search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
FIXUP: WIP: verification_trailer
[wireshark-wip.git] / epan / dissectors / packet-ntp.c
bloba6d237396c7604de0e119204af93bb30e30ad4a0
1 /* packet-ntp.c
2 * Routines for NTP packet dissection
3 * Copyright 1999, Nathan Neulinger <nneul@umr.edu>
4 *
5 * $Id$
6 *
7 * Wireshark - Network traffic analyzer
8 * By Gerald Combs <gerald@wireshark.org>
9 * Copyright 1998 Gerald Combs
10 *
11 * Copied from packet-tftp.c
12 *
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26 */
27
28 #include "config.h"
29
30 #include <math.h>
31
32 #include <glib.h>
33
34 #include <epan/packet.h>
35 #include <epan/addr_resolv.h>
36 #include <epan/wmem/wmem.h>
37
38 #include <epan/tvbparse.h>
39
40 #include "packet-ntp.h"
41
42 /*
43 * Dissecting NTP packets version 3 and 4 (RFC5905, RFC2030, RFC1769, RFC1361,
44 * RFC1305).
45 *
46 * Those packets have simple structure:
47 * 1 2 3
48 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
49 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
50 * |LI | VN |Mode | Stratum | Poll | Precision |
51 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
52 * | Root Delay |
53 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
54 * | Root Dispersion |
55 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
56 * | Reference Identifier |
57 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
58 * | Reference Timestamp (64) |
59 * | |
60 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
61 * | Originate Timestamp (64) |
62 * | |
63 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
64 * | Receive Timestamp (64) |
65 * | |
66 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
67 * | Transmit Timestamp (64) |
68 * | |
69 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
70 * | Key Identifier (optional) (32) |
71 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
72 * | Message Digest (optional) (128) |
73 * | |
74 * | |
75 * | |
76 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
77 * NTP timestamps are represented as a 64-bit unsigned fixed-point number,
78 * in seconds relative to 0h on 1 January 1900. The integer part is in the
79 * first 32 bits and the fraction part in the last 32 bits.
80 *
81 *
82 * NTP Control messages as defined in version 2, 3 and 4 (RFC1119, RFC1305) use
83 * the following structure:
84 * 1 2 3
85 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
86 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
87 * |00 | VN | 110 |R E M| OpCode | Sequence |
88 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
89 * | Status | Association ID |
90 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
91 * | Offset | Count |
92 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
93 * | |
94 * | Data (468 octets max) |
95 * | |
96 * | | Padding (zeros) |
97 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
98 * | Authenticator (optional) (96) |
99 * | |
100 * | |
101 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
102 *
103 * Not yet implemented: complete dissection of TPCTRL_OP_SETTRAP,
104 * NTPCTRL_OP_ASYNCMSG, NTPCTRL_OP_UNSETTRAPSETTRAP Control-Messages
105 *
106 */
107
108 #define UDP_PORT_NTP 123
109 #define TCP_PORT_NTP 123
110
111 /* Leap indicator, 2bit field is used to warn of a inserted/deleted
112 * second, or clock unsynchronized indication.
113 */
114 #define NTP_LI_MASK 0xC0
115
116 #define NTP_LI_NONE 0
117 #define NTP_LI_61 1
118 #define NTP_LI_59 2
119 #define NTP_LI_UNKNOWN 3
120
121 static const value_string li_types[] = {
122 { NTP_LI_NONE, "no warning" },
123 { NTP_LI_61, "last minute of the day has 61 seconds" },
124 { NTP_LI_59, "last minute of the day has 59 seconds" },
125 { NTP_LI_UNKNOWN, "unknown (clock unsynchronized)" },
126 { 0, NULL}
127 };
128
129 /* Version info, 3bit field informs about NTP version used in particular
130 * packet. According to rfc2030, version info could be only 3 or 4, but I
131 * have noticed packets with 1 or even 6 as version numbers. They are
132 * produced as a result of ntptrace command. Are those packets malformed
133 * on purpose? I don't know yet, probably some browsing through ntp sources
134 * would help. My solution is to put them as reserved for now.
135 */
136 #define NTP_VN_MASK 0x38
137
138 static const value_string ver_nums[] = {
139 { 0, "reserved" },
140 { 1, "NTP Version 1" },
141 { 2, "NTP Version 2" },
142 { 3, "NTP Version 3" },
143 { 4, "NTP Version 4" },
144 { 5, "reserved" },
145 { 6, "reserved" },
146 { 7, "reserved" },
147 { 0, NULL}
148 };
149
150 /* Mode, 3bit field representing mode of comunication.
151 */
152 #define NTP_MODE_MASK 7
153
154 #define NTP_MODE_RSV 0
155 #define NTP_MODE_SYMACT 1
156 #define NTP_MODE_SYMPAS 2
157 #define NTP_MODE_CLIENT 3
158 #define NTP_MODE_SERVER 4
159 #define NTP_MODE_BCAST 5
160 #define NTP_MODE_CTRL 6
161 #define NTP_MODE_PRIV 7
162
163 static const value_string mode_types[] = {
164 { NTP_MODE_RSV, "reserved" },
165 { NTP_MODE_SYMACT, "symmetric active" },
166 { NTP_MODE_SYMPAS, "symmetric passive" },
167 { NTP_MODE_CLIENT, "client" },
168 { NTP_MODE_SERVER, "server" },
169 { NTP_MODE_BCAST, "broadcast" },
170 { NTP_MODE_CTRL, "reserved for NTP control message"},
171 { NTP_MODE_PRIV, "reserved for private use" },
172 { 0, NULL}
173 };
174
175 static const value_string info_mode_types[] = {
176 { NTP_MODE_RSV, "reserved" },
177 { NTP_MODE_SYMACT, "symmetric active" },
178 { NTP_MODE_SYMPAS, "symmetric passive" },
179 { NTP_MODE_CLIENT, "client" },
180 { NTP_MODE_SERVER, "server" },
181 { NTP_MODE_BCAST, "broadcast" },
182 { NTP_MODE_CTRL, "control"},
183 { NTP_MODE_PRIV, "private" },
184 { 0, NULL}
185 };
186
187 /* According to rfc, primary (stratum-0 and stratum-1) servers should set
188 * their Reference ID (4bytes field) according to following table:
189 */
190 static const struct {
191 const char *id;
192 const char *data;
193 } primary_sources[] = {
194 /* IANA / RFC 5905 */
195 { "GOES", "Geostationary Orbit Environment Satellite" },
196 { "GPS\0", "Global Position System" },
197 { "GAL\0", "Galileo Positioning System" },
198 { "PPS\0", "Generic pulse-per-second" },
199 { "IRIG", "Inter-Range Instrumentation Group" },
200 { "WWVB", "LF Radio WWVB Ft. Collins, CO 60 kHz" },
201 { "DCF\0", "LF Radio DCF77 Mainflingen, DE 77.5 kHz" },
202 { "HBG\0", "LF Radio HBG Prangins, HB 75 kHz" },
203 { "MSF\0", "LF Radio MSF Anthorn, UK 60 kHz" },
204 { "JJY\0", "LF Radio JJY Fukushima, JP 40 kHz, Saga, JP 60 kHz" },
205 { "LORC", "MF Radio LORAN C station, 100 kHz" },
206 { "TDF\0", "MF Radio Allouis, FR 162 kHz" },
207 { "CHU\0", "HF Radio CHU Ottawa, Ontario" },
208 { "WWV\0", "HF Radio WWV Ft. Collins, CO" },
209 { "WWVH", "HF Radio WWVH Kauai, HI" },
210 { "NIST", "NIST telephone modem" },
211 { "ACTS", "NIST telephone modem" },
212 { "USNO", "USNO telephone modem" },
213 { "PTB\0", "European telephone modem" },
214
215 /* Unofficial codes */
216 { "LOCL", "uncalibrated local clock" },
217 { "CESM", "calibrated Cesium clock" },
218 { "RBDM", "calibrated Rubidium clock" },
219 { "OMEG", "OMEGA radionavigation system" },
220 { "DCN\0", "DCN routing protocol" },
221 { "TSP\0", "TSP time protocol" },
222 { "DTS\0", "Digital Time Service" },
223 { "ATOM", "Atomic clock (calibrated)" },
224 { "VLF\0", "VLF radio (OMEGA,, etc.)" },
225 { "1PPS", "External 1 PPS input" },
