1 /*
2  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that: (1) source code distributions
7  * retain the above copyright notice and this paragraph in its entirety, (2)
8  * distributions including binary code include the above copyright notice and
9  * this paragraph in its entirety in the documentation or other materials
10  * provided with the distribution, and (3) all advertising materials mentioning
11  * features or use of this software display the following acknowledgement:
12  * ``This product includes software developed by the University of California,
13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14  * the University nor the names of its contributors may be used to endorse
15  * or promote products derived from this software without specific prior
16  * written permission.
17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20  *
21  *	By Jeffrey Mogul/DECWRL
22  *	loosely based on print-bootp.c
23  */
24 
25 /* \summary: Network Time Protocol (NTP) printer */
26 
27 /*
28  * specification:
29  *
30  * RFC 1119 - NTPv2
31  * RFC 1305 - NTPv3
32  * RFC 5905 - NTPv4
33  */
34 
35 #include <config.h>
36 
37 #include "netdissect-stdinc.h"
38 
39 #include "netdissect.h"
40 #include "addrtoname.h"
41 #include "extract.h"
42 
43 #include "ntp.h"
44 
45 /*
46  * Based on ntp.h from the U of MD implementation
47  *	This file is based on Version 2 of the NTP spec (RFC1119).
48  */
49 
50 /* rfc2030
51  *                      1                   2                   3
52  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
53  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
54  * |LI | VN  |Mode |    Stratum    |     Poll      |   Precision   |
55  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
56  * |                          Root Delay                           |
57  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
58  * |                       Root Dispersion                         |
59  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
60  * |                     Reference Identifier                      |
61  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
62  * |                                                               |
63  * |                   Reference Timestamp (64)                    |
64  * |                                                               |
65  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
66  * |                                                               |
67  * |                   Originate Timestamp (64)                    |
68  * |                                                               |
69  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
70  * |                                                               |
71  * |                    Receive Timestamp (64)                     |
72  * |                                                               |
73  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
74  * |                                                               |
75  * |                    Transmit Timestamp (64)                    |
76  * |                                                               |
77  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
78  * |                 Key Identifier (optional) (32)                |
79  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
80  * |                                                               |
81  * |                                                               |
82  * |                 Message Digest (optional) (128)               |
83  * |                                                               |
84  * |                                                               |
85  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
86  */
87 
88 /* Length of the NTP data message with the mandatory fields ("the header")
89  * and without any optional fields (extension, Key Identifier,
90  * Message Digest).
91  */
92 #define NTP_TIMEMSG_MINLEN 48U
93 
94 struct ntp_time_data {
95 	nd_uint8_t status;		/* status of local clock and leap info */
96 	nd_uint8_t stratum;		/* Stratum level */
97 	nd_int8_t ppoll;		/* poll value */
