Nathan Neulinger's NTP dissector.
svn path=/trunk/; revision=828
This commit is contained in:
parent
810a67a6d0
commit
5ed4011c30
1
AUTHORS
1
AUTHORS
|
@ -140,6 +140,7 @@ Christophe Tronche <ch.tronche@computer.org> {
|
|||
|
||||
Nathan Neulinger <nneul@umr.edu> {
|
||||
Yahoo messenger and pager protocol support
|
||||
NTP (Network Time Protocol) support
|
||||
}
|
||||
|
||||
Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Makefile.am
|
||||
# Automake file for Ethereal
|
||||
#
|
||||
# $Id: Makefile.am,v 1.84 1999/10/14 03:50:26 itojun Exp $
|
||||
# $Id: Makefile.am,v 1.85 1999/10/14 05:10:31 guy Exp $
|
||||
#
|
||||
# Ethereal - Network traffic analyzer
|
||||
# By Gerald Combs <gerald@zing.org>
|
||||
|
@ -93,6 +93,8 @@ ethereal_SOURCES = \
|
|||
packet-netbios.c \
|
||||
packet-netbios.h \
|
||||
packet-nntp.c \
|
||||
packet-ntp.c \
|
||||
packet-ntp.h \
|
||||
packet-null.c \
|
||||
packet-osi.c \
|
||||
packet-ospf.c \
|
||||
|
|
|
@ -0,0 +1,150 @@
|
|||
/* packet-ntp.c
|
||||
* Routines for NTP packet dissection
|
||||
* Copyright 1999, Nathan Neulinger <nneul@umr.edu>
|
||||
*
|
||||
* $Id: packet-ntp.c,v 1.1 1999/10/14 05:10:30 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@unicom.net>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* Copied from packet-tftp.c
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#ifdef HAVE_SYS_TYPES_H
|
||||
# include <sys/types.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_NETINET_IN_H
|
||||
# include <netinet/in.h>
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
#include <glib.h>
|
||||
#include "packet.h"
|
||||
#include "packet-ntp.h"
|
||||
|
||||
static int proto_ntp = -1;
|
||||
static int hf_ntp_flags = -1;
|
||||
static int hf_ntp_stratum = -1;
|
||||
static int hf_ntp_ppoll = -1;
|
||||
static int hf_ntp_precision = -1;
|
||||
static int hf_ntp_rootdelay = -1;
|
||||
static int hf_ntp_rootdispersion = -1;
|
||||
static int hf_ntp_refid = -1;
|
||||
static int hf_ntp_reftime = -1;
|
||||
static int hf_ntp_org = -1;
|
||||
static int hf_ntp_rec = -1;
|
||||
static int hf_ntp_xmt = -1;
|
||||
static int hf_ntp_keyid = -1;
|
||||
static int hf_ntp_mac = -1;
|
||||
|
||||
void
|
||||
dissect_ntp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
|
||||
{
|
||||
proto_tree *ntp_tree, *ti;
|
||||
struct ntp_packet *pkt;
|
||||
|
||||
/* get at least a full packet structure */
|
||||
if ( !BYTES_ARE_IN_FRAME(offset, 48) ) /* 48 without keyid or mac */
|
||||
return;
|
||||
|
||||
pkt = (struct ntp_packet *) &pd[offset];
|
||||
|
||||
if (check_col(fd, COL_PROTOCOL))
|
||||
col_add_str(fd, COL_PROTOCOL, "NTP");
|
||||
|
||||
if (check_col(fd, COL_INFO))
|
||||
col_add_str(fd, COL_INFO, "NTP");
|
||||
|
||||
if (tree) {
|
||||
ti = proto_tree_add_item(tree, proto_ntp, offset, END_OF_FRAME, NULL);
|
||||
ntp_tree = proto_item_add_subtree(ti, ETT_NTP);
|
||||
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_flags, offset, 1, pkt->flags);
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_stratum, offset+1, 1, pkt->stratum);
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_ppoll, offset+2, 1, pkt->ppoll);
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_precision, offset+3, 1, pkt->precision);
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_rootdelay, offset+4, 4, pkt->rootdelay);
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_rootdispersion, offset+8, 4, pkt->rootdispersion);
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_refid, offset+12, 4, pkt->refid);
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_reftime, offset+16, 8, pkt->reftime);
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_org, offset+24, 8, pkt->org);
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_rec, offset+32, 8, pkt->rec);
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_xmt, offset+40, 8, pkt->xmt);
|
||||
|
||||
if ( BYTES_ARE_IN_FRAME(offset, 50) )
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_keyid, offset+48, 4, pkt->keyid);
|
||||
if ( BYTES_ARE_IN_FRAME(offset, 53) )
|
||||
proto_tree_add_item(ntp_tree, hf_ntp_mac, offset+52, END_OF_FRAME, pkt->mac);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
proto_register_ntp(void)
|
||||
{
|
||||
static hf_register_info hf[] = {
|
||||
{ &hf_ntp_flags, {
|
||||