226 { "FREE", "(Internal clock)" },
227 { "INIT", "(Initialization)" },
228 { "\0\0\0\0", "NULL" },
229 { NULL, NULL}
230 };
231
232 #define NTP_EXT_R_MASK 0x80
233
234 static const value_string ext_r_types[] = {
235 { 0, "Request" },
236 { 1, "Response" },
237 { 0, NULL}
238 };
239
240 #define NTP_EXT_ERROR_MASK 0x40
241 #define NTP_EXT_VN_MASK 0x3f
242
243 static const value_string ext_op_types[] = {
244 { 0, "NULL" },
245 { 1, "ASSOC" },
246 { 2, "CERT" },
247 { 3, "COOK" },
248 { 4, "AUTO" },
249 { 5, "TAI" },
250 { 6, "SIGN" },
251 { 7, "IFF" },
252 { 8, "GQ" },
253 { 9, "MV" },
254 { 0, NULL}
255 };
256
257 #define NTPCTRL_R_MASK 0x80
258
259 #define ctrl_r_types ext_r_types
260
261 #define NTPCTRL_ERROR_MASK 0x40
262 #define NTPCTRL_MORE_MASK 0x20
263 #define NTPCTRL_OP_MASK 0x1f
264
265 #define NTPCTRL_OP_UNSPEC 0
266 #define NTPCTRL_OP_READSTAT 1
267 #define NTPCTRL_OP_READVAR 2
268 #define NTPCTRL_OP_WRITEVAR 3
269 #define NTPCTRL_OP_READCLOCK 4
270 #define NTPCTRL_OP_WRITECLOCK 5
271 #define NTPCTRL_OP_SETTRAP 6
272 #define NTPCTRL_OP_ASYNCMSG 7
273 #define NTPCTRL_OP_UNSETTRAP 31
274
275 static const value_string ctrl_op_types[] = {
276 { NTPCTRL_OP_UNSPEC, "UNSPEC" },
277 { NTPCTRL_OP_READSTAT, "READSTAT" },
278 { NTPCTRL_OP_READVAR, "READVAR" },
279 { NTPCTRL_OP_WRITEVAR, "WRITEVAR" },
280 { NTPCTRL_OP_READCLOCK, "READCLOCK" },
281 { NTPCTRL_OP_WRITECLOCK, "WRITECLOCK" },
282 { NTPCTRL_OP_SETTRAP, "SETTRAP" },
283 { NTPCTRL_OP_ASYNCMSG, "ASYNCMSG" },
284 { NTPCTRL_OP_UNSETTRAP, "UNSETTRAP" },
285 { 0, NULL}
286 };
287
288 #define NTPCTRL_SYSSTATUS_LI_MASK 0xC000
289 #define NTPCTRL_SYSSTATUS_CLK_MASK 0x3F00
290 #define NTPCTRL_SYSSTATUS_COUNT_MASK 0x00F0
291 #define NTPCTRL_SYSSTATUS_CODE_MASK 0x000F
292
293 static const value_string ctrl_sys_status_clksource_types[] = {
294 { 0, "unspecified or unknown" },
295 { 1, "Calibrated atomic clock (e.g. HP 5061)" },
296 { 2, "VLF (band 4) or LF (band 5) radio (e.g. OMEGA, WWVB)" },
297 { 3, "HF (band 7) radio (e.g. CHU, MSF, WWV/H)" },
298 { 4, "UHF (band 9) satellite (e.g. GOES, GPS)" },
299 { 5, "local net (e.g. DCN, TSP, DTS)" },
300 { 6, "UDP/NTP" },
301 { 7, "UDP/TIME" },
302 { 8, "eyeball-and-wristwatch" },
303 { 9, "telephone modem (e.g. NIST)" },
304 { 0, NULL}
305 };
306
307 static const value_string ctrl_sys_status_event_types[] = {
308 { 0, "unspecified" },
309 { 1, "system restart" },
310 { 2, "system or hardware fault" },
311 { 3, "system new status word (leap bits or synchronization change)" },
312 { 4, "system new synchronization source or stratum (sys.peer or sys.stratum change)" },
313 { 5, "system clock reset (offset correction exceeds CLOCK.MAX)" },
314 { 6, "system invalid time or date (see NTP spec.)" },
315 { 7, "system clock exception (see system clock status word)" },
316 { 0, NULL}
317 };
318
319 #define NTPCTRL_PEERSTATUS_STATUS_MASK 0xF800
320 #define NTPCTRL_PEERSTATUS_CONFIG_MASK 0x8000
321 #define NTPCTRL_PEERSTATUS_AUTHENABLE_MASK 0x4000
322 #define NTPCTRL_PEERSTATUS_AUTHENTIC_MASK 0x2000
323 #define NTPCTRL_PEERSTATUS_REACH_MASK 0x1000
324 #define NTPCTRL_PEERSTATUS_RESERVED_MASK 0x0800
325 #define NTPCTRL_PEERSTATUS_SEL_MASK 0x0700
326 #define NTPCTRL_PEERSTATUS_COUNT_MASK 0x00F0
327 #define NTPCTRL_PEERSTATUS_CODE_MASK 0x000F
328
329 static const value_string ctrl_peer_status_config_types[] = {
330 { 0, "not configured (peer.config)" },
331 { 1, "configured (peer.config)" },
332 { 0, NULL}
333 };
334
335 static const value_string ctrl_peer_status_authenable_types[] = {
336 { 0, "authentication disabled (peer.authenable" },
337 { 1, "authentication enabled (peer.authenable" },
338 { 0, NULL}
339 };
340
341 static const value_string ctrl_peer_status_authentic_types[] = {
342 { 0, "authentication not okay (peer.authentic)" },
343 { 1, "authentication okay (peer.authentic)" },
344 { 0, NULL}
345 };
346
347 static const value_string ctrl_peer_status_reach_types[] = {
348 { 0, "reachability not okay (peer.reach != 0)" },
349 { 1, "reachability okay (peer.reach != 0)" },
350 { 0, NULL}
351 };
352
353 static const value_string ctrl_peer_status_selection_types[] = {
354 { 0, "rejected" },
355 { 1, "passed sanity checks (tests 1 trough 8 in Section 3.4.3)" },
356 { 2, "passed correctness checks (intersection algorithm in Section 4.2.1)" },
357 { 3, "passed candidate checks (if limit check implemented)" },
358 { 4, "passed outlyer checks (clustering algorithm in Section 4.2.2)" },
359 { 5, "current synchronization source; max distance exceeded (if limit check implemented)" },
360 { 6, "current synchronization source; max distance okay" },
361 { 7, "reserved" },
362 { 0, NULL}
363 };
364
365 static const value_string ctrl_peer_status_event_types[] = {
366 { 0, "unspecified" },
367 { 1, "peer IP error" },
368 { 2, "peer authentication failure (peer.authentic bit was one now zero)" },
369 { 3, "peer unreachable (peer.reach was nonzero now zero)" },
370 { 4, "peer reachable (peer.reach was zero now nonzero)" },
371 { 5, "peer clock exception (see peer clock status word)" },
372 { 0, NULL}
373 };
374
375 #define NTPCTRL_CLKSTATUS_STATUS_MASK 0xFF00
376 #define NTPCTRL_CLKSTATUS_CODE_MASK 0x00FF
377
378 static const value_string ctrl_clk_status_types[] = {
379 { 0, "clock operating within nominals" },
380 { 1, "reply timeout" },
381 { 2, "bad reply format" },
382 { 3, "hardware or software fault" },
383 { 4, "propagation failure" },
384 { 5, "bad date format or value" },
385 { 6, "bad time format or value" },
386 { 0, NULL}
387 };
388
389 #define NTP_CTRL_ERRSTATUS_CODE_MASK 0xFF00
390
391 static const value_string ctrl_err_status_types[] = {
392 { 0, "unspecified" },
393 { 1, "authentication failure" },
394 { 2, "invalid message length or format" },
395 { 3, "invalid opcode" },
396 { 4, "unknown association identifier" },
397 { 5, "unknown variable name" },
398 { 6, "invalid variable value" },
399 { 7, "administratively prohibited" },
400 { 0, NULL}
401 };
402
403
404 #define NTPPRIV_R_MASK 0x80
405
406 #define priv_r_types ext_r_types
407
408 #define NTPPRIV_MORE_MASK 0x40
409
410 #define NTPPRIV_AUTH_MASK 0x80
411 #define NTPPRIV_SEQ_MASK 0x7f
412
413 static const value_string priv_impl_types[] = {
414 { 0, "UNIV" },
415 { 2, "XNTPD_OLD (pre-IPv6)" },
416 { 3, "XNTPD" },
417 { 0, NULL}
418 };
419
420 static const value_string priv_rc_types[] = {
421 { 0, "PEER_LIST" },
422 { 1, "PEER_LIST_SUM" },
423 { 2, "PEER_INFO" },
424 { 3, "PEER_STATS" },
425 { 4, "SYS_INFO" },
426 { 5, "SYS_STATS" },
427 { 6, "IO_STATS" },
428 { 7, "MEM_STATS" },
429 { 8, "LOOP_INFO" },
430 { 9, "TIMER_STATS" },
431 { 10, "CONFIG" },
432 { 11, "UNCONFIG" },
433 { 12, "SET_SYS_FLAG" },
434 { 13, "CLR_SYS_FLAG" },
435 { 16, "GET_RESTRICT" },
436 { 17, "RESADDFLAGS" },
437 { 18, "RESSUBFLAGS" },
438 { 19, "UNRESTRICT" },
439 { 20, "MON_GETLIST" },
440 { 21, "RESET_STATS" },
441 { 22, "RESET_PEER" },
442 { 23, "REREAD_KEYS" },
443 { 26, "TRUSTKEY" },
444 { 27, "UNTRUSTKEY" },
445 { 28, "AUTHINFO" },
446 { 29, "TRAPS" },
447 { 30, "ADD_TRAP" },
448 { 31, "CLR_TRAP" },
449 { 32, "REQUEST_KEY" },
450 { 33, "CONTROL_KEY" },
451 { 34, "GET_CTLSTATS" },
452 { 36, "GET_CLOCKINFO" },
453 { 37, "SET_CLKFUDGE" },
454 { 38, "GET_KERNEL" },
455 { 39, "GET_CLKBUGINFO" },
456 { 42, "MON_GETLIST_1" },
457 { 43, "HOSTNAME_ASSOCID" },
458 { 0, NULL}
459 };
460
461 /*
462 * Maximum MAC length.
