Home | History | Annotate | Download | only in tcpdump
      1 /*
      2  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
      3  *	The Regents of the University of California.  All rights reserved.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that: (1) source code distributions
      7  * retain the above copyright notice and this paragraph in its entirety, (2)
      8  * distributions including binary code include the above copyright notice and
      9  * this paragraph in its entirety in the documentation or other materials
     10  * provided with the distribution, and (3) all advertising materials mentioning
     11  * features or use of this software display the following acknowledgement:
     12  * ``This product includes software developed by the University of California,
     13  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
     14  * the University nor the names of its contributors may be used to endorse
     15  * or promote products derived from this software without specific prior
     16  * written permission.
     17  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
     18  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
     19  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
     20  *
     21  * Format and print ntp packets.
     22  *	By Jeffrey Mogul/DECWRL
     23  *	loosely based on print-bootp.c
     24  */
     25 
     26 #define NETDISSECT_REWORKED
     27 #ifdef HAVE_CONFIG_H
     28 #include "config.h"
     29 #endif
     30 
     31 #include <tcpdump-stdinc.h>
     32 
     33 #ifdef HAVE_STRFTIME
     34 #include <time.h>
     35 #endif
     36 
     37 #include "interface.h"
     38 #include "addrtoname.h"
     39 #include "extract.h"
     40 
     41 /*
     42  * Based on ntp.h from the U of MD implementation
     43  *	This file is based on Version 2 of the NTP spec (RFC1119).
     44  */
     45 
     46 /*
     47  *  Definitions for the masses
     48  */
     49 #define	JAN_1970	2208988800U	/* 1970 - 1900 in seconds */
     50 
     51 /*
     52  * Structure definitions for NTP fixed point values
     53  *
     54  *    0			  1		      2			  3
     55  *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     56  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     57  *   |			       Integer Part			     |
     58  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     59  *   |			       Fraction Part			     |
     60  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     61  *
     62  *    0			  1		      2			  3
     63  *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     64  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     65  *   |		  Integer Part	     |	   Fraction Part	     |
     66  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     67 */
     68 struct l_fixedpt {
     69 	uint32_t int_part;
     70 	uint32_t fraction;
     71 };
     72 
     73 struct s_fixedpt {
     74 	uint16_t int_part;
     75 	uint16_t fraction;
     76 };
     77 
     78 /* rfc2030
     79  *                      1                   2                   3
     80  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     81  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     82  * |LI | VN  |Mode |    Stratum    |     Poll      |   Precision   |
     83  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     84  * |                          Root Delay                           |
     85  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     86  * |                       Root Dispersion                         |
     87  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     88  * |                     Reference Identifier                      |
     89  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     90  * |                                                               |
     91  * |                   Reference Timestamp (64)                    |
     92  * |                                                               |
     93  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     94  * |                                                               |
