* This file is based on Version 2 of the NTP spec (RFC1119).
*/
-/* rfc2030
+/* RFC 5905 updated by RFC 7822
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Transmit Timestamp (64) |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Key Identifier (optional) (32) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | |
- * | |
- * | Message Digest (optional) (128) |
* | |
+ * . .
+ * . Optional Extensions (variable) .
+ * . .
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
struct l_fixedpt org_timestamp;
struct l_fixedpt rec_timestamp;
struct l_fixedpt xmt_timestamp;
- nd_uint32_t key_id;
- nd_uint8_t message_digest[20];
+ /* extension fields and/or MAC follow */
};
+
+struct ntp_extension_field {
+ nd_uint16_t type;
+ nd_uint16_t length;
+ /* body follows */
+};
+
/*
* Leap Second Codes (high order two bits)
*/
static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *);
static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *);
static void p_poll(netdissect_options *, const int);
+static u_int p_ext_fields(netdissect_options *, const u_char *, u_int length);
static const struct tok ntp_mode_values[] = {
{ MODE_UNSPEC, "unspecified" },
{ 0, NULL }
};
+static const struct tok ntp_ef_types[] = {
+ { 0x0104, "Unique Identifier" },
+ { 0x0204, "NTS Cookie" },
+ { 0x0304, "NTS Cookie Placeholder" },
+ { 0x0404, "NTS Authenticator and Encrypted Extension Fields" },
+ { 0x2005, "Checksum Complement" },
+ { 0, NULL }
+};
+
/* draft-ietf-ntp-mode-6-cmds-02
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
*/
static void
ntp_time_print(netdissect_options *ndo,
- const struct ntp_time_data *bp, u_int length)
+ const struct ntp_time_data *bp, u_int length, u_int version)
{
+ const u_char *mac;
uint8_t stratum;
+ u_int efs_len;
if (length < NTP_TIMEMSG_MINLEN)
goto invalid;
ND_PRINT("\n\t Originator - Transmit Timestamp: ");
p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
- /* FIXME: this code is not aware of any extension fields */
- if (length == NTP_TIMEMSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */
- ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
- } else if (length == NTP_TIMEMSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */
- ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
+ if (version == 4)
+ efs_len = p_ext_fields(ndo, (const u_char *)bp + NTP_TIMEMSG_MINLEN, length - NTP_TIMEMSG_MINLEN);
+ else
+ efs_len = 0;
+
+ mac = (const u_char *)bp + NTP_TIMEMSG_MINLEN + efs_len;
+
+ if (length == NTP_TIMEMSG_MINLEN + efs_len + 4) { /* Optional: key-id (crypto-NAK) */
+ ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac));
+ } else if (length == NTP_TIMEMSG_MINLEN + efs_len + 4 + 16) { /* Optional: key-id + 128-bit digest */
+ ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac));
ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x",
- GET_BE_U_4(bp->message_digest),
- GET_BE_U_4(bp->message_digest + 4),
- GET_BE_U_4(bp->message_digest + 8),
- GET_BE_U_4(bp->message_digest + 12));
- } else if (length == NTP_TIMEMSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */
- ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
+ GET_BE_U_4(mac + 4),
+ GET_BE_U_4(mac + 8),
+ GET_BE_U_4(mac + 12),
+ GET_BE_U_4(mac + 16));
+ } else if (length == NTP_TIMEMSG_MINLEN + efs_len + 4 + 20) { /* Optional: key-id + 160-bit digest */
+ ND_PRINT("\n\tKey id: %u", GET_BE_U_4(mac));
ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x%08x",
- GET_BE_U_4(bp->message_digest),
- GET_BE_U_4(bp->message_digest + 4),
- GET_BE_U_4(bp->message_digest + 8),
- GET_BE_U_4(bp->message_digest + 12),
- GET_BE_U_4(bp->message_digest + 16));
- } else if (length > NTP_TIMEMSG_MINLEN) {
- ND_PRINT("\n\t(%u more bytes after the header)", length - NTP_TIMEMSG_MINLEN);
