1 /* 2 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * By Jeffrey Mogul/DECWRL 22 * loosely based on print-bootp.c 23 */ 24 25 /* \summary: Network Time Protocol (NTP) printer */ 26 27 /* 28 * specification: 29 * 30 * RFC 1119 - NTPv2 31 * RFC 1305 - NTPv3 32 * RFC 5905 - NTPv4 33 */ 34 35 #include <config.h> 36 37 #include "netdissect-stdinc.h" 38 39 #include "netdissect.h" 40 #include "addrtoname.h" 41 #include "extract.h" 42 43 #include "ntp.h" 44 45 /* 46 * Based on ntp.h from the U of MD implementation 47 * This file is based on Version 2 of the NTP spec (RFC1119). 48 */ 49 50 /* rfc2030 51 * 1 2 3 52 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 53 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 54 * |LI | VN |Mode | Stratum | Poll | Precision | 55 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 56 * | Root Delay | 57 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 58 * | Root Dispersion | 59 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 60 * | Reference Identifier | 61 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 62 * | | 63 * | Reference Timestamp (64) | 64 * | | 65 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 66 * | | 67 * | Originate Timestamp (64) | 68 * | | 69 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 70 * | | 71 * | Receive Timestamp (64) | 72 * | | 73 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 74 * | | 75 * | Transmit Timestamp (64) | 76 * | | 77 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 78 * | Key Identifier (optional) (32) | 79 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 80 * | | 81 * | | 82 * | Message Digest (optional) (128) | 83 * | | 84 * | | 85 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 86 */ 87 88 /* Length of the NTP data message with the mandatory fields ("the header") 89 * and without any optional fields (extension, Key Identifier, 90 * Message Digest). 91 */ 92 #define NTP_TIMEMSG_MINLEN 48U 93 94 struct ntp_time_data { 95 nd_uint8_t status; /* status of local clock and leap info */ 96 nd_uint8_t stratum; /* Stratum level */ 97 nd_int8_t ppoll; /* poll value */ 98 nd_int8_t precision; 99 struct s_fixedpt root_delay; 100 struct s_fixedpt root_dispersion; 101 nd_uint32_t refid; 102 struct l_fixedpt ref_timestamp; 103 struct l_fixedpt org_timestamp; 104 struct l_fixedpt rec_timestamp; 105 struct l_fixedpt xmt_timestamp; 106 nd_uint32_t key_id; 107 nd_uint8_t message_digest[20]; 108 }; 109 /* 110 * Leap Second Codes (high order two bits) 111 */ 112 #define NO_WARNING 0x00 /* no warning */ 113 #define PLUS_SEC 0x40 /* add a second (61 seconds) */ 114 #define MINUS_SEC 0x80 /* minus a second (59 seconds) */ 115 #define ALARM 0xc0 /* alarm condition (clock unsynchronized) */ 116 117 /* 118 * Clock Status Bits that Encode Version 119 */ 120 #define NTPVERSION_1 0x08 121 #define VERSIONMASK 0x38 122 #define VERSIONSHIFT 3 123 #define LEAPMASK 0xc0 124 #define LEAPSHIFT 6 125 #ifdef MODEMASK 126 #undef MODEMASK /* Solaris sucks */ 127 #endif 128 #define MODEMASK 0x07 129 #define MODESHIFT 0 130 131 /* 132 * Code values 133 */ 134 #define MODE_UNSPEC 0 /* unspecified */ 135 #define MODE_SYM_ACT 1 /* symmetric active */ 136 #define MODE_SYM_PAS 2 /* symmetric passive */ 137 #define MODE_CLIENT 3 /* client */ 138 #define MODE_SERVER 4 /* server */ 139 #define MODE_BROADCAST 5 /* broadcast */ 140 #define MODE_CONTROL 6 /* control message */ 141 #define MODE_RES2 7 /* reserved */ 142 143 /* 144 * Stratum Definitions 145 */ 146 #define UNSPECIFIED 0 147 #define PRIM_REF 1 /* radio clock */ 148 #define INFO_QUERY 62 /* **** THIS implementation dependent **** */ 149 #define