98 	nd_int8_t precision;
99 	struct s_fixedpt root_delay;
100 	struct s_fixedpt root_dispersion;
101 	nd_uint32_t refid;
102 	struct l_fixedpt ref_timestamp;
103 	struct l_fixedpt org_timestamp;
104 	struct l_fixedpt rec_timestamp;
105 	struct l_fixedpt xmt_timestamp;
106 	nd_uint32_t key_id;
107 	nd_uint8_t  message_digest[20];
108 };
109 /*
110  *	Leap Second Codes (high order two bits)
111  */
112 #define	NO_WARNING	0x00	/* no warning */
113 #define	PLUS_SEC	0x40	/* add a second (61 seconds) */
114 #define	MINUS_SEC	0x80	/* minus a second (59 seconds) */
115 #define	ALARM		0xc0	/* alarm condition (clock unsynchronized) */
116 
117 /*
118  *	Clock Status Bits that Encode Version
119  */
120 #define	NTPVERSION_1	0x08
121 #define	VERSIONMASK	0x38
122 #define	VERSIONSHIFT	3
123 #define LEAPMASK	0xc0
124 #define LEAPSHIFT	6
125 #ifdef MODEMASK
126 #undef MODEMASK					/* Solaris sucks */
127 #endif
128 #define	MODEMASK	0x07
129 #define	MODESHIFT	0
130 
131 /*
132  *	Code values
133  */
134 #define	MODE_UNSPEC	0	/* unspecified */
135 #define	MODE_SYM_ACT	1	/* symmetric active */
136 #define	MODE_SYM_PAS	2	/* symmetric passive */
137 #define	MODE_CLIENT	3	/* client */
138 #define	MODE_SERVER	4	/* server */
139 #define	MODE_BROADCAST	5	/* broadcast */
140 #define	MODE_CONTROL	6	/* control message */
141 #define	MODE_RES2	7	/* reserved */
142 
143 /*
144  *	Stratum Definitions
145  */
146 #define	UNSPECIFIED	0
147 #define	PRIM_REF	1	/* radio clock */
148 #define	INFO_QUERY	62	/* **** THIS implementation dependent **** */
149 #define	INFO_REPLY	63	/* **** THIS implementation dependent **** */
150 
151 static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *);
152 static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *);
153 static void p_poll(netdissect_options *, const int);
154 
155 static const struct tok ntp_mode_values[] = {
156     { MODE_UNSPEC,    "unspecified" },
157     { MODE_SYM_ACT,   "symmetric active" },
158     { MODE_SYM_PAS,   "symmetric passive" },
159     { MODE_CLIENT,    "Client" },
160     { MODE_SERVER,    "Server" },
161     { MODE_BROADCAST, "Broadcast" },
162     { MODE_CONTROL,   "Control Message" },
163     { MODE_RES2,      "Reserved" },
164     { 0, NULL }
165 };
166 
167 static const struct tok ntp_leapind_values[] = {
168     { NO_WARNING,     "" },
169     { PLUS_SEC,       "+1s" },
170     { MINUS_SEC,      "-1s" },
171     { ALARM,          "clock unsynchronized" },
172     { 0, NULL }
173 };
174 
175 static const struct tok ntp_stratum_values[] = {
176 	{ UNSPECIFIED,	"unspecified" },
177 	{ PRIM_REF,	"primary reference" },
178 	{ 0, NULL }
179 };
180 
181 /* draft-ietf-ntp-mode-6-cmds-02
182  *  0                   1                   2                   3
183  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
184  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
185  * |LI |  VN |Mode |R|E|M| OpCode  |       Sequence Number         |
186  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
187  * |            Status             |       Association ID          |
188  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
189  * |            Offset             |            Count              |
190  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
191  * |                                                               |
192  * /                    Data (up to 468 bytes)                     /
193  * |                                                               |
194  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
195  * |                    Padding (optional)                         |
196  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
197  * |                                                               |
198  * /              Authenticator (optional, 96 bytes)               /
199  * |                                                               |
200  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
201  *
202  *               Figure 1: NTP Control Message Header
203  */
204 
205 /* Length of the NTP control message with the mandatory fields ("the header")
206  * and without any optional fields (Data, Padding, Authenticator).
