1 /*
2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Format and print ntp packets.
22 * By Jeffrey Mogul/DECWRL
23 * loosely based on print-bootp.c
24 */
25
26 #define NETDISSECT_REWORKED
27 #ifdef HAVE_CONFIG_H
28 #include "config.h"
29 #endif
30
31 #include <tcpdump-stdinc.h>
32
33 #ifdef HAVE_STRFTIME
34 #include <time.h>
35 #endif
36
37 #include "interface.h"
38 #include "addrtoname.h"
39 #include "extract.h"
40
41 /*
42 * Based on ntp.h from the U of MD implementation
43 * This file is based on Version 2 of the NTP spec (RFC1119).
44 */
45
46 /*
47 * Definitions for the masses
48 */
49 #define JAN_1970 2208988800U /* 1970 - 1900 in seconds */
50
51 /*
52 * Structure definitions for NTP fixed point values
53 *
54 * 0 1 2 3
55 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
56 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
57 * | Integer Part |
58 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
59 * | Fraction Part |
60 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
61 *
62 * 0 1 2 3
63 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
64 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
65 * | Integer Part | Fraction Part |
66 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
67 */
68 struct l_fixedpt {
69 uint32_t int_part;
70 uint32_t fraction;
71 };
72
73 struct s_fixedpt {
74 uint16_t int_part;
75 uint16_t fraction;
76 };
77
78 /* rfc2030
79 * 1 2 3
80 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
81 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
82 * |LI | VN |Mode | Stratum | Poll | Precision |
83 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
84 * | Root Delay |
85 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
86 * | Root Dispersion |
87 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
88 * | Reference Identifier |
89 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
90 * | |
91 * | Reference Timestamp (64) |
92 * | |
93 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
94 * | |
95 * | Originate Timestamp (64) |
96 * | |
97 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
98 * | |
99 * | Receive Timestamp (64) |
100 * | |
101 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
102 * | |
103 * | Transmit Timestamp (64) |
104 * | |
105 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
106 * | Key Identifier (optional) (32) |
107 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
108 * | |
109 * | |
110 * | Message Digest (optional) (128) |
111 * | |
112 * | |
113 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
114 */
115
116 struct ntpdata {
117 u_char status; /* status of local clock and leap info */
118 u_char stratum; /* Stratum level */
119 u_char ppoll; /* poll value */
120 int precision:8;
121 struct s_fixedpt root_delay;
122 struct s_fixedpt root_dispersion;
123 uint32_t refid;
124 struct l_fixedpt ref_timestamp;
125 struct l_fixedpt org_timestamp;
126 struct l_fixedpt rec_timestamp;
127 struct l_fixedpt xmt_timestamp;
128 uint32_t key_id;
129 uint8_t message_digest[16];
130 };
131 /*
132 * Leap Second Codes (high order two bits)
133 */
134 #define NO_WARNING 0x00 /* no warning */
135 #define PLUS_SEC 0x40 /* add a second (61 seconds) */
136 #define MINUS_SEC 0x80 /* minus a second (59 seconds) */
137 #define ALARM 0xc0 /* alarm condition (clock unsynchronized) */
138
139 /*
140 * Clock Status Bits that Encode Version
141 */
142 #define NTPVERSION_1 0x08
143 #define VERSIONMASK 0x38
144 #define LEAPMASK 0xc0
145 #ifdef MODEMASK
146 #undef MODEMASK /* Solaris sucks */
147 #endif
148 #define MODEMASK 0x07
149
150 /*
151 * Code values
152 */
153 #define MODE_UNSPEC 0 /* unspecified */
154 #define MODE_SYM_ACT 1 /* symmetric active */
155 #define MODE_SYM_PAS 2 /* symmetric passive */
156 #define MODE_CLIENT 3 /* client */
157 #define MODE_SERVER 4 /* server */
158 #define MODE_BROADCAST 5 /* broadcast */
159 #define MODE_RES1 6 /* reserved */
160 #define MODE_RES2 7 /* reserved */
161
162 /*
163 * Stratum Definitions