     95  * |                   Originate Timestamp (64)                    |
     96  * |                                                               |
     97  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     98  * |                                                               |
     99  * |                    Receive Timestamp (64)                     |
    100  * |                                                               |
    101  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    102  * |                                                               |
    103  * |                    Transmit Timestamp (64)                    |
    104  * |                                                               |
    105  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    106  * |                 Key Identifier (optional) (32)                |
    107  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    108  * |                                                               |
    109  * |                                                               |
    110  * |                 Message Digest (optional) (128)               |
    111  * |                                                               |
    112  * |                                                               |
    113  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    114  */
    115 
    116 struct ntpdata {
    117 	u_char status;		/* status of local clock and leap info */
    118 	u_char stratum;		/* Stratum level */
    119 	u_char ppoll;		/* poll value */
    120 	int precision:8;
    121 	struct s_fixedpt root_delay;
    122 	struct s_fixedpt root_dispersion;
    123 	uint32_t refid;
    124 	struct l_fixedpt ref_timestamp;
    125 	struct l_fixedpt org_timestamp;
    126 	struct l_fixedpt rec_timestamp;
    127 	struct l_fixedpt xmt_timestamp;
    128         uint32_t key_id;
    129         uint8_t  message_digest[16];
    130 };
    131 /*
    132  *	Leap Second Codes (high order two bits)
    133  */
    134 #define	NO_WARNING	0x00	/* no warning */
    135 #define	PLUS_SEC	0x40	/* add a second (61 seconds) */
    136 #define	MINUS_SEC	0x80	/* minus a second (59 seconds) */
    137 #define	ALARM		0xc0	/* alarm condition (clock unsynchronized) */
    138 
    139 /*
    140  *	Clock Status Bits that Encode Version
    141  */
    142 #define	NTPVERSION_1	0x08
    143 #define	VERSIONMASK	0x38
    144 #define LEAPMASK	0xc0
    145 #ifdef MODEMASK
    146 #undef MODEMASK					/* Solaris sucks */
    147 #endif
    148 #define	MODEMASK	0x07
    149 
    150 /*
    151  *	Code values
    152  */
    153 #define	MODE_UNSPEC	0	/* unspecified */
    154 #define	MODE_SYM_ACT	1	/* symmetric active */
    155 #define	MODE_SYM_PAS	2	/* symmetric passive */
    156 #define	MODE_CLIENT	3	/* client */
    157 #define	MODE_SERVER	4	/* server */
    158 #define	MODE_BROADCAST	5	/* broadcast */
    159 #define	MODE_RES1	6	/* reserved */
    160 #define	MODE_RES2	7	/* reserved */
    161 
    162 /*
    163  *	Stratum Definitions
    164  */
    165 #define	UNSPECIFIED	0
    166 #define	PRIM_REF	1	/* radio clock */
    167 #define	INFO_QUERY	62	/* **** THIS implementation dependent **** */
    168 #define	INFO_REPLY	63	/* **** THIS implementation dependent **** */
    169 
    170 static void p_sfix(netdissect_options *ndo, const struct s_fixedpt *);
    171 static void p_ntp_time(netdissect_options *, const struct l_fixedpt *);
    172 static void p_ntp_delta(netdissect_options *, const struct l_fixedpt *, const struct l_fixedpt *);
    173 
    174 static const struct tok ntp_mode_values[] = {
    175     { MODE_UNSPEC,    "unspecified" },
    176     { MODE_SYM_ACT,   "symmetric active" },
    177     { MODE_SYM_PAS,   "symmetric passive" },
    178     { MODE_CLIENT,    "Client" },
    179     { MODE_SERVER,    "Server" },
    180     { MODE_BROADCAST, "Broadcast" },
    181     { MODE_RES1,      "Reserved" },
    182     { MODE_RES2,      "Reserved" },
    183     { 0, NULL }
    184 };
    185 
    186 static const struct tok ntp_leapind_values[] = {
    187     { NO_WARNING,     "" },