207  */
208 #define NTP_CTRLMSG_MINLEN 12U
209 
210 struct ntp_control_data {
211 	nd_uint8_t	magic;		/* LI, VN, Mode */
212 	nd_uint8_t	control;	/* R, E, M, OpCode */
213 	nd_uint16_t	sequence;	/* Sequence Number */
214 	nd_uint16_t	status;		/* Status */
215 	nd_uint16_t	assoc;		/* Association ID */
216 	nd_uint16_t	offset;		/* Offset */
217 	nd_uint16_t	count;		/* Count */
218 	nd_uint8_t	data[564];	/* Data, [Padding, [Authenticator]] */
219 };
220 
221 /*
222  * Print NTP time requests and responses
223  */
224 static void
ntp_time_print(netdissect_options * ndo,const struct ntp_time_data * bp,u_int length)225 ntp_time_print(netdissect_options *ndo,
226 	       const struct ntp_time_data *bp, u_int length)
227 {
228 	uint8_t stratum;
229 
230 	if (length < NTP_TIMEMSG_MINLEN)
231 		goto invalid;
232 
233 	stratum = GET_U_1(bp->stratum);
234 	ND_PRINT(", Stratum %u (%s)",
235 		stratum,
236 		tok2str(ntp_stratum_values, (stratum >=2 && stratum<=15) ? "secondary reference" : "reserved", stratum));
237 
238 	ND_PRINT(", poll %d", GET_S_1(bp->ppoll));
239 	p_poll(ndo, GET_S_1(bp->ppoll));
240 
241 	ND_PRINT(", precision %d", GET_S_1(bp->precision));
242 
243 	ND_TCHECK_SIZE(&bp->root_delay);
244 	ND_PRINT("\n\tRoot Delay: ");
245 	p_sfix(ndo, &bp->root_delay);
246 
247 	ND_TCHECK_SIZE(&bp->root_dispersion);
248 	ND_PRINT(", Root dispersion: ");
249 	p_sfix(ndo, &bp->root_dispersion);
250 
251 	ND_TCHECK_4(bp->refid);
252 	ND_PRINT(", Reference-ID: ");
253 	/* Interpretation depends on stratum */
254 	switch (stratum) {
255 
256 	case UNSPECIFIED:
257 		ND_PRINT("(unspec)");
258 		break;
259 
260 	case PRIM_REF:
261 		if (nd_printn(ndo, (const u_char *)&(bp->refid), 4, ndo->ndo_snapend))
262 			goto trunc;
263 		break;
264 
265 	case INFO_QUERY:
266 		ND_PRINT("%s INFO_QUERY", GET_IPADDR_STRING(bp->refid));
267 		/* this doesn't have more content */
268 		return;
269 
270 	case INFO_REPLY:
271 		ND_PRINT("%s INFO_REPLY", GET_IPADDR_STRING(bp->refid));
272 		/* this is too complex to be worth printing */
273 		return;
274 
275 	default:
276 		/* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of
277 		   MD5 sum of IPv6 address */
278 		ND_PRINT("0x%08x", GET_BE_U_4(bp->refid));
279 		break;
280 	}
281 
282 	ND_TCHECK_SIZE(&bp->ref_timestamp);
283 	ND_PRINT("\n\t  Reference Timestamp:  ");
284 	p_ntp_time(ndo, &(bp->ref_timestamp));
285 
286 	ND_TCHECK_SIZE(&bp->org_timestamp);
287 	ND_PRINT("\n\t  Originator Timestamp: ");
288 	p_ntp_time(ndo, &(bp->org_timestamp));
289 
290 	ND_TCHECK_SIZE(&bp->rec_timestamp);
291 	ND_PRINT("\n\t  Receive Timestamp:    ");
292 	p_ntp_time(ndo, &(bp->rec_timestamp));
293 
294 	ND_TCHECK_SIZE(&bp->xmt_timestamp);
295 	ND_PRINT("\n\t  Transmit Timestamp:   ");
296 	p_ntp_time(ndo, &(bp->xmt_timestamp));
297 
298 	ND_PRINT("\n\t    Originator - Receive Timestamp:  ");
299 	p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->rec_timestamp));
300 
301 	ND_PRINT("\n\t    Originator - Transmit Timestamp: ");
302 	p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
303 
304 	/* FIXME: this code is not aware of any extension fields */
305 	if (length == NTP_TIMEMSG_MINLEN + 4) {	/* Optional: key-id (crypto-NAK) */
306 		ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
307 	} else if (length == NTP_TIMEMSG_MINLEN + 4 + 16) {	/* Optional: key-id + 128-bit digest */
