); /* this is too complex to be worth printing */ return; default: - printf("%s", ipaddr_string(&(bp->refid))); + /* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of + MD5 sum of IPv6 address */ + ND_PRINT((ndo, "0x%08x", EXTRACT_32BITS(&bp->refid))); break; } - TCHECK(bp->ref_timestamp); - fputs("\n\t Reference Timestamp: ", stdout); - p_ntp_time(&(bp->ref_timestamp)); + ND_TCHECK(bp->ref_timestamp); + ND_PRINT((ndo, "\n\t Reference Timestamp: ")); + p_ntp_time(ndo, &(bp->ref_timestamp)); + + ND_TCHECK(bp->org_timestamp); + ND_PRINT((ndo, "\n\t Originator Timestamp: ")); + p_ntp_time(ndo, &(bp->org_timestamp)); + + ND_TCHECK(bp->rec_timestamp); + ND_PRINT((ndo, "\n\t Receive Timestamp: ")); + p_ntp_time(ndo, &(bp->rec_timestamp)); + + ND_TCHECK(bp->xmt_timestamp); + ND_PRINT((ndo, "\n\t Transmit Timestamp: ")); + p_ntp_time(ndo, &(bp->xmt_timestamp)); + + ND_PRINT((ndo, "\n\t Originator - Receive Timestamp: ")); + p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->rec_timestamp)); + + ND_PRINT((ndo, "\n\t Originator - Transmit Timestamp: ")); + p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp)); + + /* FIXME: this code is not aware of any extension fields */ + if (length == NTP_MSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */ + ND_TCHECK(bp->key_id); + ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id))); + } else if (length == NTP_MSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */ + ND_TCHECK(bp->key_id); + ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id))); + ND_TCHECK2(bp->message_digest, 16); + ND_PRINT((ndo, "\n\tAuthentication: %08x%08x%08x%08x", + EXTRACT_32BITS(bp->message_digest), + EXTRACT_32BITS(bp->message_digest + 4), + EXTRACT_32BITS(bp->message_digest + 8), + EXTRACT_32BITS(bp->message_digest + 12))); + } else if (length == NTP_MSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */ + ND_TCHECK(bp->key_id); + ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id))); + ND_TCHECK2(bp->message_digest, 20); + ND_PRINT((ndo, "\n\tAuthentication: %08x%08x%08x%08x%08x", + EXTRACT_32BITS(bp->message_digest), + EXTRACT_32BITS(bp->message_digest + 4), + EXTRACT_32BITS(bp->message_digest + 8), + EXTRACT_32BITS(bp->message_digest + 12), + EXTRACT_32BITS(bp->message_digest + 16))); + } else if (length > NTP_MSG_MINLEN) { + ND_PRINT((ndo, "\n\t(%u more bytes after the header)", length - NTP_MSG_MINLEN)); + } + return; - TCHECK(bp->org_timestamp); - fputs("\n\t Originator Timestamp: ", stdout); - p_ntp_time(&(bp->org_timestamp)); +invalid: + ND_PRINT((ndo, " %s", istr)); + ND_TCHECK2(*bp, length); + return; - TCHECK(bp->rec_timestamp); - fputs("\n\t Receive Timestamp: ", stdout); - p_ntp_time(&(bp->rec_timestamp)); +trunc: + ND_PRINT((ndo, " %s", tstr)); +} - TCHECK(bp->xmt_timestamp); - fputs("\n\t Transmit Timestamp: ", stdout); - p_ntp_time(&(bp->xmt_timestamp)); +/* + * Print NTP control message requests and responses + */ +static void +ntp_control_print(netdissect_options *ndo, + register const struct ntp_control_data *cd, u_int length) +{ + u_char R, E, M, opcode; + uint16_t sequence, status, assoc, offset, count; - fputs("\n\t Originator - Receive Timestamp: ", stdout); - p_ntp_delta(&(bp->org_timestamp), &(bp->rec_timestamp)); + R = (cd->control & 0x80) != 0; + E = (cd->control & 0x40) != 0; + M = (cd->control & 0x20) != 0; + opcode = cd->control & 0x1f; + ND_PRINT((ndo, ", %s, %s, %s, OpCode=%u\n", + R ? "Response" : "Request", E ? "Error" : "OK", + M ? "More" : "Last", (unsigned)opcode)); - fputs("\n\t Originator - Transmit Timestamp: ", stdout); - p_ntp_delta(&(bp->org_timestamp), &(bp->xmt_timestamp)); + sequence = EXTRACT_16BITS(&cd->sequence); + ND_PRINT((ndo, "\tSequence=%hu", sequence)); - if ( (sizeof(struct ntpdata) - length) == 16) { /* Optional: key-id */ - TCHECK(bp->key_id); - printf("\n\tKey id: %u", bp->key_id); - } else if ( (sizeof(struct ntpdata) - length) == 0) { /* Optional: key-id + authentication */ - TCHECK(bp->key_id); - printf("\n\tKey id: %u", bp->key_id); - TCHECK2(bp->message_digest, sizeof (bp->message_digest)); - printf("\n\tAuthentication: %08x%08x%08x%08x", - EXTRACT_32BITS(bp->message_digest), - EXTRACT_32BITS(bp->message_digest + 4), - EXTRACT_32BITS(bp->message_digest + 8), - EXTRACT_32BITS(bp->message_digest + 12)); - } + status = EXTRACT_16BITS(&cd->status); + ND_PRINT((ndo, ", Status=%#hx", status)); + + assoc = EXTRACT_16BITS(&cd->assoc); + ND_PRINT((ndo, ", Assoc.=%hu", assoc)); + + offset = EXTRACT_16BITS(&cd->offset); + ND_PRINT((ndo, ", Offset=%hu", offset)); + + count = EXTRACT_16BITS(&cd->count); + ND_PRINT((ndo, ", Count=%hu", count)); + + if ((cd->data - (const u_char *)cd) + count > length) + goto trunc; + if (count != 0) + ND_PRINT((ndo, "\n\tTO-BE-DONE: data not interpreted")); + return; + +trunc: + ND_PRINT((ndo, " %s", tstr)); +} + +union ntpdata { + struct ntp_time_data td; + struct ntp_control_data cd; +}; + +/* + * Print NTP requests, handling the common VN, LI, and Mode + */ +void +ntp_print(netdissect_options *ndo, + register const u_char *cp, u_int length) +{ + register const union ntpdata *bp = (const union ntpdata *)cp; + int mode, version, leapind; + + ND_TCHECK(bp->td.status); + + version = (bp->td.status & VERSIONMASK) >> VERSIONSHIFT; + ND_PRINT((ndo, "NTPv%d", version)); + + mode = (bp->td.status & MODEMASK) >> MODESHIFT; + if (!ndo->ndo_vflag) { + ND_PRINT((ndo, ", %s, length %u", + tok2str(ntp_mode_values, "Unknown mode", mode), + length)); + return; + } + + ND_PRINT((ndo, ", %s, length %u\n", + tok2str(ntp_mode_values, "Unknown mode", mode), length)); + + /* leapind = (bp->td.status & LEAPMASK) >> LEAPSHIFT; */ + leapind = (bp->td.status & LEAPMASK); + ND_PRINT((ndo, "\tLeap indicator: %s (%u)", + tok2str(ntp_leapind_values, "Unknown", leapind), + leapind)); + + if (mode >= MODE_UNSPEC && mode <= MODE_BROADCAST) + ntp_time_print(ndo, &bp->td, length); + else if (mode == MODE_CONTROL) + ntp_control_print(ndo, &bp->cd, length); + else + {;} /* XXX: not implemented! */ return; trunc: - fputs(" [|ntp]", stdout); + ND_PRINT((ndo, " %s", tstr)); } static void -p_sfix(register const struct s_fixedpt *sfp) +p_sfix(netdissect_options *ndo, + register const struct s_fixedpt *sfp) { register int i; register int f; - register float ff; + register double ff; i = EXTRACT_16BITS(&sfp->int_part); f = EXTRACT_16BITS(&sfp->fraction); - ff = f / 65536.0; /* shift radix point by 16 bits */ - f = ff * 1000000.0; /* Treat fraction as parts per million */ - printf("%d.