"Flags", "ntp.flags", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Flags (Leap/Version/Mode)" }},
|
||||
{ &hf_ntp_stratum, {
|
||||
"Peer Clock Stratum", "ntp.stratum", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Peer Clock Stratum" }},
|
||||
{ &hf_ntp_ppoll, {
|
||||
"Peer Polling Interval", "ntp.ppoll", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Peer Polling Interval" }},
|
||||
{ &hf_ntp_precision, {
|
||||
"Peer Clock Precision", "ntp.precision", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Peer Clock Precision" }},
|
||||
{ &hf_ntp_rootdelay, {
|
||||
"Distance to Primary", "ntp.rootdelay", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Distance to Primary" }},
|
||||
{ &hf_ntp_rootdispersion, {
|
||||
"Clock Dispersion", "ntp.rootdispersion", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Clock Dispersion" }},
|
||||
{ &hf_ntp_refid, {
|
||||
"Reference Clock ID", "ntp.refid", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Reference Clock ID" }},
|
||||
{ &hf_ntp_reftime, {
|
||||
"Reference Clock Update Time", "ntp.reftime", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Reference Clock Update Time" }},
|
||||
{ &hf_ntp_org, {
|
||||
"Originate Time Stamp", "ntp.org", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Originate Time Stamp" }},
|
||||
{ &hf_ntp_rec, {
|
||||
"Receive Time Stamp", "ntp.rec", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Receive Time Stamp" }},
|
||||
{ &hf_ntp_xmt, {
|
||||
"Transmit Time Stamp", "ntp.xmt", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Transmit Time Stamp" }},
|
||||
{ &hf_ntp_keyid, {
|
||||
"Key ID", "ntp.keyid", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Key ID" }},
|
||||
{ &hf_ntp_mac, {
|
||||
"Message Authentication Code", "ntp.mac", FT_BYTES, BASE_HEX,
|
||||
NULL, 0, "Message Authentication Code" }},
|
||||
};
|
||||
|
||||
proto_ntp = proto_register_protocol("Network Time Protocol", "ntp");
|
||||
proto_register_field_array(proto_ntp, hf, array_length(hf));
|
||||
}
|
|
@ -0,0 +1,71 @@
|
|||
/* packet-ntp.h
|
||||
* Definitions for packet disassembly structures and routines
|
||||
*
|
||||
* $Id: packet-ntp.h,v 1.1 1999/10/14 05:10:30 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
* Copyright 1998 Gerald Combs
|
||||
* Joerg Mayer <jmayer@telemation.de>
|
||||
*
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/* This is from yahoolib.h from gtkyahoo */
|
||||
|
||||
#ifndef PACKET_NTP_H
|
||||
#define PACKET_NTP_H
|
||||
|
||||
/* packet structure based on one in xntp package */
|
||||
/* to satisfy it's requirements, even though the code isn't copied
|
||||
directly: */
|
||||
|
||||
/***********************************************************************
|
||||
* *
|
||||
* Copyright (c) David L. Mills 1992, 1993, 1994, 1995, 1996 *
|
||||
* *
|
||||
* Permission to use, copy, modify, and distribute this software and *
|
||||
* its documentation for any purpose and without fee is hereby *
|
||||
* granted, provided that the above copyright notice appears in all *
|
||||
* copies and that both the copyright notice and this permission *
|
||||
* notice appear in supporting documentation, and that the name *
|
||||
* University of Delaware not be used in advertising or publicity *
|
||||
* pertaining to distribution of the software without specific, *
|
||||
* written prior permission. The University of Delaware makes no *
|
||||
* representations about the suitability this software for any *
|
||||
* purpose. It is provided "as is" without express or implied *
|
||||
* warranty. *
|
||||
**********************************************************************/
|
||||
|
||||
struct ntp_packet
|
||||
{
|
||||
unsigned char flags[1]; /* leap indicator, version and mode */ /* 0 */
|
||||
unsigned char stratum[1]; /* peer's stratum */
|
||||
unsigned char ppoll[1]; /* the peer polling interval */
|
||||
char precision[1]; /* peer clock precision */
|
||||
unsigned char rootdelay[4]; /* distance to primary clock */ /* 4 */
|
||||
unsigned char rootdispersion[4]; /* clock dispersion */ /* 8 */
|
||||
unsigned char refid[4]; /* reference clock ID */ /* 12-15 */
|
||||
unsigned char reftime[8]; /* time peer clock was last updated */ /* 16-23 */
|
||||
unsigned char org[8]; /* originate time stamp */ /* 24 */
|