INFO_REPLY 63 /* **** THIS implementation dependent **** */ 150 151 static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *); 152 static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *); 153 static void p_poll(netdissect_options *, const int); 154 155 static const struct tok ntp_mode_values[] = { 156 { MODE_UNSPEC, "unspecified" }, 157 { MODE_SYM_ACT, "symmetric active" }, 158 { MODE_SYM_PAS, "symmetric passive" }, 159 { MODE_CLIENT, "Client" }, 160 { MODE_SERVER, "Server" }, 161 { MODE_BROADCAST, "Broadcast" }, 162 { MODE_CONTROL, "Control Message" }, 163 { MODE_RES2, "Reserved" }, 164 { 0, NULL } 165 }; 166 167 static const struct tok ntp_leapind_values[] = { 168 { NO_WARNING, "" }, 169 { PLUS_SEC, "+1s" }, 170 { MINUS_SEC, "-1s" }, 171 { ALARM, "clock unsynchronized" }, 172 { 0, NULL } 173 }; 174 175 static const struct tok ntp_stratum_values[] = { 176 { UNSPECIFIED, "unspecified" }, 177 { PRIM_REF, "primary reference" }, 178 { 0, NULL } 179 }; 180 181 /* draft-ietf-ntp-mode-6-cmds-02 182 * 0 1 2 3 183 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 184 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 185 * |LI | VN |Mode |R|E|M| OpCode | Sequence Number | 186 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 * | Status | Association ID | 188 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 * | Offset | Count | 190 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 * | | 192 * / Data (up to 468 bytes) / 193 * | | 194 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 * | Padding (optional) | 196 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 197 * | | 198 * / Authenticator (optional, 96 bytes) / 199 * | | 200 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 201 * 202 * Figure 1: NTP Control Message Header 203 */ 204 205 /* Length of the NTP control message with the mandatory fields ("the header") 206 * and without any optional fields (Data, Padding, Authenticator). 207 */ 208 #define NTP_CTRLMSG_MINLEN 12U 209 210 struct ntp_control_data { 211 nd_uint8_t magic; /* LI, VN, Mode */ 212 nd_uint8_t control; /* R, E, M, OpCode */ 213 nd_uint16_t sequence; /* Sequence Number */ 214 nd_uint16_t status; /* Status */ 215 nd_uint16_t assoc; /* Association ID */ 216 nd_uint16_t offset; /* Offset */ 217 nd_uint16_t count; /* Count */ 218 nd_uint8_t data[564]; /* Data, [Padding, [Authenticator]] */ 219 }; 220 221 /* 222 * Print NTP time requests and responses 223 */ 224 static void 225 ntp_time_print(netdissect_options *ndo, 226 const struct ntp_time_data *bp, u_int length) 227 { 228 uint8_t stratum; 229 230 if (length < NTP_TIMEMSG_MINLEN) 231 goto invalid; 232 233 stratum = GET_U_1(bp->stratum); 234 ND_PRINT(", Stratum %u (%s)", 235 stratum, 236 tok2str(ntp_stratum_values, (stratum >=2 && stratum<=15) ? "secondary reference" : "reserved", stratum)); 237 238 ND_PRINT(", poll %d", GET_S_1(bp->ppoll)); 239 p_poll(ndo, GET_S_1(bp->ppoll)); 240 241 ND_PRINT(", precision %d", GET_S_1(bp->precision)); 242 243 ND_TCHECK_SIZE(&bp->root_delay); 244 ND_PRINT("\n\tRoot Delay: "); 245 p_sfix(ndo, &bp->root_delay); 246 247 ND_TCHECK_SIZE(&bp->root_dispersion); 248 ND_PRINT(", Root dispersion: "); 249 p_sfix(ndo, &bp->root_dispersion); 250 251 ND_TCHECK_4(bp->refid); 252 ND_PRINT(", Reference-ID: "); 253 /* Interpretation depends on stratum */ 254 switch (stratum) { 255 256 case UNSPECIFIED: 257 ND_PRINT("(unspec)"); 258 break; 259 260 case PRIM_REF: 261 if (nd_printn(ndo, (const u_char *)&(bp->refid), 4, ndo->ndo_snapend)) 262 goto trunc; 263 break; 264 265 case INFO_QUERY: 266 ND_PRINT("%s INFO_QUERY", GET_IPADDR_STRING(bp->refid)); 267 /* this doesn't have more content */ 268 