463 */
464 #define MAX_MAC_LEN (5 * sizeof (guint32))
465
466 static int proto_ntp = -1;
467
468 static int hf_ntp_flags = -1;
469 static int hf_ntp_flags_li = -1;
470 static int hf_ntp_flags_vn = -1;
471 static int hf_ntp_flags_mode = -1;
472 static int hf_ntp_stratum = -1;
473 static int hf_ntp_ppoll = -1;
474 static int hf_ntp_precision = -1;
475 static int hf_ntp_rootdelay = -1;
476 static int hf_ntp_rootdispersion = -1;
477 static int hf_ntp_refid = -1;
478 static int hf_ntp_reftime = -1;
479 static int hf_ntp_org = -1;
480 static int hf_ntp_rec = -1;
481 static int hf_ntp_xmt = -1;
482 static int hf_ntp_keyid = -1;
483 static int hf_ntp_mac = -1;
484
485 static int hf_ntp_ext = -1;
486 static int hf_ntp_ext_flags = -1;
487 static int hf_ntp_ext_flags_r = -1;
488 static int hf_ntp_ext_flags_error = -1;
489 static int hf_ntp_ext_flags_vn = -1;
490 static int hf_ntp_ext_op = -1;
491 static int hf_ntp_ext_len = -1;
492 static int hf_ntp_ext_associd = -1;
493 static int hf_ntp_ext_tstamp = -1;
494 static int hf_ntp_ext_fstamp = -1;
495 static int hf_ntp_ext_vallen = -1;
496 static int hf_ntp_ext_val = -1;
497 static int hf_ntp_ext_siglen = -1;
498 static int hf_ntp_ext_sig = -1;
499
500 static int hf_ntpctrl_flags2 = -1;
501 static int hf_ntpctrl_flags2_r = -1;
502 static int hf_ntpctrl_flags2_error = -1;
503 static int hf_ntpctrl_flags2_more = -1;
504 static int hf_ntpctrl_flags2_opcode = -1;
505 static int hf_ntpctrl_sequence = -1;
506 static int hf_ntpctrl_status = -1;
507 static int hf_ntpctrl_error_status_word = -1;
508 static int hf_ntpctrl_sys_status_li = -1;
509 static int hf_ntpctrl_sys_status_clksrc = -1;
510 static int hf_ntpctrl_sys_status_count = -1;
511 static int hf_ntpctrl_sys_status_code = -1;
512 static int hf_ntpctrl_peer_status_b0 = -1;
513 static int hf_ntpctrl_peer_status_b1 = -1;
514 static int hf_ntpctrl_peer_status_b2 = -1;
515 static int hf_ntpctrl_peer_status_b3 = -1;
516 static int hf_ntpctrl_peer_status_b4 = -1;
517 static int hf_ntpctrl_peer_status_selection = -1;
518 static int hf_ntpctrl_peer_status_count = -1;
519 static int hf_ntpctrl_peer_status_code = -1;
520 static int hf_ntpctrl_clk_status = -1;
521 static int hf_ntpctrl_clk_status_code = -1;
522 static int hf_ntpctrl_associd = -1;
523 static int hf_ntpctrl_offset = -1;
524 static int hf_ntpctrl_count = -1;
525 static int hf_ntpctrl_data = -1;
526 static int hf_ntpctrl_item = -1;
527 static int hf_ntpctrl_trapmsg = -1;
528
529 static int hf_ntppriv_flags_r = -1;
530 static int hf_ntppriv_flags_more = -1;
531 static int hf_ntppriv_auth_seq = -1;
532 static int hf_ntppriv_auth = -1;
533 static int hf_ntppriv_seq = -1;
534 static int hf_ntppriv_impl = -1;
535 static int hf_ntppriv_reqcode = -1;
536
537 static gint ett_ntp = -1;
538 static gint ett_ntp_flags = -1;
539 static gint ett_ntp_ext = -1;
540 static gint ett_ntp_ext_flags = -1;
541 static gint ett_ntpctrl_flags2 = -1;
542 static gint ett_ntpctrl_status = -1;
543 static gint ett_ntpctrl_data = -1;
544 static gint ett_ntpctrl_item = -1;
545 static gint ett_ntppriv_auth_seq = -1;
546
547 static void dissect_ntp_std(tvbuff_t *, proto_tree *, guint8);
548 static void dissect_ntp_ctrl(tvbuff_t *, proto_tree *, guint8);
549 static void dissect_ntp_priv(tvbuff_t *, proto_tree *, guint8);
550 static int dissect_ntp_ext(tvbuff_t *, proto_tree *, int);
551
552 static const char *mon_names[12] = {
553 "Jan",
554 "Feb",
555 "Mar",
556 "Apr",
557 "May",
558 "Jun",
559 "Jul",
560 "Aug",
561 "Sep",
562 "Oct",
563 "Nov",
564 "Dec"
565 };
566
567
568 /* parser definitions */
569 static tvbparse_wanted_t* want;
570 static tvbparse_wanted_t* want_ignore;
571
572 /* NTP_BASETIME is in fact epoch - ntp_start_time */
573 #define NTP_BASETIME 2208988800ul
574 #define NTP_FLOAT_DENOM 4294967296.0
575 #define NTP_TS_SIZE 100
576
577 /* Modified tvb_ntp_fmt_ts
578 * tvb_mip6_fmt_ts - converts MIP6 timestamp to human readable string.
579 * Timestamp
580 *
581 * A 64-bit unsigned integer field containing a timestamp. The
582 * value indicates the number of seconds since January 1, 1970,
583 * 00:00 UTC, by using a fixed point format. In this format, the
584 * integer number of seconds is contained in the first 48 bits of
585 * the field, and the remaining 16 bits indicate the number of
586 * 1/65536 fractions of a second.
587 *
588 * TVB and an offset (IN).
589 * returns pointer to filled buffer. This buffer will be freed automatically once
590 * dissection of the next packet occurs.
591 */
592 const char *
593 tvb_mip6_fmt_ts(tvbuff_t *tvb, gint offset)
594 {
595 guint64 tempstmp;
596 guint32 tempfrac;
597 time_t temptime;
598 struct tm *bd;
599 double fractime;
600 char *buff;
601
602 tempstmp = tvb_get_ntoh48(tvb, offset);
603 tempfrac = tvb_get_ntohs(tvb, offset+6);
604 tempfrac <<= 16;
605 if ((tempstmp == 0) && (tempfrac == 0)) {
606 return "NULL";
607 }
608
609 temptime = (time_t)(tempstmp /*- (guint32) NTP_BASETIME*/);
610 bd = gmtime(&temptime);
611 if(!bd){
612 return "Not representable";
613 }
614
615 fractime = bd->tm_sec + tempfrac / NTP_FLOAT_DENOM;
616 buff=(char *)wmem_alloc(wmem_packet_scope(), NTP_TS_SIZE);
617 g_snprintf(buff, NTP_TS_SIZE,
618 "%s %2d, %d %02d:%02d:%07.4f UTC",
619 mon_names[bd->tm_mon],
620 bd->tm_mday,
621 bd->tm_year + 1900,
622 bd->tm_hour,
623 bd->tm_min,
624 fractime);
625 return buff;
626 }
627 /* tvb_ntp_fmt_ts - converts NTP timestamp to human readable string.
628 * TVB and an offset (IN).
629 * returns pointer to filled buffer. This buffer will be freed automatically once
630 * dissection of the next packet occurs.
631 */
632 const char *
633 tvb_ntp_fmt_ts(tvbuff_t *tvb, gint offset)
634 {
635 guint32 tempstmp, tempfrac;
636 time_t temptime;
637 struct tm *bd;
638 double fractime;
639 char *buff;
640
641 tempstmp = tvb_get_ntohl(tvb, offset);
642 tempfrac = tvb_get_ntohl(tvb, offset+4);
643 if ((tempstmp == 0) && (tempfrac == 0)) {
644 return "NULL";
645 }
646
647 /* We need a temporary variable here so the unsigned math
648 * works correctly (for years > 2036 according to RFC 2030
649 * chapter 3).
650 */
651 temptime = tempstmp - (guint32) NTP_BASETIME;
652 bd = gmtime(&temptime);
653 if(!bd){
654 return "Not representable";
655 }
656
657 fractime = bd->tm_sec + tempfrac / NTP_FLOAT_DENOM;
658 buff=(char *)wmem_alloc(wmem_packet_scope(), NTP_TS_SIZE);
659 g_snprintf(buff, NTP_TS_SIZE,
660 "%s %2d, %d %02d:%02d:%09.6f UTC",
661 mon_names[bd->tm_mon],
662 bd->tm_mday,
663 bd->tm_year + 1900,
664 bd->tm_hour,
665 bd->tm_min,
666 fractime);
667 return buff;
668 }
669
670 void
671 ntp_to_nstime(tvbuff_t *tvb, gint offset, nstime_t *nstime)
672 {
673 guint32 tempstmp;
674
675 /* We need a temporary variable here so the unsigned math
676 * works correctly (for years > 2036 according to RFC 2030
677 * chapter 3).