%06d", i, f); + ff = f / 65536.0; /* shift radix point by 16 bits */ + f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */ + ND_PRINT((ndo, "%d.%06d", i, f)); } #define FMAXINT (4294967296.0) /* floating point rep. of MAXINT */ static void -p_ntp_time(register const struct l_fixedpt *lfp) +p_ntp_time(netdissect_options *ndo, + register const struct l_fixedpt *lfp) { register int32_t i; - register u_int32_t uf; - register u_int32_t f; - register float ff; + register uint32_t uf; + register uint32_t f; + register double ff; i = EXTRACT_32BITS(&lfp->int_part); uf = EXTRACT_32BITS(&lfp->fraction); ff = uf; if (ff < 0.0) /* some compilers are buggy */ ff += FMAXINT; - ff = ff / FMAXINT; /* shift radix point by 32 bits */ - f = ff * 1000000000.0; /* treat fraction as parts per billion */ - printf("%u.%09d", i, f); + ff = ff / FMAXINT; /* shift radix point by 32 bits */ + f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */ + ND_PRINT((ndo, "%u.%09d", i, f)); #ifdef HAVE_STRFTIME /* - * print the time in human-readable format. + * print the UTC time in human-readable format. */ if (i) { time_t seconds = i - JAN_1970; struct tm *tm; char time_buf[128]; - tm = localtime(&seconds); - strftime(time_buf, sizeof (time_buf), "%Y/%m/%d %H:%M:%S", tm); - printf (" (%s)", time_buf); + tm = gmtime(&seconds); + /* use ISO 8601 (RFC3339) format */ + strftime(time_buf, sizeof (time_buf), "%Y-%m-%dT%H:%M:%S", tm); + ND_PRINT((ndo, " (%s)", time_buf)); } #endif } /* Prints time difference between *lfp and *olfp */ static void -p_ntp_delta(register const struct l_fixedpt *olfp, - register const struct l_fixedpt *lfp) +p_ntp_delta(netdissect_options *ndo, + register const struct l_fixedpt *olfp, + register const struct l_fixedpt *lfp) { register int32_t i; - register u_int32_t u, uf; - register u_int32_t ou, ouf; - register u_int32_t f; - register float ff; + register uint32_t u, uf; + register uint32_t ou, ouf; + register uint32_t f; + register double ff; int signbit; u = EXTRACT_32BITS(&lfp->int_part); @@ -387,7 +551,7 @@ p_ntp_delta(register const struct l_fixedpt *olfp, uf = EXTRACT_32BITS(&lfp->fraction); ouf = EXTRACT_32BITS(&olfp->fraction); if (ou == 0 && ouf == 0) { - p_ntp_time(lfp); + p_ntp_time(ndo, lfp); return; } @@ -417,12 +581,22 @@ p_ntp_delta(register const struct l_fixedpt *olfp, ff = f; if (ff < 0.0) /* some compilers are buggy */ ff += FMAXINT; - ff = ff / FMAXINT; /* shift radix point by 32 bits */ - f = ff * 1000000000.0; /* treat fraction as parts per billion */ - if (signbit) - putchar('-'); + ff = ff / FMAXINT; /* shift radix point by 32 bits */ + f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */ + ND_PRINT((ndo, "%s%d.%09d", signbit ? "-" : "+", i, f)); +} + +/* Prints polling interval in log2 as seconds or fraction of second */ +static void +p_poll(netdissect_options *ndo, + register const int poll_interval) +{ + if (poll_interval <= -32 || poll_interval >= 32) + return; + + if (poll_interval >= 0) + ND_PRINT((ndo, " (%us)", 1U << poll_interval)); else - putchar('+'); - printf("%d.%09d", i, f); + ND_PRINT((ndo, " (1/%us)", 1U << -poll_interval)); }