164 */
165 #define UNSPECIFIED 0
166 #define PRIM_REF 1 /* radio clock */
167 #define INFO_QUERY 62 /* **** THIS implementation dependent **** */
168 #define INFO_REPLY 63 /* **** THIS implementation dependent **** */
169
170 static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *);
171 static void p_ntp_time(netdissect_options *, const struct l_fixedpt *);
172 static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *);
173
174 static const struct tok ntp_mode_values[] = {
175 { MODE_UNSPEC, "unspecified" },
176 { MODE_SYM_ACT, "symmetric active" },
177 { MODE_SYM_PAS, "symmetric passive" },
178 { MODE_CLIENT, "Client" },
179 { MODE_SERVER, "Server" },
180 { MODE_BROADCAST, "Broadcast" },
181 { MODE_RES1, "Reserved" },
182 { MODE_RES2, "Reserved" },
183 { 0, NULL }
184 };
185
186 static const struct tok ntp_leapind_values[] = {
187 { NO_WARNING, "" },
188 { PLUS_SEC, "+1s" },
189 { MINUS_SEC, "-1s" },
190 { ALARM, "clock unsynchronized" },
191 { 0, NULL }
192 };
193
194 static const struct tok ntp_stratum_values[] = {
195 { UNSPECIFIED, "unspecified" },
196 { PRIM_REF, "primary reference" },
197 { 0, NULL }
198 };
199
200 /*
201 * Print ntp requests
202 */
203 void
ntp_print(netdissect_options * ndo,register const u_char * cp,u_int length)204 ntp_print(netdissect_options *ndo,
205 register const u_char *cp, u_int length)
206 {
207 register const struct ntpdata *bp;
208 int mode, version, leapind;
209
210 bp = (struct ntpdata *)cp;
211
212 ND_TCHECK(bp->status);
213
214 version = (int)(bp->status & VERSIONMASK) >> 3;
215 ND_PRINT((ndo, "NTPv%d", version));
216
217 mode = bp->status & MODEMASK;
218 if (!ndo->ndo_vflag) {
219 ND_PRINT((ndo, ", %s, length %u",
220 tok2str(ntp_mode_values, "Unknown mode", mode),
221 length));
222 return;
223 }
224
225 ND_PRINT((ndo, ", length %u\n\t%s",
226 length,
227 tok2str(ntp_mode_values, "Unknown mode", mode)));
228
229 leapind = bp->status & LEAPMASK;
230 ND_PRINT((ndo, ", Leap indicator: %s (%u)",
231 tok2str(ntp_leapind_values, "Unknown", leapind),
232 leapind));
233
234 ND_TCHECK(bp->stratum);
235 ND_PRINT((ndo, ", Stratum %u (%s)",
236 bp->stratum,
237 tok2str(ntp_stratum_values, (bp->stratum >=2 && bp->stratum<=15) ? "secondary reference" : "reserved", bp->stratum)));
238
239 ND_TCHECK(bp->ppoll);
240 ND_PRINT((ndo, ", poll %u (%us)", bp->ppoll, 1 << bp->ppoll));
241
242 /* Can't ND_TCHECK bp->precision bitfield so bp->distance + 0 instead */
243 ND_TCHECK2(bp->root_delay, 0);
244 ND_PRINT((ndo, ", precision %d", bp->precision));
245
246 ND_TCHECK(bp->root_delay);
247 ND_PRINT((ndo, "\n\tRoot Delay: "));
248 p_sfix(ndo, &bp->root_delay);
249
250 ND_TCHECK(bp->root_dispersion);
251 ND_PRINT((ndo, ", Root dispersion: "));
252 p_sfix(ndo, &bp->root_dispersion);
253
254 ND_TCHECK(bp->refid);
255 ND_PRINT((ndo, ", Reference-ID: "));
256 /* Interpretation depends on stratum */
257 switch (bp->stratum) {
258
259 case UNSPECIFIED:
260 ND_PRINT((ndo, "(unspec)"));
261 break;
262
263 case PRIM_REF:
264 if (fn_printn(ndo, (u_char *)&(bp->refid), 4, ndo->ndo_snapend))
265 goto trunc;
266 break;
267
268 case INFO_QUERY:
269 ND_PRINT((ndo, "%s INFO_QUERY", ipaddr_string(ndo, &(bp->refid))));
270 /* this doesn't have more content */
271 return;
272
273 case INFO_REPLY:
274 ND_PRINT((ndo, "%s INFO_REPLY", ipaddr_string(ndo, &(bp->refid))));
275 /* this is too complex to be worth printing */
276 return;
277
278 default:
279 ND_PRINT((ndo, "%s", ipaddr_string(ndo, &(bp->refid))));
280 break;
281 }
282
283 ND_TCHECK(bp->ref_timestamp);
284 ND_PRINT((ndo, "\n\t Reference Timestamp: "));
285 p_ntp_time(ndo, &(bp->ref_timestamp));
286
287 ND_TCHECK(bp->org_timestamp);
288 ND_PRINT((ndo, "\n\t Originator Timestamp: "));
289 p_ntp_time(ndo, &(bp->org_timestamp));
290
291 ND_TCHECK(bp->rec_timestamp);
292 ND_PRINT((ndo, "\n\t Receive Timestamp: "));
293 p_ntp_time(ndo, &(bp->rec_timestamp));
294
295 ND_TCHECK(bp->xmt_timestamp);
296 ND_PRINT((ndo, "\n\t Transmit Timestamp: "));
297 p_ntp_time(ndo, &(bp->xmt_timestamp));