678 */
679 tempstmp = tvb_get_ntohl(tvb, offset);
680 if (tempstmp)
681 nstime->secs = tempstmp - (guint32)NTP_BASETIME;
682 else
683 nstime->secs = tempstmp; /* 0 */
684
685 nstime->nsecs = (int)(tvb_get_ntohl(tvb, offset+4)/(NTP_FLOAT_DENOM/1000000000.0));
686 }
687
688 /* dissect_ntp - dissects NTP packet data
689 * tvb - tvbuff for packet data (IN)
690 * pinfo - packet info
691 * proto_tree - resolved protocol tree
692 */
693 static void
694 dissect_ntp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
695 {
696 proto_tree *ntp_tree;
697 proto_item *ti = NULL;
698 guint8 flags;
699 void (*dissector)(tvbuff_t *, proto_item *, guint8);
700
701 col_set_str(pinfo->cinfo, COL_PROTOCOL, "NTP");
702
703 col_clear(pinfo->cinfo, COL_INFO);
704
705 flags = tvb_get_guint8(tvb, 0);
706 switch (flags & NTP_MODE_MASK) {
707 default:
708 dissector = dissect_ntp_std;
709 break;
710 case NTP_MODE_CTRL:
711 dissector = dissect_ntp_ctrl;
712 break;
713 case NTP_MODE_PRIV:
714 dissector = dissect_ntp_priv;
715 break;
716 }
717
718 /* Adding NTP item and subtree */
719 ti = proto_tree_add_item(tree, proto_ntp, tvb, 0, -1, ENC_NA);
720 ntp_tree = proto_item_add_subtree(ti, ett_ntp);
721
722 /* Show version and mode in info column and NTP root */
723 col_add_fstr(pinfo->cinfo, COL_INFO, "%s, %s",
724 val_to_str_const((flags & NTP_VN_MASK) >> 3, ver_nums,
725 "Unknown version"),
726 val_to_str_const(flags & NTP_MODE_MASK, info_mode_types, "Unknown"));
727
728 proto_item_append_text(ti, " (%s, %s)",
729 val_to_str_const((flags & NTP_VN_MASK) >> 3, ver_nums,
730 "Unknown version"),
731 val_to_str_const(flags & NTP_MODE_MASK, info_mode_types, "Unknown"));
732
733 /* Dissect according to mode */
734 (*dissector)(tvb, ntp_tree, flags);
735 }
736
737 static void
738 dissect_ntp_std(tvbuff_t *tvb, proto_tree *ntp_tree, guint8 flags)
739 {
740 proto_tree *flags_tree;
741 proto_item *tf;
742 guint8 stratum;
743 guint8 ppoll;
744 gint8 precision;
745 double rootdelay;
746 double rootdispersion;
747 guint32 refid_addr;
748 const gchar *buffc;
749 gchar *buff;
750 int i;
751 int macofs;
752 gint maclen;
753
754 tf = proto_tree_add_uint(ntp_tree, hf_ntp_flags, tvb, 0, 1, flags);
755
756 /* Adding flag subtree and items */
757 flags_tree = proto_item_add_subtree(tf, ett_ntp_flags);
758 proto_tree_add_uint(flags_tree, hf_ntp_flags_li, tvb, 0, 1, flags);
759 proto_tree_add_uint(flags_tree, hf_ntp_flags_vn, tvb, 0, 1, flags);
760 proto_tree_add_uint(flags_tree, hf_ntp_flags_mode, tvb, 0, 1, flags);
761
762 /* Stratum, 1byte field represents distance from primary source
763 */
764 stratum = tvb_get_guint8(tvb, 1);
765 if (stratum == 0) {
766 buffc="unspecified or invalid (%u)";
767 } else if (stratum == 1) {
768 buffc="primary reference (%u)";
769 } else if ((stratum >= 2) && (stratum <= 15)) {
770 buffc="secondary reference (%u)";
771 } else if (stratum == 16) {
772 buffc="unsynchronized (%u)";
773 } else {
774 buffc="reserved: %u";
775 }
776 proto_tree_add_uint_format_value(ntp_tree, hf_ntp_stratum, tvb, 1, 1,
777 stratum, buffc, stratum);
778 /* Poll interval, 1byte field indicating the maximum interval
779 * between successive messages, in seconds to the nearest
780 * power of two.
781 */
782 ppoll = tvb_get_guint8(tvb, 2);
783 if ((ppoll >= 4) && (ppoll <= 17)) {
784 proto_tree_add_uint_format_value(ntp_tree, hf_ntp_ppoll, tvb, 2, 1,
785 ppoll,
786 "%u (%u sec)",
787 ppoll,
788 1 << ppoll);
789 } else {
790 proto_tree_add_uint_format_value(ntp_tree, hf_ntp_ppoll, tvb, 2, 1,
791 ppoll,
792 "invalid (%u)",
793 ppoll);
794 }
795
796 /* Precision, 1byte field indicating the precision of the
797 * local clock, in seconds to the nearest power of two.
798 */
799 precision = tvb_get_guint8(tvb, 3);
800 proto_tree_add_int_format_value(ntp_tree, hf_ntp_precision, tvb, 3, 1,
801 precision,
802 "%8.6f sec",
803 pow(2, precision));
804
805 /* Root Delay is a 32-bit signed fixed-point number indicating
806 * the total roundtrip delay to the primary reference source,
807 * in seconds with fraction point between bits 15 and 16.
808 */
809 rootdelay = ((gint16)tvb_get_ntohs(tvb, 4)) +
810 (tvb_get_ntohs(tvb, 6) / 65536.0);
811 proto_tree_add_double_format_value(ntp_tree, hf_ntp_rootdelay, tvb, 4, 4,
812 rootdelay,
813 "%9.4f sec",
814 rootdelay);
815
816 /* Root Dispersion, 32-bit unsigned fixed-point number indicating
817 * the nominal error relative to the primary reference source, in
818 * seconds with fraction point between bits 15 and 16.
819 */
820 rootdispersion = ((gint16)tvb_get_ntohs(tvb, 8)) +
821 (tvb_get_ntohs(tvb, 10) / 65536.0);
822 proto_tree_add_double_format_value(ntp_tree, hf_ntp_rootdispersion, tvb, 8, 4,
823 rootdispersion,
824 "%9.4f sec",
825 rootdispersion);
826
827 /* Now, there is a problem with secondary servers. Standards
828 * asks from stratum-2 - stratum-15 servers to set this to the
829 * low order 32 bits of the latest transmit timestamp of the
830 * reference source.
831 * But, all V3 and V4 servers set this to IP address of their
832 * higher level server. My decision was to resolve this address.
833 */
834 buff = (gchar *)wmem_alloc(wmem_packet_scope(), NTP_TS_SIZE);
835 if (stratum <= 1) {
836 g_snprintf (buff, NTP_TS_SIZE, "Unidentified reference source '%.4s'",
837 tvb_get_string(wmem_packet_scope(), tvb, 12, 4));
838 for (i = 0; primary_sources[i].id; i++) {
839 if (tvb_memeql(tvb, 12, primary_sources[i].id, 4) == 0) {
840 g_snprintf(buff, NTP_TS_SIZE, "%s",
841 primary_sources[i].data);
842 break;
843 }
844 }
845 } else {
846 int buffpos;
847 refid_addr = tvb_get_ipv4(tvb, 12);
848 buffpos = g_snprintf(buff, NTP_TS_SIZE, "%s", get_hostname (refid_addr));
849 if (buffpos >= NTP_TS_SIZE) {
850 buff[NTP_TS_SIZE-4]='.';
851 buff[NTP_TS_SIZE-3]='.';
852 buff[NTP_TS_SIZE-2]='.';
853 buff[NTP_TS_SIZE-1]=0;
854 }
855 }
856 proto_tree_add_bytes_format_value(ntp_tree, hf_ntp_refid, tvb, 12, 4,
857 NULL, "%s", buff);
858
859 /* Reference Timestamp: This is the time at which the local clock was
860 * last set or corrected.
861 */
862 proto_tree_add_item(ntp_tree, hf_ntp_reftime, tvb, 16, 8, ENC_TIME_NTP|ENC_BIG_ENDIAN);
863
864 /* Originate Timestamp: This is the time at which the request departed
865 * the client for the server.
866 */
867 proto_tree_add_item(ntp_tree, hf_ntp_org, tvb, 24, 8, ENC_TIME_NTP|ENC_BIG_ENDIAN);
868
869 /* Receive Timestamp: This is the time at which the request arrived at
870 * the server.
871 */
872 proto_tree_add_item(ntp_tree, hf_ntp_rec, tvb, 32, 8, ENC_TIME_NTP|ENC_BIG_ENDIAN);
873
874 /* Transmit Timestamp: This is the time at which the reply departed the
875 * server for the client.
