1 /*
2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * By Jeffrey Mogul/DECWRL
22 * loosely based on print-bootp.c
23 */
24
25 /* \summary: Network Time Protocol (NTP) printer */
26
27 /*
28 * specification:
29 *
30 * RFC 1119 - NTPv2
31 * RFC 1305 - NTPv3
32 * RFC 5905 - NTPv4
33 */
34
35 #include <config.h>
36
37 #include "netdissect-stdinc.h"
38
39 #include "netdissect.h"
40 #include "addrtoname.h"
41 #include "extract.h"
42
43 #include "ntp.h"
44
45 /*
46 * Based on ntp.h from the U of MD implementation
47 * This file is based on Version 2 of the NTP spec (RFC1119).
48 */
49
50 /* rfc2030
51 * 1 2 3
52 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
53 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
54 * |LI | VN |Mode | Stratum | Poll | Precision |
55 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
56 * | Root Delay |
57 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
58 * | Root Dispersion |
59 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
60 * | Reference Identifier |
61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
62 * | |
63 * | Reference Timestamp (64) |
64 * | |
65 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
66 * | |
67 * | Originate Timestamp (64) |
68 * | |
69 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
70 * | |
71 * | Receive Timestamp (64) |
72 * | |
73 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
74 * | |
75 * | Transmit Timestamp (64) |
76 * | |
77 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
78 * | Key Identifier (optional) (32) |
79 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
80 * | |
81 * | |
82 * | Message Digest (optional) (128) |
83 * | |
84 * | |
85 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
86 */
87
88 /* Length of the NTP data message with the mandatory fields ("the header")
89 * and without any optional fields (extension, Key Identifier,
90 * Message Digest).
91 */
92 #define NTP_TIMEMSG_MINLEN 48U
93
94 struct ntp_time_data {
95 nd_uint8_t status; /* status of local clock and leap info */
96 nd_uint8_t stratum; /* Stratum level */
97 nd_int8_t ppoll; /* poll value */
98 nd_int8_t precision;
99 struct s_fixedpt root_delay;
100 struct s_fixedpt root_dispersion;
101 nd_uint32_t refid;
102 struct l_fixedpt ref_timestamp;
103 struct l_fixedpt org_timestamp;
104 struct l_fixedpt rec_timestamp;
105 struct l_fixedpt xmt_timestamp;
106 nd_uint32_t key_id;
107 nd_uint8_t message_digest[20];
108 };
109 /*
110 * Leap Second Codes (high order two bits)
111 */
112 #define NO_WARNING 0x00 /* no warning */
113 #define PLUS_SEC 0x40 /* add a second (61 seconds) */
114 #define MINUS_SEC 0x80 /* minus a second (59 seconds) */
115 #define ALARM 0xc0 /* alarm condition (clock unsynchronized) */
116
117 /*
118 * Clock Status Bits that Encode Version
119 */
120 #define NTPVERSION_1 0x08
121 #define VERSIONMASK 0x38
122 #define VERSIONSHIFT 3
123 #define LEAPMASK 0xc0
124 #define LEAPSHIFT 6
125 #ifdef MODEMASK
126 #undef MODEMASK /* Solaris sucks */
127 #endif
128 #define MODEMASK 0x07
129 #define MODESHIFT 0
130
131 /*
132 * Code values
133 */
134 #define MODE_UNSPEC 0 /* unspecified */
135 #define MODE_SYM_ACT 1 /* symmetric active */
136 #define MODE_SYM_PAS 2 /* symmetric passive */
137 #define MODE_CLIENT 3 /* client */
138 #define MODE_SERVER 4 /* server */
139 #define MODE_BROADCAST 5 /* broadcast */
140 #define MODE_CONTROL 6 /* control message */
141 #define MODE_RES2 7 /* reserved */
142
143 /*
144 * Stratum Definitions
145 */
146 #define UNSPECIFIED 0
147 #define PRIM_REF 1 /* radio clock */
148 #define INFO_QUERY 62 /* **** THIS implementation dependent **** */
149 #define INFO_REPLY 63 /* **** THIS implementation dependent **** */
150
151 static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *);