||||
unsigned char rec[8]; /* receive time stamp */ /* 32 */
|
||||
unsigned char xmt[8]; /* transmit time stamp */
|
||||
unsigned char keyid[4]; /* key identification */ /* 48 */
|
||||
unsigned char mac[16]; /* message-authentication code */ /* 52 - 60 */
|
||||
/* can also be 16, if MD5 instead of DES */
|
||||
};
|
||||
|
||||
#endif
|
|
@ -1,7 +1,7 @@
|
|||
/* packet-tcp.c
|
||||
* Routines for TCP packet disassembly
|
||||
*
|
||||
* $Id: packet-tcp.c,v 1.35 1999/10/14 01:28:26 guy Exp $
|
||||
* $Id: packet-tcp.c,v 1.36 1999/10/14 05:10:30 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -76,6 +76,7 @@ int hf_tcp_ack = -1;
|
|||
#define TCP_PORT_HTTP 80
|
||||
#define TCP_PORT_POP 110
|
||||
#define TCP_PORT_NNTP 119
|
||||
#define TCP_PORT_NTP 123
|
||||
#define TCP_PORT_NBSS 139
|
||||
#define TCP_PORT_PRINTER 515
|
||||
#define TCP_ALT_PORT_HTTP 8080
|
||||
|
@ -487,6 +488,9 @@ dissect_tcp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
|
|||
} else if (PORT_IS(TCP_PORT_NNTP)) {
|
||||
pi.match_port = TCP_PORT_NNTP;
|
||||
dissect_nntp(pd, offset, fd, tree);
|
||||
} else if (PORT_IS(TCP_PORT_NTP)) {
|
||||
pi.match_port = TCP_PORT_NTP;
|
||||
dissect_ntp(pd, offset, fd, tree);
|
||||
} else if (PORT_IS(TCP_PORT_PPTP)) {
|
||||
pi.match_port = TCP_PORT_PPTP;
|
||||
dissect_pptp(pd, offset, fd, tree);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/* packet-udp.c
|
||||
* Routines for UDP packet disassembly
|
||||
*
|
||||
* $Id: packet-udp.c,v 1.27 1999/10/12 23:12:03 guy Exp $
|
||||
* $Id: packet-udp.c,v 1.28 1999/10/14 05:10:32 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -66,6 +66,7 @@ typedef struct _e_udphdr {
|
|||
#define UDP_PORT_BOOTPS 67
|
||||
#define UDP_PORT_TFTP 69
|
||||
#define UDP_PORT_IPX 213
|
||||
#define UDP_PORT_NTP 123
|
||||
#define UDP_PORT_NBNS 137
|
||||
#define UDP_PORT_NBDGM 138
|
||||
#define UDP_PORT_SNMP 161
|
||||
|
@ -238,6 +239,8 @@ dissect_udp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
|
|||
dissect_nbns(pd, offset, fd, tree);
|
||||
else if (PORT_IS(UDP_PORT_NBDGM))
|
||||
dissect_nbdgm(pd, offset, fd, tree);
|
||||
else if (PORT_IS(UDP_PORT_NTP))
|
||||
dissect_ntp(pd, offset, fd, tree);
|
||||
else if (PORT_IS(UDP_PORT_IPX)) /* RFC 1234 */
|
||||
dissect_ipx(pd, offset, fd, tree);
|
||||
#if defined(HAVE_UCD_SNMP_SNMP_H) || defined(HAVE_SNMP_SNMP_H)
|
||||
|
|
5
packet.h
5
packet.h
|
@ -1,7 +1,7 @@
|
|||
/* packet.h
|
||||
* Definitions for packet disassembly structures and routines
|
||||
*
|
||||
* $Id: packet.h,v 1.108 1999/10/14 03:50:31 itojun Exp $
|
||||
* $Id: packet.h,v 1.109 1999/10/14 05:10:33 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -270,6 +270,8 @@ enum {
|
|||
ETT_TELNET,
|
||||
ETT_TELNET_SUBOPT,
|
||||
ETT_NNTP,
|
||||
ETT_NTP,
|
||||
ETT_NTP_FLAGS,
|
||||
ETT_SNMP,
|
||||
ETT_NBSS,
|
||||
ETT_NBSS_FLAGS,
|
||||
|
@ -489,6 +491,7 @@ void dissect_nbns(const u_char *, int, frame_data *, proto_tree *);
|
|||
void dissect_nbss(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_ncp(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_nntp(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_ntp(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_nwlink_dg(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_osi(const u_char *, int, frame_data *, proto_tree *);
|
||||
void dissect_ospf(const u_char *, int, frame_data *, proto_tree *);
|
||||
|
|
4
proto.c
4
proto.c
|
@ -1,7 +1,7 @@
|
|||
/* proto.c
|
||||
* Routines for protocol tree
|
||||
*
|
||||
* $Id: proto.c,v 1.41 1999/10/14 01:28:29 guy Exp $
|
||||
* $Id: proto.c,v 1.42 1999/10/14 05:10:32 guy Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@zing.org>
|
||||
|
@ -138,6 +138,7 @@ void proto_register_nbt(void);
|
|||
void proto_register_ncp(void);
|
||||
void proto_register_netbios(void);
|
||||
void proto_register_nntp(void);
|
||||
void proto_register_ntp(void);
|
||||
void proto_register_null(void);
|
||||
void proto_register_ospf(void);
|
||||
void proto_register_pim(void);
|
||||
|
@ -256,6 +257,7 @@ proto_init(void)
|
|||
proto_register_ncp();
|
||||
proto_register_netbios();
|
||||
proto_register_nntp();
|
||||
proto_register_ntp();
|
||||
proto_register_null();
|
||||
proto_register_ospf();
|
||||
proto_register_pim();
|
||||
|
|
Loading…
Reference in New Issue