X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/c78c62101075211fa43ca816fb68966a2a6adc88..b51a0dafc7861eb31d21524ec067d7c529a664b8:/print-ntp.c?ds=sidebyside diff --git a/print-ntp.c b/print-ntp.c index 79bff24b..86e29e69 100644 --- a/print-ntp.c +++ b/print-ntp.c @@ -24,57 +24,36 @@ /* \summary: Network Time Protocol (NTP) printer */ +/* + * specification: + * + * RFC 1119 - NTPv2 + * RFC 1305 - NTPv3 + * RFC 5905 - NTPv4 + */ + #ifdef HAVE_CONFIG_H -#include "config.h" +#include #endif -#include +#include "netdissect-stdinc.h" #ifdef HAVE_STRFTIME #include #endif +#define ND_LONGJMP_FROM_TCHECK #include "netdissect.h" #include "addrtoname.h" #include "extract.h" +#include "ntp.h" + /* * Based on ntp.h from the U of MD implementation * This file is based on Version 2 of the NTP spec (RFC1119). */ -/* - * Definitions for the masses - */ -#define JAN_1970 2208988800U /* 1970 - 1900 in seconds */ - -/* - * Structure definitions for NTP fixed point values - * - * 0 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Integer Part | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Fraction Part | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * - * 0 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - * | Integer Part | Fraction Part | - * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -*/ -struct l_fixedpt { - uint32_t int_part; - uint32_t fraction; -}; - -struct s_fixedpt { - uint16_t int_part; - uint16_t fraction; -}; - /* rfc2030 * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -113,26 +92,26 @@ struct s_fixedpt { * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ */ -/* Length of the NTP message with the mandatory fields ("the header") +/* Length of the NTP data message with the mandatory fields ("the header") * and without any optional fields (extension, Key Identifier, * Message Digest). */ -#define NTP_MSG_MINLEN 48 +#define NTP_TIMEMSG_MINLEN 48U -struct ntpdata { - u_char status; /* status of local clock and leap info */ - u_char stratum; /* Stratum level */ - int ppoll:8; /* poll value */ - int precision:8; +struct ntp_time_data { + nd_uint8_t status; /* status of local clock and leap info */ + nd_uint8_t stratum; /* Stratum level */ + nd_int8_t ppoll; /* poll value */ + nd_int8_t precision; struct s_fixedpt root_delay; struct s_fixedpt root_dispersion; - uint32_t refid; + nd_uint32_t refid; struct l_fixedpt ref_timestamp; struct l_fixedpt org_timestamp; struct l_fixedpt rec_timestamp; struct l_fixedpt xmt_timestamp; - uint32_t key_id; - uint8_t message_digest[20]; + nd_uint32_t key_id; + nd_uint8_t message_digest[20]; }; /* * Leap Second Codes (high order two bits) @@ -177,9 +156,8 @@ struct ntpdata { #define INFO_REPLY 63 /* **** THIS implementation dependent **** */ static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *); -static void p_ntp_time(netdissect_options *, const struct l_fixedpt *); static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *); -static void p_poll(netdissect_options *, register const int); +static void p_poll(netdissect_options *, const int); static const struct tok ntp_mode_values[] = { { MODE_UNSPEC, "unspecified" }, @@ -207,245 +185,310 @@ static const struct tok ntp_stratum_values[] = { { 0, NULL } }; +/* draft-ietf-ntp-mode-6-cmds-02 + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |LI | VN |Mode |R|E|M| OpCode | Sequence Number | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Status | Association ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Offset | Count | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | | + * / Data (up to 468 bytes) / + * | | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Padding (optional) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | | + * / Authenticator (optional, 96 bytes) / + * | | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * Figure 1: NTP Control Message Header + */ + +/* Length of the NTP control message with the mandatory fields ("the header") + * and without any optional fields (Data, Padding, Authenticator). + */ +#define NTP_CTRLMSG_MINLEN 12U + +struct ntp_control_data { + nd_uint8_t magic; /* LI, VN, Mode */ + nd_uint8_t control; /* R, E, M, OpCode */ + nd_uint16_t sequence; /* Sequence Number */ + nd_uint16_t status; /* Status */ + nd_uint16_t assoc; /* Association ID */ + nd_uint16_t offset; /* Offset */ + nd_uint16_t count; /* Count */ + nd_uint8_t data[564]; /* Data, [Padding, [Authenticator]] */ +}; + /* - * Print ntp requests + * Print NTP time requests and responses */ -void -ntp_print(netdissect_options *ndo, - register const u_char *cp, u_int length) +static void +ntp_time_print(netdissect_options *ndo, + const struct ntp_time_data *bp, u_int length) { - register const struct ntpdata *bp; - int mode, version, leapind; + uint8_t stratum; - if (length < NTP_MSG_MINLEN) { - ND_PRINT((ndo, "NTP, length %u", length)); + if (length < NTP_TIMEMSG_MINLEN) goto invalid; - } - bp = (const struct ntpdata *)cp; + stratum = GET_U_1(bp->stratum); + ND_PRINT(", Stratum %u (%s)", + stratum, + tok2str(ntp_stratum_values, (stratum >=2 && stratum<=15) ? "secondary reference" : "reserved", stratum)); - ND_TCHECK(bp->status); + ND_PRINT(", poll %d", GET_S_1(bp->ppoll)); + p_poll(ndo, GET_S_1(bp->ppoll)); - version = (int)(bp->status & VERSIONMASK) >> VERSIONSHIFT; - ND_PRINT((ndo, "NTPv%d", version)); + ND_PRINT(", precision %d", GET_S_1(bp->precision)); - mode = bp->status & MODEMASK; - if (!ndo->ndo_vflag) { - ND_PRINT((ndo, ", %s, length %u", - tok2str(ntp_mode_values, "Unknown mode", mode), - length)); - return; - } - - ND_PRINT((ndo, ", length %u\n\t%s", - length, - tok2str(ntp_mode_values, "Unknown mode", mode))); - - leapind = bp->status & LEAPMASK; - ND_PRINT((ndo, ", Leap indicator: %s (%u)", - tok2str(ntp_leapind_values, "Unknown", leapind), - leapind)); - - ND_TCHECK(bp->stratum); - ND_PRINT((ndo, ", Stratum %u (%s)", - bp->stratum, - tok2str(ntp_stratum_values, (bp->stratum >=2 && bp->stratum<=15) ? "secondary reference" : "reserved", bp->stratum))); - - /* Can't ND_TCHECK bp->ppoll bitfield so bp->stratum + 2 instead */ - ND_TCHECK2(bp->stratum, 2); - ND_PRINT((ndo, ", poll %d", bp->ppoll)); - p_poll(ndo, bp->ppoll); - - /* Can't ND_TCHECK bp->precision bitfield so bp->distance + 0 instead */ - ND_TCHECK2(bp->root_delay, 0); - ND_PRINT((ndo, ", precision %d", bp->precision)); - - ND_TCHECK(bp->root_delay); - ND_PRINT((ndo, "\n\tRoot Delay: ")); + ND_PRINT("\n\tRoot Delay: "); p_sfix(ndo, &bp->root_delay); - ND_TCHECK(bp->root_dispersion); - ND_PRINT((ndo, ", Root dispersion: ")); + ND_PRINT(", Root dispersion: "); p_sfix(ndo, &bp->root_dispersion); - ND_TCHECK(bp->refid); - ND_PRINT((ndo, ", Reference-ID: ")); + ND_PRINT(", Reference-ID: "); /* Interpretation depends on stratum */ - switch (bp->stratum) { + switch (stratum) { case UNSPECIFIED: - ND_PRINT((ndo, "(unspec)")); + ND_PRINT("(unspec)"); + ND_TCHECK_4(bp->refid); break; case PRIM_REF: - if (fn_printn(ndo, (const