return; 269 270 case INFO_REPLY: 271 ND_PRINT("%s INFO_REPLY", GET_IPADDR_STRING(bp->refid)); 272 /* this is too complex to be worth printing */ 273 return; 274 275 default: 276 /* In NTPv4 (RFC 5905) refid is an IPv4 address or first 32 bits of 277 MD5 sum of IPv6 address */ 278 ND_PRINT("0x%08x", GET_BE_U_4(bp->refid)); 279 break; 280 } 281 282 ND_TCHECK_SIZE(&bp->ref_timestamp); 283 ND_PRINT("\n\t Reference Timestamp: "); 284 p_ntp_time(ndo, &(bp->ref_timestamp)); 285 286 ND_TCHECK_SIZE(&bp->org_timestamp); 287 ND_PRINT("\n\t Originator Timestamp: "); 288 p_ntp_time(ndo, &(bp->org_timestamp)); 289 290 ND_TCHECK_SIZE(&bp->rec_timestamp); 291 ND_PRINT("\n\t Receive Timestamp: "); 292 p_ntp_time(ndo, &(bp->rec_timestamp)); 293 294 ND_TCHECK_SIZE(&bp->xmt_timestamp); 295 ND_PRINT("\n\t Transmit Timestamp: "); 296 p_ntp_time(ndo, &(bp->xmt_timestamp)); 297 298 ND_PRINT("\n\t Originator - Receive Timestamp: "); 299 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->rec_timestamp)); 300 301 ND_PRINT("\n\t Originator - Transmit Timestamp: "); 302 p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp)); 303 304 /* FIXME: this code is not aware of any extension fields */ 305 if (length == NTP_TIMEMSG_MINLEN + 4) { /* Optional: key-id (crypto-NAK) */ 306 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id)); 307 } else if (length == NTP_TIMEMSG_MINLEN + 4 + 16) { /* Optional: key-id + 128-bit digest */ 308 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id)); 309 ND_TCHECK_LEN(bp->message_digest, 16); 310 ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x", 311 GET_BE_U_4(bp->message_digest), 312 GET_BE_U_4(bp->message_digest + 4), 313 GET_BE_U_4(bp->message_digest + 8), 314 GET_BE_U_4(bp->message_digest + 12)); 315 } else if (length == NTP_TIMEMSG_MINLEN + 4 + 20) { /* Optional: key-id + 160-bit digest */ 316 ND_PRINT("\n\tKey id: %u", GET_BE_U_4(bp->key_id)); 317 ND_TCHECK_LEN(bp->message_digest, 20); 318 ND_PRINT("\n\tAuthentication: %08x%08x%08x%08x%08x", 319 GET_BE_U_4(bp->message_digest), 320 GET_BE_U_4(bp->message_digest + 4), 321 GET_BE_U_4(bp->message_digest + 8), 322 GET_BE_U_4(bp->message_digest + 12), 323 GET_BE_U_4(bp->message_digest + 16)); 324 } else if (length > NTP_TIMEMSG_MINLEN) { 325 ND_PRINT("\n\t(%u more bytes after the header)", length - NTP_TIMEMSG_MINLEN); 326 } 327 return; 328 329 invalid: 330 nd_print_invalid(ndo); 331 ND_TCHECK_LEN(bp, length); 332 return; 333 334 trunc: 335 nd_print_trunc(ndo); 336 } 337 338 /* 339 * Print NTP control message requests and responses 340 */ 341 static void 342 ntp_control_print(netdissect_options *ndo, 343 const struct ntp_control_data *cd, u_int length) 344 { 345 uint8_t control, R, E, M, opcode; 346 uint16_t sequence, status, assoc, offset, count; 347 348 if (length < NTP_CTRLMSG_MINLEN) 349 goto invalid; 350 351 control = GET_U_1(cd->control); 352 R = (control & 0x80) != 0; 353 E = (control & 0x40) != 0; 354 M = (control & 0x20) != 0; 355 opcode = control & 0x1f; 356 ND_PRINT(", %s, %s, %s, OpCode=%u\n", 357 R ? "Response" : "Request", E ? "Error" : "OK", 358 M ? "More" : "Last", opcode); 359 360 sequence = GET_BE_U_2(cd->sequence); 361 ND_PRINT("\tSequence=%hu", sequence); 362 363 status = GET_BE_U_2(cd->status); 364 ND_PRINT(", Status=%#hx", status); 365 366 assoc = GET_BE_U_2(cd->assoc); 367 ND_PRINT(", Assoc.