152 static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *);
153 static void p_poll(netdissect_options *, const int);
154
155 static const struct tok ntp_mode_values[] = {
156 { MODE_UNSPEC, "unspecified" },
157 { MODE_SYM_ACT, "symmetric active" },
158 { MODE_SYM_PAS, "symmetric passive" },
159 { MODE_CLIENT, "Client" },
160 { MODE_SERVER, "Server" },
161 { MODE_BROADCAST, "Broadcast" },
162 { MODE_CONTROL, "Control Message" },
163 { MODE_RES2, "Reserved" },
164 { 0, NULL }
165 };
166
167 static const struct tok ntp_leapind_values[] = {
168 { NO_WARNING, "" },
169 { PLUS_SEC, "+1s" },
170 { MINUS_SEC, "-1s" },
171 { ALARM, "clock unsynchronized" },
172 { 0, NULL }
173 };
174
175 static const struct tok ntp_stratum_values[] = {
176 { UNSPECIFIED, "unspecified" },
177 { PRIM_REF, "primary reference" },
178 { 0, NULL }
179 };
180
181 /* draft-ietf-ntp-mode-6-cmds-02
182 * 0 1 2 3
183 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
184 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
185 * |LI | VN |Mode |R|E|M| OpCode | Sequence Number |
186 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
187 * | Status | Association ID |
188 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
189 * | Offset | Count |
190 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
191 * | |
192 * / Data (up to 468 bytes) /
193 * | |
194 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
195 * | Padding (optional) |
196 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
197 * | |
198 * / Authenticator (optional, 96 bytes) /
199 * | |
200 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
201 *
202 * Figure 1: NTP Control Message Header
203 */
204
205 /* Length of the NTP control message with the mandatory fields ("the header")
206 * and without any optional fields (Data, Padding, Authenticator).
207 */
208 #define NTP_CTRLMSG_MINLEN 12U
209
210 struct ntp_control_data {
211 nd_uint8_t magic; /* LI, VN, Mode */
212 nd_uint8_t control; /* R, E, M, OpCode */
213 nd_uint16_t sequence; /* Sequence Number */
214 nd_uint16_t status; /* Status */
215 nd_uint16_t assoc; /* Association ID */
216 nd_uint16_t offset; /* Offset */
217 nd_uint16_t count; /* Count */
218 nd_uint8_t data[564]; /* Data, [Padding, [Authenticator]] */
219 };
220
221 /*
222 * Print NTP time requests and responses
223 */
224 static void
ntp_time_print(netdissect_options * ndo,const struct ntp_time_data * bp,u_int length)225 ntp_time_print(netdissect_options *ndo,
226 const struct ntp_time_data *bp, u_int length)
227 {
228 uint8_t stratum;
229
230 if (length < NTP_TIMEMSG_MINLEN)
231 goto invalid;
232
233 stratum = GET_U_1(bp->stratum);
234 ND_PRINT(", Stratum %u (%s)",
235 stratum,
236 tok2str(ntp_stratum_values, (stratum >=2 && stratum<=15) ? "secondary reference" : "reserved", stratum));
237
238 ND_PRINT(", poll %d", GET_S_1(bp->ppoll));
239 p_poll(ndo, GET_S_1(bp->ppoll));
240
241 ND_PRINT(", precision %d", GET_S_1(bp->precision));
242
243 ND_TCHECK_SIZE(&bp->root_delay);
244 ND_PRINT("\n\tRoot Delay: ");
245 p_sfix(ndo, &bp->root_delay);
246
247 ND_TCHECK_SIZE(&bp->root_dispersion);
248 ND_PRINT(", Root dispersion: ");
249 p_sfix(ndo, &bp->root_dispersion);
250
251 ND_TCHECK_4(bp->refid);
252 ND_PRINT(", Reference-ID: ");
253 /* Interpretation depends on stratum */
254 switch (stratum) {
255
256 case UNSPECIFIED:
257 ND_PRINT("(unspec)");
258 break;
259
260 case PRIM_REF:
261 if (nd_printn(ndo, (const u_char *)&(bp->refid), 4, ndo->ndo_snapend))
262 goto trunc;
263 break;
264
265 case INFO_QUERY:
266 ND_PRINT("%s INFO_QUERY", GET_IPADDR_STRING(bp->refid));
267 /* this doesn't have more content */
268 return;
269
270 case INFO_REPLY:
271 ND_PRINT("%s INFO_REPLY", GET_IPADDR_STRING(bp->refid));