876 */
877 proto_tree_add_item(ntp_tree, hf_ntp_xmt, tvb, 40, 8, ENC_TIME_NTP|ENC_BIG_ENDIAN);
878
879 /* MAX_MAC_LEN is the largest message authentication code
880 * (MAC) length. If we have more data left in the packet
881 * after the header than that, the extra data is NTP4
882 * extensions; parse them as such.
883 */
884 macofs = 48;
885 while (tvb_reported_length_remaining(tvb, macofs) > (gint)MAX_MAC_LEN)
886 macofs = dissect_ntp_ext(tvb, ntp_tree, macofs);
887
888 /* When the NTP authentication scheme is implemented, the
889 * Key Identifier and Message Digest fields contain the
890 * message authentication code (MAC) information defined in
891 * Appendix C of RFC-1305. Will print this as hex code for now.
892 */
893 if (tvb_reported_length_remaining(tvb, macofs) >= 4)
894 proto_tree_add_item(ntp_tree, hf_ntp_keyid, tvb, macofs, 4,
895 ENC_NA);
896 macofs += 4;
897 maclen = tvb_reported_length_remaining(tvb, macofs);
898 if (maclen > 0)
899 proto_tree_add_item(ntp_tree, hf_ntp_mac, tvb, macofs,
900 maclen, ENC_NA);
901 }
902
903 static int
904 dissect_ntp_ext(tvbuff_t *tvb, proto_tree *ntp_tree, int offset)
905 {
906 proto_tree *ext_tree, *flags_tree;
907 proto_item *tf;
908 guint16 extlen;
909 int endoffset;
910 guint8 flags;
911 guint32 vallen, vallen_round, siglen;
912
913 extlen = tvb_get_ntohs(tvb, offset+2);
914 if (extlen < 8) {
915 /* Extension length isn't enough for the extension header.
916 * Report the error, and return an offset that goes to
917 * the end of the tvbuff, so we stop dissecting.
918 */
919 proto_tree_add_text(ntp_tree, tvb, offset+2, 2,
920 "Extension length %u < 8", extlen);
921 offset += tvb_length_remaining(tvb, offset);
922 return offset;
923 }
924 if (extlen % 4) {
925 /* Extension length isn't a multiple of 4.
926 * Report the error, and return an offset that goes
927 * to the end of the tvbuff, so we stop dissecting.
928 */
929 proto_tree_add_text(ntp_tree, tvb, offset+2, 2,
930 "Extension length %u isn't a multiple of 4",
931 extlen);
932 offset += tvb_length_remaining(tvb, offset);
933 return offset;
934 }
935 endoffset = offset + extlen;
936
937 tf = proto_tree_add_item(ntp_tree, hf_ntp_ext, tvb, offset, extlen,
938 ENC_NA);
939 ext_tree = proto_item_add_subtree(tf, ett_ntp_ext);
940
941 flags = tvb_get_guint8(tvb, offset);
942 tf = proto_tree_add_uint(ext_tree, hf_ntp_ext_flags, tvb, offset, 1,
943 flags);
944 flags_tree = proto_item_add_subtree(tf, ett_ntp_ext_flags);
945 proto_tree_add_uint(flags_tree, hf_ntp_ext_flags_r, tvb, offset, 1,
946 flags);
947 proto_tree_add_uint(flags_tree, hf_ntp_ext_flags_error, tvb, offset, 1,
948 flags);
949 proto_tree_add_uint(flags_tree, hf_ntp_ext_flags_vn, tvb, offset, 1,
950 flags);
951 offset++;
952
953 proto_tree_add_item(ext_tree, hf_ntp_ext_op, tvb, offset, 1, ENC_BIG_ENDIAN);
954 offset++;
955
956 proto_tree_add_uint(ext_tree, hf_ntp_ext_len, tvb, offset, 2, extlen);
957 offset += 2;
958
959 if ((flags & NTP_EXT_VN_MASK) != 2) {
960 /* don't care about autokey v1 */
961 return endoffset;
962 }
963
964 proto_tree_add_item(ext_tree, hf_ntp_ext_associd, tvb, offset, 4,
965 ENC_BIG_ENDIAN);
966 offset += 4;
967
968 /* check whether everything up to "vallen" is present */
969 if (extlen < MAX_MAC_LEN) {
970 /* XXX - report as error? */
971 return endoffset;
972 }
973
974 proto_tree_add_item(ext_tree, hf_ntp_ext_tstamp, tvb, offset, 4,
975 ENC_BIG_ENDIAN);
976 offset += 4;
977 proto_tree_add_item(ext_tree, hf_ntp_ext_fstamp, tvb, offset, 4,
978 ENC_BIG_ENDIAN);
979 offset += 4;
980 /* XXX fstamp can be server flags */
981
982 vallen = tvb_get_ntohl(tvb, offset);
983 proto_tree_add_uint(ext_tree, hf_ntp_ext_vallen, tvb, offset, 4,
984 vallen);
985 offset += 4;
986 vallen_round = (vallen + 3) & (-4);
987 if (vallen != 0) {
988 if ((guint32)(endoffset - offset) < vallen_round) {
989 /*
990 * Value goes past the length of the extension
991 * field.
992 */
993 proto_tree_add_text(ext_tree, tvb, offset,
994 endoffset - offset,
995 "Value length makes value go past the end of the extension field");
996 return endoffset;
997 }
998 proto_tree_add_item(ext_tree, hf_ntp_ext_val, tvb, offset,
999 vallen, ENC_NA);
1000 }
1001 offset += vallen_round;
1002
1003 siglen = tvb_get_ntohl(tvb, offset);
1004 proto_tree_add_uint(ext_tree, hf_ntp_ext_siglen, tvb, offset, 4,
1005 siglen);
1006 offset += 4;
1007 if (siglen != 0) {
1008 if (offset + (int)siglen > endoffset) {
1009 /*
1010 * Value goes past the length of the extension
1011 * field.
1012 */
1013 proto_tree_add_text(ext_tree, tvb, offset,
1014 endoffset - offset,
1015 "Signature length makes value go past the end of the extension field");
1016 return endoffset;
1017 }
1018 proto_tree_add_item(ext_tree, hf_ntp_ext_sig, tvb,
1019 offset, siglen, ENC_NA);
1020 }
1021 return endoffset;
1022 }
1023
1024 static void
1025 dissect_ntp_ctrl_peerstatus(tvbuff_t *tvb, proto_tree *status_tree, guint16 offset, guint16 status)
1026 {
1027 /*
1028 * dissect peer status word:
1029 * 1
1030 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1031 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1032 * | Status | Sel | Count | Code |
1033 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1034 */
1035 proto_tree_add_uint(status_tree, hf_ntpctrl_peer_status_b0, tvb, offset, 2, status);
1036 proto_tree_add_uint(status_tree, hf_ntpctrl_peer_status_b1, tvb, offset, 2, status);
1037 proto_tree_add_uint(status_tree, hf_ntpctrl_peer_status_b2, tvb, offset, 2, status);
1038 proto_tree_add_uint(status_tree, hf_ntpctrl_peer_status_b3, tvb, offset, 2, status);
1039 proto_tree_add_uint(status_tree, hf_ntpctrl_peer_status_b4, tvb, offset, 2, status);
1040 proto_tree_add_uint(status_tree, hf_ntpctrl_peer_status_selection, tvb, offset, 2, status);
1041 proto_tree_add_uint(status_tree, hf_ntpctrl_peer_status_count, tvb, offset, 2, status);
1042 proto_tree_add_uint(status_tree, hf_ntpctrl_peer_status_code, tvb, offset, 2, status);
1043 }
1044
1045 static void
1046 dissect_ntp_ctrl_systemstatus(tvbuff_t *tvb, proto_tree *status_tree, guint16 offset, guint16 status)
1047 {
1048 /*
1049 * dissect system status word:
1050 * 1
1051 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1052 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1053 * |LI | ClkSource | Count | Code |
1054 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1055 */
1056 proto_tree_add_uint(status_tree, hf_ntpctrl_sys_status_li, tvb, offset, 2, status);
1057 proto_tree_add_uint(status_tree, hf_ntpctrl_sys_status_clksrc, tvb, offset, 2, status);
1058 proto_tree_add_uint(status_tree, hf_ntpctrl_sys_status_count, tvb, offset, 2, status);