+ GET_BE_U_4(mac + 4),
+ GET_BE_U_4(mac + 8),
+ GET_BE_U_4(mac + 12),
+ GET_BE_U_4(mac + 16),
+ GET_BE_U_4(mac + 20));
+ } else if (length > NTP_TIMEMSG_MINLEN + efs_len) {
+ ND_PRINT("\n\t(%u more bytes after the header and extension fields)",
+ length - NTP_TIMEMSG_MINLEN - efs_len);
}
return;
case MODE_CLIENT:
case MODE_SERVER:
case MODE_BROADCAST:
- ntp_time_print(ndo, &bp->td, length);
+ ntp_time_print(ndo, &bp->td, length, version);
break;
case MODE_CONTROL:
ND_PRINT(" (1/%us)", 1U << -poll_interval);
}
+/* Prints an NTPv4 extension field */
+static void
+p_ntp_ef(netdissect_options *ndo, u_int type, u_int length, const u_char *ef_body)
+{
+ ND_PRINT("\n\t %s", tok2str(ntp_ef_types, "Unknown type", type));
+ ND_PRINT(" (0x%04x), length %u", type, length);
+
+ if (ndo->ndo_vflag > 2)
+ hex_print(ndo, "\n\t ", ef_body, length - 4);
+}
+
+/* Prints list of extension fields per RFC 7822 */
+static u_int
+p_ext_fields(netdissect_options *ndo, const u_char *cp, u_int length)
+{
+ const struct ntp_extension_field *ef;
+ u_int ef_type, ef_len, efs_len;
+ int first_ef;
+
+ first_ef = 1;
+ efs_len = 0;
+
+ /* RFC 7822 requires the last EF in the packet to have at least
+ 28 octets to avoid ambiguity with MACs */
+ while (length - efs_len >= 28) {
+ ef = (const struct ntp_extension_field *)(cp + efs_len);
+ ef_type = GET_BE_U_2(ef->type);
+ ef_len = GET_BE_U_2(ef->length);
+
+ if (efs_len + ef_len > length || ef_len < 4 || ef_len % 4 != 0) {
+ nd_print_invalid(ndo);
+ break;
+ }
+
+ if (first_ef) {
+ ND_PRINT("\n\tExtension fields:");
+ first_ef = 0;
+ }
+
+ p_ntp_ef(ndo, ef_type, ef_len, (const u_char *)(ef + 1));
+ efs_len += ef_len;
+ }
+
+ return efs_len;
+}
ntp-v ntp.pcap ntp-v.out -v
ntp-time ntp-time.pcap ntp-time.out
ntp-time--v ntp-time.pcap ntp-time--v.out -v
+ntp-time-ef ntp-time-ef.pcap ntp-time-ef.out
+ntp-time-ef--v ntp-time-ef.pcap ntp-time-ef--v.out -v
+ntp-time-ef--vvv ntp-time-ef.pcap ntp-time-ef--vvv.out -vvv
ntp-control ntp-control.pcap ntp-control.out
ntp-control--v ntp-control.pcap ntp-control--v.out -v
ntp-mode7 ntp-mode7.pcap ntp-mode7.out
--- /dev/null
+ 1 13:23:30.254335 IP (tos 0x0, ttl 64, id 62645, offset 0, flags [DF], proto UDP (17), length 360)
+ 10.43.135.229.57551 > 162.159.200.123.123: NTPv4, Client, length 332
+ Leap indicator: (0), Stratum 0 (unspecified), poll 6 (64s), precision 32
+ Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
+ Reference Timestamp: 0.000000000
+ Originator Timestamp: 0.000000000
+ Receive Timestamp: 0.000000000
+ Transmit Timestamp: 3656702015.307509582 (2015-11-16T22:33:35Z)
+ Originator - Receive Timestamp: 0.000000000
+ Originator - Transmit Timestamp: 3656702015.307509582 (2015-11-16T22:33:35Z)
+ Extension fields:
+ Unique Identifier (0x0104), length 36
+ NTS Cookie (0x0204), length 104
+ NTS Cookie Placeholder (0x0304), length 104
+ NTS Authenticator and Encrypted Extension Fields (0x0404), length 40
+ 2 13:23:30.258867 IP (tos 0x0, ttl 55, id 41904, offset 0, flags [DF], proto UDP (17), length 360)
+ 162.159.200.123.123 > 10.43.135.229.57551: NTPv4, Server, length 332
+ Leap indicator: (0), Stratum 3 (secondary reference), poll 6 (64s), precision -25
+ Root Delay: 0.017074, Root dispersion: 0.000732, Reference-ID: 0x0a1f0880
+ Reference Timestamp: 3869212959.224956389 (2022-08-11T13:22:39Z)
+ Originator Timestamp: 3656702015.307509582 (2015-11-16T22:33:35Z)
+ Receive Timestamp: 3869213010.188058000 (2022-08-11T13:23:30Z)
+ Transmit Timestamp: 3869213010.188123546 (2022-08-11T13:23:30Z)
+ Originator - Receive Timestamp: +212510994.880548417
+ Originator - Transmit Timestamp: +212510994.880613963
+ Extension fields:
+ Unique Identifier (0x0104), length 36