308 		ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
309 		ND_TCHECK_LEN(bp->message_digest, 16);
310 		ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x",
311 			 GET_BE_U_4(bp->message_digest),
312 			 GET_BE_U_4(bp->message_digest + 4),
313 			 GET_BE_U_4(bp->message_digest + 8),
314 			 GET_BE_U_4(bp->message_digest + 12));
315 	} else if (length == NTP_TIMEMSG_MINLEN + 4 + 20) {	/* Optional: key-id + 160-bit digest */
316 		ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id));
317 		ND_TCHECK_LEN(bp->message_digest, 20);
318 		ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x%08x",
319 			 GET_BE_U_4(bp->message_digest),
320 			 GET_BE_U_4(bp->message_digest + 4),
321 			 GET_BE_U_4(bp->message_digest + 8),
322 			 GET_BE_U_4(bp->message_digest + 12),
323 			 GET_BE_U_4(bp->message_digest + 16));
324 	} else if (length > NTP_TIMEMSG_MINLEN) {
325 		ND_PRINT("\n\t(%u more bytes after the header)", length - NTP_TIMEMSG_MINLEN);
326 	}
327 	return;
328 
329 invalid:
330 	nd_print_invalid(ndo);
331 	ND_TCHECK_LEN(bp, length);
332 	return;
333 
334 trunc:
335 	nd_print_trunc(ndo);
336 }
337 
338 /*
339  * Print NTP control message requests and responses
340  */
341 static void
ntp_control_print(netdissect_options * ndo,const struct ntp_control_data * cd,u_int length)342 ntp_control_print(netdissect_options *ndo,
343 		  const struct ntp_control_data *cd, u_int length)
344 {
345 	uint8_t control, R, E, M, opcode;
346 	uint16_t sequence, status, assoc, offset, count;
347 
348 	if (length < NTP_CTRLMSG_MINLEN)
349 		goto invalid;
350 
351 	control = GET_U_1(cd->control);
352 	R = (control & 0x80) != 0;
353 	E = (control & 0x40) != 0;
354 	M = (control & 0x20) != 0;
355 	opcode = control & 0x1f;
356 	ND_PRINT(", %s, %s, %s, OpCode=%u\n",
357 		  R ? "Response" : "Request", E ? "Error" : "OK",
358 		  M ? "More" : "Last", opcode);
359 
360 	sequence = GET_BE_U_2(cd->sequence);
361 	ND_PRINT("\tSequence=%hu", sequence);
362 
363 	status = GET_BE_U_2(cd->status);
364 	ND_PRINT(", Status=%#hx", status);
365 
366 	assoc = GET_BE_U_2(cd->assoc);
367 	ND_PRINT(", Assoc.=%hu", assoc);
368 
369 	offset = GET_BE_U_2(cd->offset);
370 	ND_PRINT(", Offset=%hu", offset);
371 
372 	count = GET_BE_U_2(cd->count);
373 	ND_PRINT(", Count=%hu", count);
374 
375 	if (NTP_CTRLMSG_MINLEN + count > length)
376 		goto invalid;
377 	if (count != 0) {
378 		ND_TCHECK_LEN(cd->data, count);
379 		ND_PRINT("\n\tTO-BE-DONE: data not interpreted");
380 	}
381 	return;
382 
383 invalid:
384 	nd_print_invalid(ndo);
385 	ND_TCHECK_LEN(cd, length);
386 	return;
387 
388 trunc:
389 	nd_print_trunc(ndo);
390 }
391 
392 union ntpdata {
393 	struct ntp_time_data	td;
394 	struct ntp_control_data	cd;
395 };
396 
397 /*
398  * Print NTP requests, handling the common VN, LI, and Mode
399  */
400 void
ntp_print(netdissect_options * ndo,const u_char * cp,u_int length)401 ntp_print(netdissect_options *ndo,
402 	  const u_char *cp, u_int length)
403 {
404 	const union ntpdata *bp = (const union ntpdata *)cp;
405 	u_int mode, version, leapind;
406 	uint8_t status;
407 
408 	ndo->ndo_protocol = "ntp";
409 	status = GET_U_1(bp->td.status);
410 
411 	version = (status & VERSIONMASK) >> VERSIONSHIFT;
412 	ND_PRINT("NTPv%u", version);
413 