1059 proto_tree_add_uint(status_tree, hf_ntpctrl_sys_status_code, tvb, offset, 2, status);
1060 }
1061
1062 static void
1063 dissect_ntp_ctrl_errorstatus(tvbuff_t *tvb, proto_tree *status_tree, guint16 offset, guint16 status)
1064 {
1065 /*
1066 * if error bit is set: dissect error status word
1067 * 1
1068 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1069 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1070 * | Error Code | reserved |
1071 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1072 */
1073 proto_tree_add_uint(status_tree, hf_ntpctrl_error_status_word, tvb, offset, 2, status);
1074 }
1075
1076 static void
1077 dissect_ntp_ctrl_clockstatus(tvbuff_t *tvb, proto_tree *status_tree, guint16 offset, guint16 status)
1078 {
1079 /*
1080 * dissect clock status word:
1081 * 1
1082 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1083 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1084 * | Clock Status | Event Code |
1085 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1086 */
1087 proto_tree_add_uint(status_tree, hf_ntpctrl_clk_status, tvb, offset, 2, status);
1088 proto_tree_add_uint(status_tree, hf_ntpctrl_clk_status_code, tvb, offset, 2, status);
1089 }
1090
1091 static void
1092 dissect_ntp_ctrl(tvbuff_t *tvb, proto_tree *ntp_tree, guint8 flags)
1093 {
1094 proto_tree *flags_tree;
1095 proto_item *tf;
1096 guint8 flags2;
1097
1098 proto_tree *status_tree, *data_tree, *item_tree;
1099 proto_item *ts, *td, *ti;
1100 guint16 status;
1101 guint16 associd;
1102 guint16 datalen;
1103 guint16 data_offset;
1104
1105 tvbparse_t *tt;
1106 tvbparse_elem_t *element;
1107
1108 tf = proto_tree_add_uint(ntp_tree, hf_ntp_flags, tvb, 0, 1, flags);
1109
1110 /* Adding flag subtree and items */
1111 flags_tree = proto_item_add_subtree(tf, ett_ntp_flags);
1112 proto_tree_add_uint(flags_tree, hf_ntp_flags_li, tvb, 0, 1, flags);
1113 proto_tree_add_uint(flags_tree, hf_ntp_flags_vn, tvb, 0, 1, flags);
1114 proto_tree_add_uint(flags_tree, hf_ntp_flags_mode, tvb, 0, 1, flags);
1115
1116 flags2 = tvb_get_guint8(tvb, 1);
1117 tf = proto_tree_add_uint(ntp_tree, hf_ntpctrl_flags2, tvb, 1, 1, flags2);
1118 flags_tree = proto_item_add_subtree(tf, ett_ntpctrl_flags2);
1119 proto_tree_add_uint(flags_tree, hf_ntpctrl_flags2_r, tvb, 1, 1, flags2);
1120 proto_tree_add_uint(flags_tree, hf_ntpctrl_flags2_error, tvb, 1, 1, flags2);
1121 proto_tree_add_uint(flags_tree, hf_ntpctrl_flags2_more, tvb, 1, 1, flags2);
1122 proto_tree_add_uint(flags_tree, hf_ntpctrl_flags2_opcode, tvb, 1, 1, flags2);
1123
1124 proto_tree_add_uint(ntp_tree, hf_ntpctrl_sequence, tvb, 2, 2, tvb_get_ntohs(tvb, 2));
1125
1126 status = tvb_get_ntohs(tvb, 4);
1127 associd = tvb_get_ntohs(tvb, 6);
1128 ts = proto_tree_add_uint(ntp_tree, hf_ntpctrl_status, tvb, 4, 2, status);
1129 status_tree = proto_item_add_subtree(ts, ett_ntpctrl_status);
1130 /*
1131 * further processing of status is only necessary in server responses
1132 */
1133 if (flags2 & NTPCTRL_R_MASK) {
1134 if (flags2 & NTPCTRL_ERROR_MASK) {
1135 /* Check if this is an error response... */
1136 dissect_ntp_ctrl_errorstatus(tvb, status_tree, 4, status);
1137 } else {
1138 /* ...otherwise status word depends on OpCode */
1139 switch (flags2 & NTPCTRL_OP_MASK) {
1140 case NTPCTRL_OP_READSTAT:
1141 case NTPCTRL_OP_READVAR:
1142 case NTPCTRL_OP_WRITEVAR:
1143 case NTPCTRL_OP_ASYNCMSG:
1144 if (associd)
1145 dissect_ntp_ctrl_peerstatus(tvb, status_tree, 4, status);
1146 else
1147 dissect_ntp_ctrl_systemstatus(tvb, status_tree, 4, status);
1148 break;
1149 case NTPCTRL_OP_READCLOCK:
1150 case NTPCTRL_OP_WRITECLOCK:
1151 dissect_ntp_ctrl_clockstatus(tvb, status_tree, 4, status);
1152 break;
1153 case NTPCTRL_OP_SETTRAP:
1154 case NTPCTRL_OP_UNSETTRAP:
1155 break;
1156 }
1157 }
1158 }
1159 proto_tree_add_uint(ntp_tree, hf_ntpctrl_associd, tvb, 6, 2, associd);
1160 proto_tree_add_uint(ntp_tree, hf_ntpctrl_offset, tvb, 8, 2, tvb_get_ntohs(tvb, 8));
1161 datalen = tvb_get_ntohs(tvb, 10);
1162 proto_tree_add_uint(ntp_tree, hf_ntpctrl_count, tvb, 10, 2, datalen);
1163
1164 /*
1165 * dissect Data part of the NTP control message
1166 */
1167 if (datalen) {
1168 data_offset = 12;
1169 td = proto_tree_add_item(ntp_tree, hf_ntpctrl_data, tvb, data_offset, datalen, ENC_NA);
1170 data_tree = proto_item_add_subtree(td, ett_ntpctrl_data);
1171 switch(flags2 & NTPCTRL_OP_MASK) {
1172 case NTPCTRL_OP_READSTAT:
1173 if (!associd) {
1174 /*
1175 * if associd == 0 then data part contains a list of the form
1176 * <association identifier><status word>,
1177 */
1178 while(datalen) {
1179 ti = proto_tree_add_item(data_tree, hf_ntpctrl_item, tvb, data_offset, 4, ENC_NA);
1180 item_tree = proto_item_add_subtree(ti, ett_ntpctrl_item);
1181 proto_tree_add_uint(item_tree, hf_ntpctrl_associd, tvb, data_offset, 2, tvb_get_ntohs(tvb, data_offset));
1182 data_offset += 2;
1183 status = tvb_get_ntohs(tvb, data_offset);
1184 ts = proto_tree_add_uint(item_tree, hf_ntpctrl_status, tvb, data_offset, 2, status);
1185 status_tree = proto_item_add_subtree(ts, ett_ntpctrl_status);
1186 dissect_ntp_ctrl_peerstatus( tvb, status_tree, 4, status );
1187 data_offset += 2;
1188 datalen -= 4;
1189 }
1190 break;
1191 }
1192 /*
1193 * but if associd != 0,
1194 * then data part could be the same as if opcode is NTPCTRL_OP_READVAR
1195 * --> so, no "break" here!
1196 */
1197 case NTPCTRL_OP_READVAR:
1198 case NTPCTRL_OP_WRITEVAR:
1199 case NTPCTRL_OP_READCLOCK:
1200 case NTPCTRL_OP_WRITECLOCK:
1201 tt = tvbparse_init(tvb, data_offset, datalen, NULL, want_ignore);
1202 while( (element = tvbparse_get(tt, want)) != NULL ) {
1203 tvbparse_tree_add_elem(data_tree, element);
1204 }
1205 break;
1206 case NTPCTRL_OP_ASYNCMSG:
1207 proto_tree_add_item(data_tree, hf_ntpctrl_trapmsg, tvb, data_offset, datalen, ENC_ASCII|ENC_NA);
1208 break;
1209 /* these opcodes doesn't carry any data: NTPCTRL_OP_SETTRAP, NTPCTRL_OP_UNSETTRAP, NTPCTRL_OP_UNSPEC */
1210 }
1211 }
1212 }
1213
1214 /*
1215 * Initialize tvb-parser, which is used to dissect data part of NTP control
1216 * messages
1217 *
1218 * Here some constants are defined, which describes character groups used for
1219 * various purposes. These groups are then used to configure the two global
1220 * variables "want_ignore" and "want" that we use for dissection
1221 */
1222 static void
1223 init_parser(void)
1224 {
1225 /* specify what counts as character */
1226 tvbparse_wanted_t* want_identifier = tvbparse_chars(-1, 1, 0,
1227 "abcdefghijklmnopqrstuvwxyz-_ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789", NULL, NULL, NULL);