    188     { PLUS_SEC,       "+1s" },
    189     { MINUS_SEC,      "-1s" },
    190     { ALARM,          "clock unsynchronized" },
    191     { 0, NULL }
    192 };
    193 
    194 static const struct tok ntp_stratum_values[] = {
    195 	{ UNSPECIFIED,	"unspecified" },
    196 	{ PRIM_REF, 	"primary reference" },
    197 	{ 0, NULL }
    198 };
    199 
    200 /*
    201  * Print ntp requests
    202  */
    203 void
    204 ntp_print(netdissect_options *ndo,
    205           register const u_char *cp, u_int length)
    206 {
    207 	register const struct ntpdata *bp;
    208 	int mode, version, leapind;
    209 
    210 	bp = (struct ntpdata *)cp;
    211 
    212 	ND_TCHECK(bp->status);
    213 
    214 	version = (int)(bp->status & VERSIONMASK) >> 3;
    215 	ND_PRINT((ndo, "NTPv%d", version));
    216 
    217 	mode = bp->status & MODEMASK;
    218 	if (!ndo->ndo_vflag) {
    219 		ND_PRINT((ndo, ", %s, length %u",
    220 		          tok2str(ntp_mode_values, "Unknown mode", mode),
    221 		          length));
    222 		return;
    223 	}
    224 
    225 	ND_PRINT((ndo, ", length %u\n\t%s",
    226 	          length,
    227 	          tok2str(ntp_mode_values, "Unknown mode", mode)));
    228 
    229 	leapind = bp->status & LEAPMASK;
    230 	ND_PRINT((ndo, ", Leap indicator: %s (%u)",
    231 	          tok2str(ntp_leapind_values, "Unknown", leapind),
    232 	          leapind));
    233 
    234 	ND_TCHECK(bp->stratum);
    235 	ND_PRINT((ndo, ", Stratum %u (%s)",
    236 		bp->stratum,
    237 		tok2str(ntp_stratum_values, (bp->stratum >=2 && bp->stratum<=15) ? "secondary reference" : "reserved", bp->stratum)));
    238 
    239 	ND_TCHECK(bp->ppoll);
    240 	ND_PRINT((ndo, ", poll %u (%us)", bp->ppoll, 1 << bp->ppoll));
    241 
    242 	/* Can't ND_TCHECK bp->precision bitfield so bp->distance + 0 instead */
    243 	ND_TCHECK2(bp->root_delay, 0);
    244 	ND_PRINT((ndo, ", precision %d", bp->precision));
    245 
    246 	ND_TCHECK(bp->root_delay);
    247 	ND_PRINT((ndo, "\n\tRoot Delay: "));
    248 	p_sfix(ndo, &bp->root_delay);
    249 
    250 	ND_TCHECK(bp->root_dispersion);
    251 	ND_PRINT((ndo, ", Root dispersion: "));
    252 	p_sfix(ndo, &bp->root_dispersion);
    253 
    254 	ND_TCHECK(bp->refid);
    255 	ND_PRINT((ndo, ", Reference-ID: "));
    256 	/* Interpretation depends on stratum */
    257 	switch (bp->stratum) {
    258 
    259 	case UNSPECIFIED:
    260 		ND_PRINT((ndo, "(unspec)"));
    261 		break;
    262 
    263 	case PRIM_REF:
    264 		if (fn_printn(ndo, (u_char *)&(bp->refid), 4, ndo->ndo_snapend))
    265 			goto trunc;
    266 		break;
    267 
    268 	case INFO_QUERY:
    269 		ND_PRINT((ndo, "%s INFO_QUERY", ipaddr_string(ndo, &(bp->refid))));
    270 		/* this doesn't have more content */
    271 		return;
    272 
    273 	case INFO_REPLY:
    274 		ND_PRINT((ndo, "%s INFO_REPLY", ipaddr_string(ndo, &(bp->refid))));
    275 		/* this is too complex to be worth printing */
    276 		return;
    277 
    278 	default:
    279 		ND_PRINT((ndo, "%s", ipaddr_string(ndo, &(bp->refid))));
    280 		break;
    281 	}
    282 
    283 	ND_TCHECK(bp->ref_timestamp);
    284 	ND_PRINT((ndo, "\n\t  Reference Timestamp:  "));
    285 	p_ntp_time(ndo, &(bp->ref_timestamp));
    286 
    287 	ND_TCHECK(bp->org_timestamp);
    288 	ND_PRINT((ndo, "\n\t  Originator Timestamp: "));
    289 	p_ntp_time(ndo, &(bp->org_timestamp));
    290 
    291 	ND_TCHECK(bp->rec_timestamp);
    292 	ND_PRINT((ndo, "\n\t  Receive Timestamp:    "));
    293 	p_ntp_time(ndo, &(bp->rec_timestamp));
    294 
    295 	ND_TCHECK(bp->xmt_timestamp);
    296 	ND_PRINT((ndo, "\n\t  Transmit Timestamp:   "));
    297 	p_ntp_time(ndo, &(bp->xmt_timestamp));
    298 
    299 	ND_PRINT((ndo, "\n\t    Originator - Receive Timestamp:  "));
    300 	p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->rec_timestamp));
    301 
    302 	ND_PRINT((ndo, "\n\t    Originator - Transmit Timestamp: "));
    303 	p_ntp_delta(ndo, &(bp->org_timestamp), &(bp->xmt_timestamp));
    304 
    305 	if ( (sizeof(struct ntpdata) - length) == 16) { 	/* Optional: key-id */
    306 		ND_TCHECK(bp->key_id);