272 /* this is too complex to be worth printing */
273 return;
274
275 default:
276 /* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of
277 MD5 sum of IPv6 address */
278 ND_PRINT("0x%08x", GET_BE_U_4(bp->refid));
279 break;
280 }
281
282 ND_TCHECK_SIZE(&bp->ref_timestamp);
283 ND_PRINT("\n\t Reference Timestamp: ");
284 p_ntp_time(ndo, &(bp->ref_timestamp));
285
286 ND_TCHECK_SIZE(&bp->org_timestamp);
287 ND_PRINT("\n\t Originator Timestamp: ");
288 p_ntp_time(ndo, &(bp->org_timestamp));
289
290 ND_TCHECK_SIZE(&bp->rec_timestamp);
291 ND_PRINT("\n\t Receive Timestamp: ");
292 p_ntp_time(ndo, &(bp->rec_timestamp));
293
294 ND_TCHECK_SIZE(&bp->xmt_timestamp);
295 ND_PRINT("\n\t Transmit Timestamp: ");
296 p_ntp_time(ndo, &(bp->xmt_timestamp));
297
298 ND_PRINT("\n\t Originator - Receive Timestamp: ");
299 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->rec_timestamp));
300
301 ND_PRINT("\n\t Originator - Transmit Timestamp: ");
302 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
303
304 /* FIXME: this code is not aware of any extension fields */
305 if (length == NTP_TIMEMSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */
306 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
307 } else if (length == NTP_TIMEMSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */
308 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
309 ND_TCHECK_LEN(bp->message_digest, 16);
310 ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x",
311 GET_BE_U_4(bp->message_digest),
312 GET_BE_U_4(bp->message_digest + 4),
313 GET_BE_U_4(bp->message_digest + 8),
314 GET_BE_U_4(bp->message_digest + 12));
315 } else if (length == NTP_TIMEMSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */
316 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
317 ND_TCHECK_LEN(bp->message_digest, 20);
318 ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x%08x",
319 GET_BE_U_4(bp->message_digest),
320 GET_BE_U_4(bp->message_digest + 4),
321 GET_BE_U_4(bp->message_digest + 8),
322 GET_BE_U_4(bp->message_digest + 12),
323 GET_BE_U_4(bp->message_digest + 16));
324 } else if (length > NTP_TIMEMSG_MINLEN) {
325 ND_PRINT("\n\t(%u more bytes after the header)", length - NTP_TIMEMSG_MINLEN);
326 }
327 return;
328
329 invalid:
330 nd_print_invalid(ndo);
331 ND_TCHECK_LEN(bp, length);
332 return;
333
334 trunc:
335 nd_print_trunc(ndo);
336 }
337
338 /*
339 * Print NTP control message requests and responses
340 */
341 static void
ntp_control_print(netdissect_options * ndo,const struct ntp_control_data * cd,u_int length)342 ntp_control_print(netdissect_options *ndo,
343 const struct ntp_control_data *cd, u_int length)
344 {
345 uint8_t control, R, E, M, opcode;
346 uint16_t sequence, status, assoc, offset, count;
347
348 if (length < NTP_CTRLMSG_MINLEN)
349 goto invalid;
350
351 control = GET_U_1(cd->control);
352 R = (control & 0x80) != 0;
353 E = (control & 0x40) != 0;
354 M = (control & 0x20) != 0;
355 opcode = control & 0x1f;
356 ND_PRINT(", %s, %s, %s, OpCode=%u\n",
357 R ? "Response" : "Request", E ? "Error" : "OK",
358 M ? "More" : "Last", opcode);
359
360 sequence = GET_BE_U_2(cd->sequence);
361 ND_PRINT("\tSequence=%hu", sequence);
362
363 status = GET_BE_U_2(cd->status);
364 ND_PRINT(", Status=%#hx", status);
365
366 assoc = GET_BE_U_2(cd->assoc);
367 ND_PRINT(", Assoc.=%hu", assoc);
368
369 offset = GET_BE_U_2(cd->offset);
370 ND_PRINT(", Offset=%hu", offset);
371
372 count = GET_BE_U_2(cd->count);
373 ND_PRINT(", Count=%hu", count);
374
375 if (NTP_CTRLMSG_MINLEN + count > length)
376 goto invalid;
377 if (count != 0) {
378 ND_TCHECK_LEN(cd->data, count);
379 ND_PRINT("\n\tTO-BE-DONE: data not interpreted");
380 }
381 return;
382
383 invalid:
384 nd_print_invalid(ndo);
385 ND_TCHECK_LEN(cd, length);
386 return;
387