=%hu", assoc); 368 369 offset = GET_BE_U_2(cd->offset); 370 ND_PRINT(", Offset=%hu", offset); 371 372 count = GET_BE_U_2(cd->count); 373 ND_PRINT(", Count=%hu", count); 374 375 if (NTP_CTRLMSG_MINLEN + count > length) 376 goto invalid; 377 if (count != 0) { 378 ND_TCHECK_LEN(cd->data, count); 379 ND_PRINT("\n\tTO-BE-DONE: data not interpreted"); 380 } 381 return; 382 383 invalid: 384 nd_print_invalid(ndo); 385 ND_TCHECK_LEN(cd, length); 386 return; 387 388 trunc: 389 nd_print_trunc(ndo); 390 } 391 392 union ntpdata { 393 struct ntp_time_data td; 394 struct ntp_control_data cd; 395 }; 396 397 /* 398 * Print NTP requests, handling the common VN, LI, and Mode 399 */ 400 void 401 ntp_print(netdissect_options *ndo, 402 const u_char *cp, u_int length) 403 { 404 const union ntpdata *bp = (const union ntpdata *)cp; 405 u_int mode, version, leapind; 406 uint8_t status; 407 408 ndo->ndo_protocol = "ntp"; 409 status = GET_U_1(bp->td.status); 410 411 version = (status & VERSIONMASK) >> VERSIONSHIFT; 412 ND_PRINT("NTPv%u", version); 413 414 mode = (status & MODEMASK) >> MODESHIFT; 415 if (!ndo->ndo_vflag) { 416 ND_PRINT(", %s, length %u", 417 tok2str(ntp_mode_values, "Unknown mode", mode), 418 length); 419 return; 420 } 421 422 ND_PRINT(", %s, length %u\n", 423 tok2str(ntp_mode_values, "Unknown mode", mode), length); 424 425 /* leapind = (status & LEAPMASK) >> LEAPSHIFT; */ 426 leapind = (status & LEAPMASK); 427 ND_PRINT("\tLeap indicator: %s (%u)", 428 tok2str(ntp_leapind_values, "Unknown", leapind), 429 leapind); 430 431 switch (mode) { 432 433 case MODE_UNSPEC: 434 case MODE_SYM_ACT: 435 case MODE_SYM_PAS: 436 case MODE_CLIENT: 437 case MODE_SERVER: 438 case MODE_BROADCAST: 439 ntp_time_print(ndo, &bp->td, length); 440 break; 441 442 case MODE_CONTROL: 443 ntp_control_print(ndo, &bp->cd, length); 444 break; 445 446 default: 447 break; /* XXX: not implemented! */ 448 } 449 } 450 451 static void 452 p_sfix(netdissect_options *ndo, 453 const struct s_fixedpt *sfp) 454 { 455 int i; 456 int f; 457 double ff; 458 459 i = GET_BE_U_2(sfp->int_part); 460 f = GET_BE_U_2(sfp->fraction); 461 ff = f / 65536.0; /* shift radix point by 16 bits */ 462 f = (int)(ff * 1000000.0); /* Treat fraction as parts per million */ 463 ND_PRINT("%d.%06d", i, f); 464 } 465 466 /* Prints time difference between *lfp and *olfp */ 467 static void 468 p_ntp_delta(netdissect_options *ndo, 469 const struct l_fixedpt *olfp, 470 const struct l_fixedpt *lfp) 471 { 472 uint32_t u, uf; 473 uint32_t ou, ouf; 474 uint32_t i; 475 uint32_t f; 476 double ff; 477 int signbit; 478 479 u = GET_BE_U_4(lfp->int_part); 480 ou = GET_BE_U_4(olfp->int_part); 481 uf = GET_BE_U_4(lfp->fraction); 482 ouf = GET_BE_U_4(olfp->fraction); 483 if (ou == 0 && ouf == 0) { 484 p_ntp_time(ndo, lfp); 485 return; 486 } 487 488 if (u > ou) { /* new is definitely greater than old */ 489 signbit = 0; 490 i = u - ou; 491 f = uf - ouf; 492 if (ouf > uf) /* must borrow from high-order bits */ 493 i -= 1; 494 } else if (u < ou) { /* new is definitely less than old */ 495 signbit = 1; 496 i = ou - u; 497 f = ouf - uf; 498 if (uf > ouf) /* must borrow from the high-order bits */ 499 i -= 1; 500 } else { /* int_part is zero */ 501 i = 0; 502 if (uf > ouf) { 503 signbit = 0; 504 f = uf - ouf; 505 } else { 506 signbit = 1; 507 f = ouf - uf; 508 } 509 } 510 511 ff = f; 512 if (ff < 0.0) /* some compilers are buggy */ 513 ff += FMAXINT; 514 ff = ff / FMAXINT; /* shift radix point by 32 bits */ 515 f = (uint32_t)(ff * 1000000000.0); /* treat fraction as parts per billion */ 516 ND_PRINT("%s%u.%09u", signbit ? "-" : "+", i, f); 517 } 518 519 /* Prints polling interval in log2 as seconds or fraction of second */ 520 static void 521 p_poll(netdissect_options *ndo, 522 const int poll_interval) 523 { 524 if (poll_interval <= -32 || poll_interval >= 32) 525 return; 526 527 if (poll_interval >= 0) 528 ND_PRINT(" (%us)", 1U << poll_interval); 529 else 530 ND_PRINT(" (1/%us)", 1U << -poll_interval); 531 } 532 533