1228 /* this is the equal sign used in assignments */
1229 tvbparse_wanted_t* want_equalsign = tvbparse_chars(-1, 1, 0, "=", NULL, NULL, NULL);
1230 /* possible characters allowed for values */
1231 tvbparse_wanted_t* want_value = tvbparse_set_oneof(0, NULL, NULL, NULL,
1232 tvbparse_quoted(-1, NULL, NULL, tvbparse_shrink_token_cb, '\"', '\\'),
1233 tvbparse_quoted(-1, NULL, NULL, tvbparse_shrink_token_cb, '\'', '\\'),
1234 tvbparse_chars(-1, 1, 0, "abcdefghijklmnopqrstuvwxyz-_ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789 ", NULL, NULL, NULL),
1235 NULL);
1236 /* the following specifies an assignment of the form identifier=value */
1237 tvbparse_wanted_t* want_assignment = tvbparse_set_seq(-1, NULL, NULL, NULL,
1238 want_identifier,
1239 want_equalsign,
1240 want_value,
1241 NULL);
1242
1243 /* we ignore white space characters */
1244 want_ignore = tvbparse_chars(-1, 1, 0, ", \t\r\n", NULL, NULL, NULL);
1245 /* data part of control messages consists of either identifiers or assignments */
1246 want = tvbparse_set_oneof(-1, NULL, NULL, NULL,
1247 want_assignment,
1248 want_identifier,
1249 NULL);
1250 }
1251
1252 static void
1253 dissect_ntp_priv(tvbuff_t *tvb, proto_tree *ntp_tree, guint8 flags)
1254 {
1255 proto_tree *flags_tree;
1256 proto_item *tf;
1257 guint8 auth_seq, impl, reqcode;
1258
1259 tf = proto_tree_add_uint(ntp_tree, hf_ntp_flags, tvb, 0, 1, flags);
1260
1261 /* Adding flag subtree and items */
1262 flags_tree = proto_item_add_subtree(tf, ett_ntp_flags);
1263 proto_tree_add_uint(flags_tree, hf_ntppriv_flags_r, tvb, 0, 1, flags);
1264 proto_tree_add_uint(flags_tree, hf_ntppriv_flags_more, tvb, 0, 1,
1265 flags);
1266 proto_tree_add_uint(flags_tree, hf_ntp_flags_vn, tvb, 0, 1, flags);
1267 proto_tree_add_uint(flags_tree, hf_ntp_flags_mode, tvb, 0, 1, flags);
1268
1269 auth_seq = tvb_get_guint8(tvb, 1);
1270 tf = proto_tree_add_uint(ntp_tree, hf_ntppriv_auth_seq, tvb, 1, 1,
1271 auth_seq);
1272 flags_tree = proto_item_add_subtree(tf, ett_ntppriv_auth_seq);
1273 proto_tree_add_uint(flags_tree, hf_ntppriv_auth, tvb, 1, 1, auth_seq);
1274 proto_tree_add_uint(flags_tree, hf_ntppriv_seq, tvb, 1, 1, auth_seq);
1275
1276 impl = tvb_get_guint8(tvb, 2);
1277 proto_tree_add_uint(ntp_tree, hf_ntppriv_impl, tvb, 2, 1, impl);
1278
1279 reqcode = tvb_get_guint8(tvb, 3);
1280 proto_tree_add_uint(ntp_tree, hf_ntppriv_reqcode, tvb, 3, 1, reqcode);
1281 }
1282
1283 void
1284 proto_register_ntp(void)
1285 {
1286 static hf_register_info hf[] = {
1287 { &hf_ntp_flags, {
1288 "Flags", "ntp.flags", FT_UINT8, BASE_HEX,
1289 NULL, 0, "Flags (Leap/Version/Mode)", HFILL }},
1290 { &hf_ntp_flags_li, {
1291 "Leap Indicator", "ntp.flags.li", FT_UINT8, BASE_DEC,
1292 VALS(li_types), NTP_LI_MASK, "Warning of an impending leap second to be inserted or deleted in the last minute of the current month", HFILL }},
1293 { &hf_ntp_flags_vn, {
1294 "Version number", "ntp.flags.vn", FT_UINT8, BASE_DEC,
1295 VALS(ver_nums), NTP_VN_MASK, NULL, HFILL }},
1296 { &hf_ntp_flags_mode, {
1297 "Mode", "ntp.flags.mode", FT_UINT8, BASE_DEC,
1298 VALS(mode_types), NTP_MODE_MASK, NULL, HFILL }},
1299 { &hf_ntp_stratum, {
1300 "Peer Clock Stratum", "ntp.stratum", FT_UINT8, BASE_DEC,
1301 NULL, 0, NULL, HFILL }},
1302 { &hf_ntp_ppoll, {
1303 "Peer Polling Interval", "ntp.ppoll", FT_UINT8, BASE_DEC,
1304 NULL, 0, "Maximum interval between successive messages", HFILL }},
1305 { &hf_ntp_precision, {
1306 "Peer Clock Precision", "ntp.precision", FT_INT8, BASE_DEC,
1307 NULL, 0, "The precision of the system clock", HFILL }},
1308 { &hf_ntp_rootdelay, {
1309 "Root Delay", "ntp.rootdelay", FT_DOUBLE, BASE_NONE,
1310 NULL, 0, "Total round-trip delay to the reference clock", HFILL }},
1311 { &hf_ntp_rootdispersion, {
1312 "Root Dispersion", "ntp.rootdispersion", FT_DOUBLE, BASE_NONE,
1313 NULL, 0, "Total dispersion to the reference clock", HFILL }},
1314 { &hf_ntp_refid, {
1315 "Reference ID", "ntp.refid", FT_BYTES, BASE_NONE,
1316 NULL, 0, "Particular server or reference clock being used", HFILL }},
1317 { &hf_ntp_reftime, {
1318 "Reference Timestamp", "ntp.reftime", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC,
1319 NULL, 0, "Time when the system clock was last set or corrected", HFILL }},
1320 { &hf_ntp_org, {
1321 "Origin Timestamp", "ntp.org", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC,
1322 NULL, 0, "Time at the client when the request departed for the server", HFILL }},
1323 { &hf_ntp_rec, {
1324 "Receive Timestamp", "ntp.rec", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC,
1325 NULL, 0, "Time at the server when the request arrived from the client", HFILL }},
1326 { &hf_ntp_xmt, {
1327 "Transmit Timestamp", "ntp.xmt", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC,
1328 NULL, 0, "Time at the server when the response left for the client", HFILL }},
1329 { &hf_ntp_keyid, {
1330 "Key ID", "ntp.keyid", FT_BYTES, BASE_NONE,
1331 NULL, 0, NULL, HFILL }},
1332 { &hf_ntp_mac, {
1333 "Message Authentication Code", "ntp.mac", FT_BYTES, BASE_NONE,
1334 NULL, 0, NULL, HFILL }},
1335
1336 { &hf_ntp_ext, {
1337 "Extension", "ntp.ext", FT_NONE, BASE_NONE,
1338 NULL, 0, NULL, HFILL }},
1339 { &hf_ntp_ext_flags, {
1340 "Flags", "ntp.ext.flags", FT_UINT8, BASE_HEX,
1341 NULL, 0, "Flags (Response/Error/Version)", HFILL }},
1342 { &hf_ntp_ext_flags_r, {
1343 "Response bit", "ntp.ext.flags.r", FT_UINT8, BASE_DEC,
1344 VALS(ext_r_types), NTP_EXT_R_MASK, NULL, HFILL }},
1345 { &hf_ntp_ext_flags_error, {
1346 "Error bit", "ntp.ext.flags.error", FT_UINT8, BASE_DEC,
1347 NULL, NTP_EXT_ERROR_MASK, NULL, HFILL }},
1348 { &hf_ntp_ext_flags_vn, {
1349 "Version", "ntp.ext.flags.vn", FT_UINT8, BASE_DEC,
1350 NULL, NTP_EXT_VN_MASK, NULL, HFILL }},
1351 { &hf_ntp_ext_op, {
1352 "Opcode", "ntp.ext.op", FT_UINT8, BASE_DEC,
1353 VALS(ext_op_types), 0, NULL, HFILL }},
1354 { &hf_ntp_ext_len, {
1355 "Extension length", "ntp.ext.len", FT_UINT16, BASE_DEC,
1356 NULL, 0, NULL, HFILL }},
1357 { &hf_ntp_ext_associd, {
1358 "Association ID", "ntp.ext.associd", FT_UINT32, BASE_DEC,
1359 NULL, 0, NULL, HFILL }},
1360 { &hf_ntp_ext_tstamp, {
1361 "Timestamp", "ntp.ext.tstamp", FT_UINT32, BASE_HEX,
1362 NULL, 0, NULL, HFILL }},
1363 { &hf_ntp_ext_fstamp, {
1364 "File Timestamp", "ntp.ext.fstamp", FT_UINT32, BASE_HEX,
1365 NULL, 0, NULL, HFILL }},
1366 { &hf_ntp_ext_vallen, {
1367 "Value length", "ntp.ext.vallen", FT_UINT32, BASE_DEC,
1368 NULL, 0, NULL, HFILL }},
1369 { &hf_ntp_ext_val, {
1370 "Value", "ntp.ext.val", FT_BYTES, BASE_NONE,
1371 NULL, 0, NULL, HFILL }},
1372 { &hf_ntp_ext_siglen, {