298
299 ND_PRINT((ndo, "\n\t Originator - Receive Timestamp: "));
300 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->rec_timestamp));
301
302 ND_PRINT((ndo, "\n\t Originator - Transmit Timestamp: "));
303 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
304
305 if ( (sizeof(struct ntpdata) - length) == 16) { /* Optional: key-id */
306 ND_TCHECK(bp->key_id);
307 ND_PRINT((ndo, "\n\tKey id: %u", bp->key_id));
308 } else if ( (sizeof(struct ntpdata) - length) == 0) { /* Optional: key-id + authentication */
309 ND_TCHECK(bp->key_id);
310 ND_PRINT((ndo, "\n\tKey id: %u", bp->key_id));
311 ND_TCHECK2(bp->message_digest, sizeof (bp->message_digest));
312 ND_PRINT((ndo, "\n\tAuthentication: %08x%08x%08x%08x",
313 EXTRACT_32BITS(bp->message_digest),
314 EXTRACT_32BITS(bp->message_digest + 4),
315 EXTRACT_32BITS(bp->message_digest + 8),
316 EXTRACT_32BITS(bp->message_digest + 12)));
317 }
318 return;
319
320 trunc:
321 ND_PRINT((ndo, " [|ntp]"));
322 }
323
324 static void
p_sfix(netdissect_options * ndo,register const struct s_fixedpt * sfp)325 p_sfix(netdissect_options *ndo,
326 register const struct s_fixedpt *sfp)
327 {
328 register int i;
329 register int f;
330 register float ff;
331
332 i = EXTRACT_16BITS(&sfp->int_part);
333 f = EXTRACT_16BITS(&sfp->fraction);
334 ff = f / 65536.0; /* shift radix point by 16 bits */
335 f = ff * 1000000.0; /* Treat fraction as parts per million */
336 ND_PRINT((ndo, "%d.%06d", i, f));
337 }
338
339 #define FMAXINT (4294967296.0) /* floating point rep. of MAXINT */
340
341 static void
p_ntp_time(netdissect_options * ndo,register const struct l_fixedpt * lfp)342 p_ntp_time(netdissect_options *ndo,
343 register const struct l_fixedpt *lfp)
344 {
345 register int32_t i;
346 register uint32_t uf;
347 register uint32_t f;
348 register float ff;
349
350 i = EXTRACT_32BITS(&lfp->int_part);
351 uf = EXTRACT_32BITS(&lfp->fraction);
352 ff = uf;
353 if (ff < 0.0) /* some compilers are buggy */
354 ff += FMAXINT;
355 ff = ff / FMAXINT; /* shift radix point by 32 bits */
356 f = ff * 1000000000.0; /* treat fraction as parts per billion */
357 ND_PRINT((ndo, "%u.%09d", i, f));
358
359 #ifdef HAVE_STRFTIME
360 /*
361 * print the time in human-readable format.
362 */
363 if (i) {
364 time_t seconds = i - JAN_1970;
365 struct tm *tm;
366 char time_buf[128];
367
368 tm = localtime(&seconds);
369 strftime(time_buf, sizeof (time_buf), "%Y/%m/%d %H:%M:%S", tm);
370 ND_PRINT((ndo, " (%s)", time_buf));
371 }
372 #endif
373 }
374
375 /* Prints time difference between *lfp and *olfp */
376 static void
p_ntp_delta(netdissect_options * ndo,register const struct l_fixedpt * olfp,register const struct l_fixedpt * lfp)377 p_ntp_delta(netdissect_options *ndo,
378 register const struct l_fixedpt *olfp,
379 register const struct l_fixedpt *lfp)
380 {
381 register int32_t i;
382 register uint32_t u, uf;
383 register uint32_t ou, ouf;
384 register uint32_t f;
385 register float ff;
386 int signbit;
387
388 u = EXTRACT_32BITS(&lfp->int_part);
389 ou = EXTRACT_32BITS(&olfp->int_part);
390 uf = EXTRACT_32BITS(&lfp->fraction);
391 ouf = EXTRACT_32BITS(&olfp->fraction);
392 if (ou == 0 && ouf == 0) {
393 p_ntp_time(ndo, lfp);
394 return;
395 }
396
397 i = u - ou;
398
399 if (i > 0) { /* new is definitely greater than old */
400 signbit = 0;
401 f = uf - ouf;
402 if (ouf > uf) /* must borrow from high-order bits */
403 i -= 1;
404 } else if (i < 0) { /* new is definitely less than old */
405 signbit = 1;
406 f = ouf - uf;
407 if (uf > ouf) /* must carry into the high-order bits */
408 i += 1;
409 i = -i;
410 } else { /* int_part is zero */
411 if (uf > ouf) {
412 signbit = 0;
413 f = uf - ouf;
414 } else {
415 signbit = 1;
416 f = ouf - uf;
417 }
418 }
419
420 ff = f;
421 if (ff < 0.0) /* some compilers are buggy */
422 ff += FMAXINT;
423 ff = ff / FMAXINT; /* shift radix point by 32 bits */
424 f = ff * 1000000000.0; /* treat fraction as parts per billion */
425 ND_PRINT((ndo, "%s%d.%09d", signbit ? "-" : "+", i, f));
426 }
427
428