u_char *)&(bp->refid), 4, ndo->ndo_snapend)) - goto trunc; + nd_printjn(ndo, (const u_char *)&(bp->refid), 4); break; case INFO_QUERY: - ND_PRINT((ndo, "%s INFO_QUERY", ipaddr_string(ndo, &(bp->refid)))); + ND_PRINT("%s INFO_QUERY", GET_IPADDR_STRING(bp->refid)); /* this doesn't have more content */ return; case INFO_REPLY: - ND_PRINT((ndo, "%s INFO_REPLY", ipaddr_string(ndo, &(bp->refid)))); + ND_PRINT("%s INFO_REPLY", GET_IPADDR_STRING(bp->refid)); /* this is too complex to be worth printing */ return; default: /* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of MD5 sum of IPv6 address */ - ND_PRINT((ndo, "0x%08x", EXTRACT_32BITS(&bp->refid))); + ND_PRINT("0x%08x", GET_BE_U_4(bp->refid)); break; } - ND_TCHECK(bp->ref_timestamp); - ND_PRINT((ndo, "\n\t Reference Timestamp: ")); + ND_PRINT("\n\t Reference Timestamp: "); p_ntp_time(ndo, &(bp->ref_timestamp)); - ND_TCHECK(bp->org_timestamp); - ND_PRINT((ndo, "\n\t Originator Timestamp: ")); + ND_PRINT("\n\t Originator Timestamp: "); p_ntp_time(ndo, &(bp->org_timestamp)); - ND_TCHECK(bp->rec_timestamp); - ND_PRINT((ndo, "\n\t Receive Timestamp: ")); + ND_PRINT("\n\t Receive Timestamp: "); p_ntp_time(ndo, &(bp->rec_timestamp)); - ND_TCHECK(bp->xmt_timestamp); - ND_PRINT((ndo, "\n\t Transmit Timestamp: ")); + ND_PRINT("\n\t Transmit Timestamp: "); p_ntp_time(ndo, &(bp->xmt_timestamp)); - ND_PRINT((ndo, "\n\t Originator - Receive Timestamp: ")); + ND_PRINT("\n\t Originator - Receive Timestamp: "); p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->rec_timestamp)); - ND_PRINT((ndo, "\n\t Originator - Transmit Timestamp: ")); + ND_PRINT("\n\t Originator - Transmit Timestamp: "); p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp)); /* FIXME: this code is not aware of any extension fields */ - if (length == NTP_MSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */ - ND_TCHECK(bp->key_id); - ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id))); - } else if (length == NTP_MSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */ - ND_TCHECK(bp->key_id); - ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id))); - ND_TCHECK2(bp->message_digest, 16); - ND_PRINT((ndo, "\n\tAuthentication: %08x%08x%08x%08x", - EXTRACT_32BITS(bp->message_digest), - EXTRACT_32BITS(bp->message_digest + 4), - EXTRACT_32BITS(bp->message_digest + 8), - EXTRACT_32BITS(bp->message_digest + 12))); - } else if (length == NTP_MSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */ - ND_TCHECK(bp->key_id); - ND_PRINT((ndo, "\n\tKey id: %u", EXTRACT_32BITS(&bp->key_id))); - ND_TCHECK2(bp->message_digest, 20); - ND_PRINT((ndo, "\n\tAuthentication: %08x%08x%08x%08x%08x", - EXTRACT_32BITS(bp->message_digest), - EXTRACT_32BITS(bp->message_digest + 4), - EXTRACT_32BITS(bp->message_digest + 8), - EXTRACT_32BITS(bp->message_digest + 12), - EXTRACT_32BITS(bp->message_digest + 16))); - } else if (length > NTP_MSG_MINLEN) { - ND_PRINT((ndo, "\n\t(%u more bytes after the header)", length - NTP_MSG_MINLEN)); + if (length == NTP_TIMEMSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */ + ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id)); + } else if (length == NTP_TIMEMSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */ + ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id)); + ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x", + GET_BE_U_4(bp->message_digest), + GET_BE_U_4(bp->message_digest + 4), + GET_BE_U_4(bp->message_digest + 8), + GET_BE_U_4(bp->message_digest + 12)); + } else if (length == NTP_TIMEMSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */ + ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id)); + ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x%08x", + GET_BE_U_4(bp->message_digest), + GET_BE_U_4(bp->message_digest + 4), + GET_BE_U_4(bp->message_digest + 8), + GET_BE_U_4(bp->message_digest + 12), + GET_BE_U_4(bp->message_digest + 16)); + } else if (length > NTP_TIMEMSG_MINLEN) { + ND_PRINT("\n\t(%u more bytes after the header)", length - NTP_TIMEMSG_MINLEN); } return; invalid: - ND_PRINT((ndo, " %s", istr)); - ND_TCHECK2(*cp, length); - return; - -trunc: - ND_PRINT((ndo, " [|ntp]")); + nd_print_invalid(ndo); + ND_TCHECK_LEN(bp, length); } +/* + * Print NTP control message requests and responses + */ static void -p_sfix(netdissect_options *ndo, - register const struct s_fixedpt *sfp) +ntp_control_print(netdissect_options *ndo, + const struct ntp_control_data *cd, u_int length) { - register int i; - register int f; - register double ff; + uint8_t control, R, E, M, opcode; + uint16_t sequence, status, assoc, offset, count; - i = EXTRACT_16BITS(&sfp->int_part); - f = EXTRACT_16BITS(&sfp->fraction); - ff = f / 65536.0; /* shift radix point by 16 bits */ - f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */ - ND_PRINT((ndo, "%d.%06d", i, f)); + if (length < NTP_CTRLMSG_MINLEN) + goto invalid; + + control = GET_U_1(cd->control); + R = (control & 0x80) != 0; + E = (control & 0x40) != 0; + M = (control & 0x20) != 0; + opcode = control & 0x1f; + ND_PRINT(", %s, %s, %s, OpCode=%u\n", + R ? "Response" : "Request", E ? "Error" : "OK", + M ? "More" : "Last", opcode); + + sequence = GET_BE_U_2(cd->sequence); + ND_PRINT("\tSequence=%hu", sequence); + + status = GET_BE_U_2(cd->status); + ND_PRINT(", Status=%#hx", status); + + assoc = GET_BE_U_2(cd->assoc); + ND_PRINT(", Assoc.=%hu", assoc); + + offset = GET_BE_U_2(cd->offset); + ND_PRINT(", Offset=%hu", offset); + + count = GET_BE_U_2(cd->count); + ND_PRINT(", Count=%hu", count); + + if (NTP_CTRLMSG_MINLEN + count > length) + goto invalid; + if (count != 0) { + ND_TCHECK_LEN(cd->data, count); + ND_PRINT("\n\tTO-BE-DONE: data not interpreted"); + } + return; + +invalid: + nd_print_invalid(ndo); + ND_TCHECK_LEN(cd, length); } -#define FMAXINT (4294967296.0) /* floating point rep. of MAXINT */ +union ntpdata { + struct ntp_time_data td; + struct ntp_control_data cd; +}; -static void -p_ntp_time(netdissect_options *ndo, - register const struct l_fixedpt *lfp) +/* + * Print NTP requests, handling the common VN, LI, and Mode + */ +void +ntp_print(netdissect_options *ndo, + const u_char *cp, u_int length) { - register int32_t i; - register uint32_t uf; - register uint32_t f; - register double ff; - - i = EXTRACT_32BITS(&lfp->int_part); - uf = EXTRACT_32BITS(&lfp->fraction); - ff = uf; - if (ff < 0.0) /* some compilers are buggy */ - ff += FMAXINT; - ff = ff / FMAXINT; /* shift radix point by 32 bits */ - f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */ - ND_PRINT((ndo, "%u.