+ NTS Authenticator and Encrypted Extension Fields (0x0404), length 248
--- /dev/null
+ 1 13:23:30.254335 IP (tos 0x0, ttl 64, id 62645, offset 0, flags [DF], proto UDP (17), length 360)
+ 10.43.135.229.57551 > 162.159.200.123.123: [udp sum ok] NTPv4, Client, length 332
+ Leap indicator: (0), Stratum 0 (unspecified), poll 6 (64s), precision 32
+ Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
+ Reference Timestamp: 0.000000000
+ Originator Timestamp: 0.000000000
+ Receive Timestamp: 0.000000000
+ Transmit Timestamp: 3656702015.307509582 (2015-11-16T22:33:35Z)
+ Originator - Receive Timestamp: 0.000000000
+ Originator - Transmit Timestamp: 3656702015.307509582 (2015-11-16T22:33:35Z)
+ Extension fields:
+ Unique Identifier (0x0104), length 36
+ 0x0000: 5cf0 6d70 94cf 5c5e 6ce9 2591 e9f6 7804
+ 0x0010: 132e 43b9 c0fe 6ef8 74ec d7ea b5d3 6ebf
+ NTS Cookie (0x0204), length 104
+ 0x0000: 00f4 ef40 9e5c 9d23 0bf4 74cb 3998 e81b
+ 0x0010: 86d0 9528 2582 60ae 3bc9 0c75 b072 548d
+ 0x0020: d975 ff2f dc9c 63c2 add1 9682 31e3 3b7d
+ 0x0030: a69f 7b4f 52ca b002 468f 8559 62d2 d71c
+ 0x0040: b597 99fd affc 5c62 1e51 2efc 7f5f 3304
+ 0x0050: 4591 d965 1943 d105 5a1d 651b b943 26a4
+ 0x0060: da8d c2ac
+ NTS Cookie Placeholder (0x0304), length 104
+ 0x0000: 0000 0000 0000 0000 0000 0000 0000 0000
+ 0x0010: 0000 0000 0000 0000 0000 0000 0000 0000
+ 0x0020: 0000 0000 0000 0000 0000 0000 0000 0000
+ 0x0030: 0000 0000 0000 0000 0000 0000 0000 0000
+ 0x0040: 0000 0000 0000 0000 0000 0000 0000 0000
+ 0x0050: 0000 0000 0000 0000 0000 0000 0000 0000
+ 0x0060: 0000 0000
+ NTS Authenticator and Encrypted Extension Fields (0x0404), length 40
+ 0x0000: 0010 0010 be30 1336 d3eb 3cad ce3e 94c1
+ 0x0010: 4fbb d155 35e9 37b9 638d faa3 c4c9 f1b8
+ 0x0020: 1e44 7d3d
+ 2 13:23:30.258867 IP (tos 0x0, ttl 55, id 41904, offset 0, flags [DF], proto UDP (17), length 360)
+ 162.159.200.123.123 > 10.43.135.229.57551: [udp sum ok] NTPv4, Server, length 332
+ Leap indicator: (0), Stratum 3 (secondary reference), poll 6 (64s), precision -25
+ Root Delay: 0.017074, Root dispersion: 0.000732, Reference-ID: 0x0a1f0880
+ Reference Timestamp: 3869212959.224956389 (2022-08-11T13:22:39Z)
+ Originator Timestamp: 3656702015.307509582 (2015-11-16T22:33:35Z)
+ Receive Timestamp: 3869213010.188058000 (2022-08-11T13:23:30Z)
+ Transmit Timestamp: 3869213010.188123546 (2022-08-11T13:23:30Z)
+ Originator - Receive Timestamp: +212510994.880548417
+ Originator - Transmit Timestamp: +212510994.880613963
+ Extension fields:
+ Unique Identifier (0x0104), length 36
+ 0x0000: 5cf0 6d70 94cf 5c5e 6ce9 2591 e9f6 7804
+ 0x0010: 132e 43b9 c0fe 6ef8 74ec d7ea b5d3 6ebf
+ NTS Authenticator and Encrypted Extension Fields (0x0404), length 248
+ 0x0000: 0010 00e0 ab9d f862 b575 6321 8cfa 5af5
+ 0x0010: 7fcb 7240 9873 8f06 7226 5215 5b45 c84a
+ 0x0020: aa20 bc62 0d2a 7b6c 4483 ad56 1748 4449
+ 0x0030: 0388 2a32 1eba 3a45 3333 d221 0e74 52e8
+ 0x0040: b417 81d4 5108 7718 459d 0c41 b187 89c3
+ 0x0050: c8d8 4eac 0b4d 59ac 7f4d 17b3 6af5 8cd1
+ 0x0060: d68f e861 cd62 a2b3 aa8e f59a de35 387f
+ 0x0070: d0d0 7d8d 4b0c afd7 858f dbfb 6627 8cfc
+ 0x0080: fff8 90da 1e30 dffe 37fb 8610 98b5 5fca
+ 0x0090: 51cc 6bd7 4402 3568 4107 90bf 42ca 83e9
+ 0x00a0: 03c7 ba3a 99cc fcae ea20 4e82 752d 8e0e
+ 0x00b0: 6b78 1f0d ec76 5b0d 4e66 3e0b d238 d927
+ 0x00c0: 7509 f83d 8930 1b22 1a8e cf64 547e 7728
+ 0x00d0: 28b4 0abb d663 7704 7ed3 a3f1 1f2c 3bde
+ 0x00e0: ac56 0cf6 3ed7 efbb 17a8 7cf6 bfbb c900
+ 0x00f0: 83a9 00b9
--- /dev/null
+ 1 13:23:30.254335 IP 10.43.135.229.57551 > 162.159.200.123.123: NTPv4, Client, length 332
+ 2 13:23:30.258867 IP 162.159.200.123.123 > 10.43.135.229.57551: NTPv4, Server, length 332
projects / tcpdump / commitdiff