414 	mode = (status & MODEMASK) >> MODESHIFT;
415 	if (!ndo->ndo_vflag) {
416 		ND_PRINT(", %s, length %u",
417 			 tok2str(ntp_mode_values, "Unknown mode", mode),
418 			 length);
419 		return;
420 	}
421 
422 	ND_PRINT(", %s, length %u\n",
423 		  tok2str(ntp_mode_values, "Unknown mode", mode), length);
424 
425 	/* leapind = (status & LEAPMASK) >> LEAPSHIFT; */
426 	leapind = (status & LEAPMASK);
427 	ND_PRINT("\tLeap indicator: %s (%u)",
428 		 tok2str(ntp_leapind_values, "Unknown", leapind),
429 		 leapind);
430 
431 	switch (mode) {
432 
433 	case MODE_UNSPEC:
434 	case MODE_SYM_ACT:
435 	case MODE_SYM_PAS:
436 	case MODE_CLIENT:
437 	case MODE_SERVER:
438 	case MODE_BROADCAST:
439 		ntp_time_print(ndo, &bp->td, length);
440 		break;
441 
442 	case MODE_CONTROL:
443 		ntp_control_print(ndo, &bp->cd, length);
444 		break;
445 
446 	default:
447 		break;			/* XXX: not implemented! */
448 	}
449 }
450 
451 static void
p_sfix(netdissect_options * ndo,const struct s_fixedpt * sfp)452 p_sfix(netdissect_options *ndo,
453        const struct s_fixedpt *sfp)
454 {
455 	int i;
456 	int f;
457 	double ff;
458 
459 	i = GET_BE_U_2(sfp->int_part);
460 	f = GET_BE_U_2(sfp->fraction);
461 	ff = f / 65536.0;		/* shift radix point by 16 bits */
462 	f = (int)(ff * 1000000.0);	/* Treat fraction as parts per million */
463 	ND_PRINT("%d.%06d", i, f);
464 }
465 
466 /* Prints time difference between *lfp and *olfp */
467 static void
p_ntp_delta(netdissect_options * ndo,const struct l_fixedpt * olfp,const struct l_fixedpt * lfp)468 p_ntp_delta(netdissect_options *ndo,
469 	    const struct l_fixedpt *olfp,
470 	    const struct l_fixedpt *lfp)
471 {
472 	uint32_t u, uf;
473 	uint32_t ou, ouf;
474 	uint32_t i;
475 	uint32_t f;
476 	double ff;
477 	int signbit;
478 
479 	u = GET_BE_U_4(lfp->int_part);
480 	ou = GET_BE_U_4(olfp->int_part);
481 	uf = GET_BE_U_4(lfp->fraction);
482 	ouf = GET_BE_U_4(olfp->fraction);
483 	if (ou == 0 && ouf == 0) {
484 		p_ntp_time(ndo, lfp);
485 		return;
486 	}
487 
488 	if (u > ou) {		/* new is definitely greater than old */
489 		signbit = 0;
490 		i = u - ou;
491 		f = uf - ouf;
492 		if (ouf > uf)	/* must borrow from high-order bits */
493 			i -= 1;
494 	} else if (u < ou) {	/* new is definitely less than old */
495 		signbit = 1;
496 		i = ou - u;
497 		f = ouf - uf;
498 		if (uf > ouf)	/* must borrow from the high-order bits */
499 			i -= 1;
500 	} else {		/* int_part is zero */
501 		i = 0;
502 		if (uf > ouf) {
503 			signbit = 0;
504 			f = uf - ouf;
505 		} else {
506 			signbit = 1;
507 			f = ouf - uf;
508 		}
509 	}
510 
511 	ff = f;
512 	if (ff < 0.0)		/* some compilers are buggy */
513 		ff += FMAXINT;
514 	ff = ff / FMAXINT;			/* shift radix point by 32 bits */
515 	f = (uint32_t)(ff * 1000000000.0);	/* treat fraction as parts per billion */
516 	ND_PRINT("%s%u.%09u", signbit ? "-" : "+", i, f);
517 }
518 
519 /* Prints polling interval in log2 as seconds or fraction of second */
520 static void
p_poll(netdissect_options * ndo,const int poll_interval)521 p_poll(netdissect_options *ndo,
522        const int poll_interval)
523 {
524 	if (poll_interval <= -32 || poll_interval >= 32)
525 		return;
526 
527 	if (poll_interval >= 0)
528 		ND_PRINT(" (%us)", 1U << poll_interval);
529 	else
530 		ND_PRINT(" (1/%us)", 1U << -poll_interval);
531 }
532 
533