1373 "Signature length", "ntp.ext.siglen", FT_UINT32, BASE_DEC,
1374 NULL, 0, NULL, HFILL }},
1375 { &hf_ntp_ext_sig, {
1376 "Signature", "ntp.ext.sig", FT_BYTES, BASE_NONE,
1377 NULL, 0, NULL, HFILL }},
1378
1379 { &hf_ntpctrl_flags2, {
1380 "Flags 2", "ntp.ctrl.flags2", FT_UINT8, BASE_HEX,
1381 NULL, 0, "Flags (Response/Error/More/Opcode)", HFILL }},
1382 { &hf_ntpctrl_flags2_r, {
1383 "Response bit", "ntp.ctrl.flags2.r", FT_UINT8, BASE_DEC,
1384 VALS(ctrl_r_types), NTPCTRL_R_MASK, NULL, HFILL }},
1385 { &hf_ntpctrl_flags2_error, {
1386 "Error bit", "ntp.ctrl.flags2.error", FT_UINT8, BASE_DEC,
1387 NULL, NTPCTRL_ERROR_MASK, NULL, HFILL }},
1388 { &hf_ntpctrl_flags2_more, {
1389 "More bit", "ntp.ctrl.flags2.more", FT_UINT8, BASE_DEC,
1390 NULL, NTPCTRL_MORE_MASK, NULL, HFILL }},
1391 { &hf_ntpctrl_flags2_opcode, {
1392 "Opcode", "ntp.ctrl.flags2.opcode", FT_UINT8, BASE_DEC,
1393 VALS(ctrl_op_types), NTPCTRL_OP_MASK, NULL, HFILL }},
1394 { &hf_ntpctrl_sequence, {
1395 "Sequence", "ntp.ctrl.sequence", FT_UINT16, BASE_DEC,
1396 NULL, 0, NULL, HFILL }},
1397 { &hf_ntpctrl_status, {
1398 "Status", "ntp.ctrl.status", FT_UINT16, BASE_DEC,
1399 NULL, 0, NULL, HFILL }},
1400 { &hf_ntpctrl_error_status_word, {
1401 "Error Status Word", "ntp.ctrl.err_status", FT_UINT16, BASE_DEC,
1402 VALS(ctrl_err_status_types), NTP_CTRL_ERRSTATUS_CODE_MASK, NULL, HFILL }},
1403 { &hf_ntpctrl_sys_status_li, {
1404 "Leap Indicator", "ntp.ctrl.sys_status.li", FT_UINT16, BASE_DEC,
1405 VALS(li_types), NTPCTRL_SYSSTATUS_LI_MASK, "Warning of an impending leap second to be inserted or deleted in the last minute of the current month", HFILL }},
1406 { &hf_ntpctrl_sys_status_clksrc, {
1407 "Clock Source", "ntp.ctrl.sys_status.clksrc", FT_UINT16, BASE_DEC,
1408 VALS(ctrl_sys_status_clksource_types), NTPCTRL_SYSSTATUS_CLK_MASK, NULL, HFILL }},
1409 { &hf_ntpctrl_sys_status_count, {
1410 "System Event Counter", "ntp.ctrl.sys_status.count", FT_UINT16, BASE_DEC,
1411 NULL, NTPCTRL_SYSSTATUS_COUNT_MASK, NULL, HFILL }},
1412 { &hf_ntpctrl_sys_status_code, {
1413 "System Event Code", "ntp.ctrl.sys_status.code", FT_UINT16, BASE_DEC,
1414 VALS(ctrl_sys_status_event_types), NTPCTRL_SYSSTATUS_CODE_MASK, NULL, HFILL }},
1415 { &hf_ntpctrl_peer_status_b0, {
1416 "Peer Status", "ntp.ctrl.peer_status.config", FT_UINT16, BASE_DEC,
1417 VALS(ctrl_peer_status_config_types), NTPCTRL_PEERSTATUS_CONFIG_MASK, NULL, HFILL }},
1418 { &hf_ntpctrl_peer_status_b1, {
1419 "Peer Status", "ntp.ctrl.peer_status.authenable", FT_UINT16, BASE_DEC,
1420 VALS(ctrl_peer_status_authenable_types), NTPCTRL_PEERSTATUS_AUTHENABLE_MASK, NULL, HFILL }},
1421 { &hf_ntpctrl_peer_status_b2, {
1422 "Peer Status", "ntp.ctrl.peer_status.authentic", FT_UINT16, BASE_DEC,
1423 VALS(ctrl_peer_status_authentic_types), NTPCTRL_PEERSTATUS_AUTHENTIC_MASK, NULL, HFILL }},
1424 { &hf_ntpctrl_peer_status_b3, {
1425 "Peer Status", "ntp.ctrl.peer_status.reach", FT_UINT16, BASE_DEC,
1426 VALS(ctrl_peer_status_reach_types), NTPCTRL_PEERSTATUS_REACH_MASK, NULL, HFILL }},
1427 { &hf_ntpctrl_peer_status_b4, {
1428 "Peer Status: reserved", "ntp.ctrl.peer_status.reserved", FT_UINT16, BASE_DEC,
1429 NULL, NTPCTRL_PEERSTATUS_RESERVED_MASK, NULL, HFILL }},
1430 { &hf_ntpctrl_peer_status_selection, {
1431 "Peer Selection", "ntp.ctrl.peer_status.selection", FT_UINT16, BASE_DEC,
1432 VALS(ctrl_peer_status_selection_types), NTPCTRL_PEERSTATUS_SEL_MASK, NULL, HFILL }},
1433 { &hf_ntpctrl_peer_status_count, {
1434 "Peer Event Counter", "ntp.ctrl.peer_status.count", FT_UINT16, BASE_DEC,
1435 NULL, NTPCTRL_PEERSTATUS_COUNT_MASK, NULL, HFILL }},
1436 { &hf_ntpctrl_peer_status_code, {
1437 "Peer Event Code", "ntp.ctrl.peer_status.code", FT_UINT16, BASE_DEC,
1438 VALS(ctrl_peer_status_event_types), NTPCTRL_PEERSTATUS_CODE_MASK, NULL, HFILL }},
1439 { &hf_ntpctrl_clk_status, {
1440 "Clock Status", "ntp.ctrl.clock_status.status", FT_UINT16, BASE_DEC,
1441 VALS(ctrl_clk_status_types), NTPCTRL_CLKSTATUS_STATUS_MASK, NULL, HFILL }},
1442 { &hf_ntpctrl_clk_status_code, {
1443 "Clock Event Code", "ntp.ctrl.clock_status.code", FT_UINT16, BASE_DEC,
1444 NULL, NTPCTRL_CLKSTATUS_CODE_MASK, NULL, HFILL }},
1445 { &hf_ntpctrl_data, {
1446 "Data", "ntp.ctrl.data", FT_NONE, BASE_NONE,
1447 NULL, 0, NULL, HFILL }},
1448 { &hf_ntpctrl_item, {
1449 "Item", "ntp.ctrl.item", FT_NONE, BASE_NONE,
1450 NULL, 0, NULL, HFILL }},
1451 { &hf_ntpctrl_associd, {
1452 "AssociationID", "ntp.ctrl.associd", FT_UINT16, BASE_DEC,
1453 NULL, 0, NULL, HFILL }},
1454 { &hf_ntpctrl_offset, {
1455 "Offset", "ntp.ctrl.offset", FT_UINT16, BASE_DEC,
1456 NULL, 0, NULL, HFILL }},
1457 { &hf_ntpctrl_count, {
1458 "Count", "ntp.ctrl.count", FT_UINT16, BASE_DEC,
1459 NULL, 0, NULL, HFILL }},
1460 { &hf_ntpctrl_trapmsg, {
1461 "Trap message", "ntp.ctrl.trapmsg", FT_STRING, BASE_NONE,
1462 NULL, 0, NULL, HFILL }},
1463
1464 { &hf_ntppriv_flags_r, {
1465 "Response bit", "ntp.priv.flags.r", FT_UINT8, BASE_DEC,
1466 VALS(priv_r_types), NTPPRIV_R_MASK, NULL, HFILL }},
1467 { &hf_ntppriv_flags_more, {
1468 "More bit", "ntp.priv.flags.more", FT_UINT8, BASE_DEC,
1469 NULL, NTPPRIV_MORE_MASK, NULL, HFILL }},
1470 { &hf_ntppriv_auth_seq, {
1471 "Auth, sequence", "ntp.priv.auth_seq", FT_UINT8, BASE_DEC,
1472 NULL, 0, "Auth bit, sequence number", HFILL }},
1473 { &hf_ntppriv_auth, {
1474 "Auth bit", "ntp.priv.auth", FT_UINT8, BASE_DEC,
1475 NULL, NTPPRIV_AUTH_MASK, NULL, HFILL }},
1476 { &hf_ntppriv_seq, {
1477 "Sequence number", "ntp.priv.seq", FT_UINT8, BASE_DEC,
1478 NULL, NTPPRIV_SEQ_MASK, NULL, HFILL }},
1479 { &hf_ntppriv_impl, {
1480 "Implementation", "ntp.priv.impl", FT_UINT8, BASE_DEC,
1481 VALS(priv_impl_types), 0, NULL, HFILL }},
1482 { &hf_ntppriv_reqcode, {
1483 "Request code", "ntp.priv.reqcode", FT_UINT8, BASE_DEC,
1484 VALS(priv_rc_types), 0, NULL, HFILL }}
1485 };
1486 static gint *ett[] = {
1487 &ett_ntp,
1488 &ett_ntp_flags,
1489 &ett_ntp_ext,
1490 &ett_ntp_ext_flags,
1491 &ett_ntpctrl_flags2,
1492 &ett_ntpctrl_status,
1493 &ett_ntpctrl_data,
1494 &ett_ntpctrl_item,
1495 &ett_ntppriv_auth_seq
1496 };
1497
1498 proto_ntp = proto_register_protocol("Network Time Protocol", "NTP",
1499 "ntp");
1500 proto_register_field_array(proto_ntp, hf, array_length(hf));
1501 proto_register_subtree_array(ett, array_length(ett));
1502
1503 init_parser();
1504 }
1505
1506 void
1507 proto_reg_handoff_ntp(void)
1508 {
1509 dissector_handle_t ntp_handle;
1510
1511 ntp_handle = create_dissector_handle(dissect_ntp, proto_ntp);
1512 dissector_add_uint("udp.port", UDP_PORT_NTP, ntp_handle);
1513 dissector_add_uint("tcp.port", TCP_PORT_NTP, ntp_handle);
1514 }