388 trunc:
389 nd_print_trunc(ndo);
390 }
391
392 union ntpdata {
393 struct ntp_time_data td;
394 struct ntp_control_data cd;
395 };
396
397 /*
398 * Print NTP requests, handling the common VN, LI, and Mode
399 */
400 void
ntp_print(netdissect_options * ndo,const u_char * cp,u_int length)401 ntp_print(netdissect_options *ndo,
402 const u_char *cp, u_int length)
403 {
404 const union ntpdata *bp = (const union ntpdata *)cp;
405 u_int mode, version, leapind;
406 uint8_t status;
407
408 ndo->ndo_protocol = "ntp";
409 status = GET_U_1(bp->td.status);
410
411 version = (status & VERSIONMASK) >> VERSIONSHIFT;
412 ND_PRINT("NTPv%u", version);
413
414 mode = (status & MODEMASK) >> MODESHIFT;
415 if (!ndo->ndo_vflag) {
416 ND_PRINT(", %s, length %u",
417 tok2str(ntp_mode_values, "Unknown mode", mode),
418 length);
419 return;
420 }
421
422 ND_PRINT(", %s, length %u\n",
423 tok2str(ntp_mode_values, "Unknown mode", mode), length);
424
425 /* leapind = (status & LEAPMASK) >> LEAPSHIFT; */
426 leapind = (status & LEAPMASK);
427 ND_PRINT("\tLeap indicator: %s (%u)",
428 tok2str(ntp_leapind_values, "Unknown", leapind),
429 leapind);
430
431 switch (mode) {
432
433 case MODE_UNSPEC:
434 case MODE_SYM_ACT:
435 case MODE_SYM_PAS:
436 case MODE_CLIENT:
437 case MODE_SERVER:
438 case MODE_BROADCAST:
439 ntp_time_print(ndo, &bp->td, length);
440 break;
441
442 case MODE_CONTROL:
443 ntp_control_print(ndo, &bp->cd, length);
444 break;
445
446 default:
447 break; /* XXX: not implemented! */
448 }
449 }
450
451 static void
p_sfix(netdissect_options * ndo,const struct s_fixedpt * sfp)452 p_sfix(netdissect_options *ndo,
453 const struct s_fixedpt *sfp)
454 {
455 int i;
456 int f;
457 double ff;
458
459 i = GET_BE_U_2(sfp->int_part);
460 f = GET_BE_U_2(sfp->fraction);
461 ff = f / 65536.0; /* shift radix point by 16 bits */
462 f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */
463 ND_PRINT("%d.%06d", i, f);
464 }
465
466 /* Prints time difference between *lfp and *olfp */
467 static void
p_ntp_delta(netdissect_options * ndo,const struct l_fixedpt * olfp,const struct l_fixedpt * lfp)468 p_ntp_delta(netdissect_options *ndo,
469 const struct l_fixedpt *olfp,
470 const struct l_fixedpt *lfp)
471 {
472 uint32_t u, uf;
473 uint32_t ou, ouf;
474 uint32_t i;
475 uint32_t f;
476 double ff;
477 int signbit;
478
479 u = GET_BE_U_4(lfp->int_part);
480 ou = GET_BE_U_4(olfp->int_part);
481 uf = GET_BE_U_4(lfp->fraction);
482 ouf = GET_BE_U_4(olfp->fraction);
483 if (ou == 0 && ouf == 0) {
484 p_ntp_time(ndo, lfp);
485 return;
486 }
487
488 if (u > ou) { /* new is definitely greater than old */
489 signbit = 0;
490 i = u - ou;
491 f = uf - ouf;
492 if (ouf > uf) /* must borrow from high-order bits */
493 i -= 1;
494 } else if (u < ou) { /* new is definitely less than old */
495 signbit = 1;
496 i = ou - u;
497 f = ouf - uf;
498 if (uf > ouf) /* must borrow from the high-order bits */
499 i -= 1;
500 } else { /* int_part is zero */
501 i = 0;
502 if (uf > ouf) {
503 signbit = 0;
504 f = uf - ouf;
505 } else {
506 signbit = 1;
507 f = ouf - uf;
508 }
509 }
510
511 ff = f;
512 if (ff < 0.0) /* some compilers are buggy */
513 ff += FMAXINT;
514 ff = ff / FMAXINT; /* shift radix point by 32 bits */
515 f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */
516 ND_PRINT("%s%u.%09u", signbit ? "-" : "+", i, f);
517 }
518
519 /* Prints polling interval in log2 as seconds or fraction of second */
520 static void
p_poll(netdissect_options * ndo,const int poll_interval)521 p_poll(netdissect_options *ndo,
522 const int poll_interval)
523 {
524 if (poll_interval <= -32 || poll_interval >= 32)
525 return;
526
527 if (poll_interval >= 0)
528 ND_PRINT(" (%us)", 1U << poll_interval);
529 else
530 ND_PRINT(" (1/%us)", 1U << -poll_interval);
531 }
532
533