%09d", i, f)); + const union ntpdata *bp = (const union ntpdata *)cp; + u_int mode, version, leapind; + uint8_t status; -#ifdef HAVE_STRFTIME - /* - * print the UTC time in human-readable format. - */ - if (i) { - time_t seconds = i - JAN_1970; - struct tm *tm; - char time_buf[128]; - - tm = gmtime(&seconds); - /* use ISO 8601 (RFC3339) format */ - strftime(time_buf, sizeof (time_buf), "%Y-%m-%dT%H:%M:%S", tm); - ND_PRINT((ndo, " (%s)", time_buf)); + ndo->ndo_protocol = "ntp"; + status = GET_U_1(bp->td.status); + + version = (status & VERSIONMASK) >> VERSIONSHIFT; + ND_PRINT("NTPv%u", version); + + mode = (status & MODEMASK) >> MODESHIFT; + if (!ndo->ndo_vflag) { + ND_PRINT(", %s, length %u", + tok2str(ntp_mode_values, "Unknown mode", mode), + length); + return; } -#endif + + ND_PRINT(", %s, length %u\n", + tok2str(ntp_mode_values, "Unknown mode", mode), length); + + /* leapind = (status & LEAPMASK) >> LEAPSHIFT; */ + leapind = (status & LEAPMASK); + ND_PRINT("\tLeap indicator: %s (%u)", + tok2str(ntp_leapind_values, "Unknown", leapind), + leapind); + + switch (mode) { + + case MODE_UNSPEC: + case MODE_SYM_ACT: + case MODE_SYM_PAS: + case MODE_CLIENT: + case MODE_SERVER: + case MODE_BROADCAST: + ntp_time_print(ndo, &bp->td, length); + break; + + case MODE_CONTROL: + ntp_control_print(ndo, &bp->cd, length); + break; + + default: + break; /* XXX: not implemented! */ + } +} + +static void +p_sfix(netdissect_options *ndo, + const struct s_fixedpt *sfp) +{ + int i; + int f; + double ff; + + i = GET_BE_U_2(sfp->int_part); + f = GET_BE_U_2(sfp->fraction); + ff = f / 65536.0; /* shift radix point by 16 bits */ + f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */ + ND_PRINT("%d.%06d", i, f); } /* Prints time difference between *lfp and *olfp */ static void p_ntp_delta(netdissect_options *ndo, - register const struct l_fixedpt *olfp, - register const struct l_fixedpt *lfp) + const struct l_fixedpt *olfp, + const struct l_fixedpt *lfp) { - register int32_t i; - register uint32_t u, uf; - register uint32_t ou, ouf; - register uint32_t f; - register double ff; + uint32_t u, uf; + uint32_t ou, ouf; + uint32_t i; + uint32_t f; + double ff; int signbit; - u = EXTRACT_32BITS(&lfp->int_part); - ou = EXTRACT_32BITS(&olfp->int_part); - uf = EXTRACT_32BITS(&lfp->fraction); - ouf = EXTRACT_32BITS(&olfp->fraction); + u = GET_BE_U_4(lfp->int_part); + ou = GET_BE_U_4(olfp->int_part); + uf = GET_BE_U_4(lfp->fraction); + ouf = GET_BE_U_4(olfp->fraction); if (ou == 0 && ouf == 0) { p_ntp_time(ndo, lfp); return; } - i = u - ou; - - if (i > 0) { /* new is definitely greater than old */ + if (u > ou) { /* new is definitely greater than old */ signbit = 0; + i = u - ou; f = uf - ouf; if (ouf > uf) /* must borrow from high-order bits */ i -= 1; - } else if (i < 0) { /* new is definitely less than old */ + } else if (u < ou) { /* new is definitely less than old */ signbit = 1; + i = ou - u; f = ouf - uf; - if (uf > ouf) /* must carry into the high-order bits */ - i += 1; - i = -i; + if (uf > ouf) /* must borrow from the high-order bits */ + i -= 1; } else { /* int_part is zero */ + i = 0; if (uf > ouf) { signbit = 0; f = uf - ouf; @@ -460,20 +503,20 @@ p_ntp_delta(netdissect_options *ndo, ff += FMAXINT; ff = ff / FMAXINT; /* shift radix point by 32 bits */ f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */ - ND_PRINT((ndo, "%s%d.%09d", signbit ? "-" : "+", i, f)); + ND_PRINT("%s%u.%09u", signbit ? "-" : "+", i, f); } /* Prints polling interval in log2 as seconds or fraction of second */ static void p_poll(netdissect_options *ndo, - register const int poll_interval) + const int poll_interval) { if (poll_interval <= -32 || poll_interval >= 32) return; if (poll_interval >= 0) - ND_PRINT((ndo, " (%us)", 1U << poll_interval)); + ND_PRINT(" (%us)", 1U << poll_interval); else - ND_PRINT((ndo, " (1/%us)", 1U << -poll_interval)); + ND_PRINT(" (1/%us)", 1U << -poll_interval); }