    307 		ND_PRINT((ndo, "\n\tKey id: %u", bp->key_id));
    308 	} else if ( (sizeof(struct ntpdata) - length) == 0) { 	/* Optional: key-id + authentication */
    309 		ND_TCHECK(bp->key_id);
    310 		ND_PRINT((ndo, "\n\tKey id: %u", bp->key_id));
    311 		ND_TCHECK2(bp->message_digest, sizeof (bp->message_digest));
    312                 ND_PRINT((ndo, "\n\tAuthentication: %08x%08x%08x%08x",
    313         		       EXTRACT_32BITS(bp->message_digest),
    314 		               EXTRACT_32BITS(bp->message_digest + 4),
    315 		               EXTRACT_32BITS(bp->message_digest + 8),
    316 		               EXTRACT_32BITS(bp->message_digest + 12)));
    317         }
    318 	return;
    319 
    320 trunc:
    321 	ND_PRINT((ndo, " [|ntp]"));
    322 }
    323 
    324 static void
    325 p_sfix(netdissect_options *ndo,
    326        register const struct s_fixedpt *sfp)
    327 {
    328 	register int i;
    329 	register int f;
    330 	register float ff;
    331 
    332 	i = EXTRACT_16BITS(&sfp->int_part);
    333 	f = EXTRACT_16BITS(&sfp->fraction);
    334 	ff = f / 65536.0;	/* shift radix point by 16 bits */
    335 	f = ff * 1000000.0;	/* Treat fraction as parts per million */
    336 	ND_PRINT((ndo, "%d.%06d", i, f));
    337 }
    338 
    339 #define	FMAXINT	(4294967296.0)	/* floating point rep. of MAXINT */
    340 
    341 static void
    342 p_ntp_time(netdissect_options *ndo,
    343            register const struct l_fixedpt *lfp)
    344 {
    345 	register int32_t i;
    346 	register uint32_t uf;
    347 	register uint32_t f;
    348 	register float ff;
    349 
    350 	i = EXTRACT_32BITS(&lfp->int_part);
    351 	uf = EXTRACT_32BITS(&lfp->fraction);
    352 	ff = uf;
    353 	if (ff < 0.0)		/* some compilers are buggy */
    354 		ff += FMAXINT;
    355 	ff = ff / FMAXINT;	/* shift radix point by 32 bits */
    356 	f = ff * 1000000000.0;	/* treat fraction as parts per billion */
    357 	ND_PRINT((ndo, "%u.%09d", i, f));
    358 
    359 #ifdef HAVE_STRFTIME
    360 	/*
    361 	 * print the time in human-readable format.
    362 	 */
    363 	if (i) {
    364 	    time_t seconds = i - JAN_1970;
    365 	    struct tm *tm;
    366 	    char time_buf[128];
    367 
    368 	    tm = localtime(&seconds);
    369 	    strftime(time_buf, sizeof (time_buf), "%Y/%m/%d %H:%M:%S", tm);
    370 	    ND_PRINT((ndo, " (%s)", time_buf));
    371 	}
    372 #endif
    373 }
    374 
    375 /* Prints time difference between *lfp and *olfp */
    376 static void
    377 p_ntp_delta(netdissect_options *ndo,
    378             register const struct l_fixedpt *olfp,
    379             register const struct l_fixedpt *lfp)
    380 {
    381 	register int32_t i;
    382 	register uint32_t u, uf;
    383 	register uint32_t ou, ouf;
    384 	register uint32_t f;
    385 	register float ff;
    386 	int signbit;
    387 
    388 	u = EXTRACT_32BITS(&lfp->int_part);
    389 	ou = EXTRACT_32BITS(&olfp->int_part);
    390 	uf = EXTRACT_32BITS(&lfp->fraction);
    391 	ouf = EXTRACT_32BITS(&olfp->fraction);
    392 	if (ou == 0 && ouf == 0) {
    393 		p_ntp_time(ndo, lfp);
    394 		return;
    395 	}
    396 
    397 	i = u - ou;
    398 
    399 	if (i > 0) {		/* new is definitely greater than old */
    400 		signbit = 0;
    401 		f = uf - ouf;
    402 		if (ouf > uf)	/* must borrow from high-order bits */
    403 			i -= 1;
    404 	} else if (i < 0) {	/* new is definitely less than old */
    405 		signbit = 1;
    406 		f = ouf - uf;
    407 		if (uf > ouf)	/* must carry into the high-order bits */
    408 			i += 1;
    409 		i = -i;
    410 	} else {		/* int_part is zero */
    411 		if (uf > ouf) {
    412 			signbit = 0;
    413 			f = uf - ouf;
    414 		} else {
    415 			signbit = 1;
    416 			f = ouf - uf;
    417 		}
    418 	}
    419 
    420 	ff = f;
    421 	if (ff < 0.0)		/* some compilers are buggy */
    422 		ff += FMAXINT;
    423 	ff = ff / FMAXINT;	/* shift radix point by 32 bits */
    424 	f = ff * 1000000000.0;	/* treat fraction as parts per billion */
    425 	ND_PRINT((ndo, "%s%d.%09d", signbit ? "-" : "+", i, f));
    426 }
    427 
    428