Nathan Neulinger's NTP dissector.

svn path=/trunk/; revision=828
1999-10-14 05:10:33 +00:00 · 1999-10-14 05:10:33 +00:00 · 5ed4011c30
parent 810a67a6d0
commit 5ed4011c30
8 changed files with 241 additions and 5 deletions
--- a/1
+++ b/1
@ -140,6 +140,7 @@ Christophe Tronche <ch.tronche@computer.org> {

 Nathan Neulinger <nneul@umr.edu> {
 	Yahoo messenger and pager protocol support
+	NTP (Network Time Protocol) support
 }

 Alain Magloire <alainm@rcsm.ece.mcgill.ca> was kind enough to
--- a/Makefile.am
+++ b/Makefile.am
@ -1,7 +1,7 @@
 # Makefile.am
 # Automake file for Ethereal
 #
-# $Id: Makefile.am,v 1.84 1999/10/14 03:50:26 itojun Exp $
+# $Id: Makefile.am,v 1.85 1999/10/14 05:10:31 guy Exp $
 #
 # Ethereal - Network traffic analyzer
 # By Gerald Combs <gerald@zing.org>
@ -93,6 +93,8 @@ ethereal_SOURCES = \
 	packet-netbios.c \
 	packet-netbios.h \
 	packet-nntp.c  \
+	packet-ntp.c  \
+	packet-ntp.h  \
 	packet-null.c  \
 	packet-osi.c   \
 	packet-ospf.c  \
--- a/packet-ntp.c
+++ b/packet-ntp.c
@ -0,0 +1,150 @@
+/* packet-ntp.c
+ * Routines for NTP packet dissection
+ * Copyright 1999, Nathan Neulinger <nneul@umr.edu>
+ *
+ * $Id: packet-ntp.c,v 1.1 1999/10/14 05:10:30 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@unicom.net>
+ * Copyright 1998 Gerald Combs
+ *
+ * Copied from packet-tftp.c
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
+
+#include <string.h>
+#include <glib.h>
+#include "packet.h"
+#include "packet-ntp.h"
+
+static int proto_ntp = -1;
+static int hf_ntp_flags = -1;
+static int hf_ntp_stratum = -1;
+static int hf_ntp_ppoll = -1;
+static int hf_ntp_precision = -1;
+static int hf_ntp_rootdelay = -1;
+static int hf_ntp_rootdispersion = -1;
+static int hf_ntp_refid = -1;
+static int hf_ntp_reftime = -1;
+static int hf_ntp_org = -1;
+static int hf_ntp_rec = -1;
+static int hf_ntp_xmt = -1;
+static int hf_ntp_keyid = -1;
+static int hf_ntp_mac = -1;
+
+void
+dissect_ntp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree)
+{
+	proto_tree      *ntp_tree, *ti;
+	struct ntp_packet *pkt;
+
+	/* get at least a full packet structure */
+	if ( !BYTES_ARE_IN_FRAME(offset, 48) ) /* 48 without keyid or mac */
+		return;
+
+	pkt = (struct ntp_packet *) &pd[offset];
+	
+	if (check_col(fd, COL_PROTOCOL))
+		col_add_str(fd, COL_PROTOCOL, "NTP");
+
+	if (check_col(fd, COL_INFO))
+		col_add_str(fd, COL_INFO, "NTP");
+
+	if (tree) {
+		ti = proto_tree_add_item(tree, proto_ntp, offset, END_OF_FRAME, NULL);
+		ntp_tree = proto_item_add_subtree(ti, ETT_NTP);
+
+		proto_tree_add_item(ntp_tree, hf_ntp_flags, offset, 1, pkt->flags);
+		proto_tree_add_item(ntp_tree, hf_ntp_stratum, offset+1, 1, pkt->stratum);
+		proto_tree_add_item(ntp_tree, hf_ntp_ppoll, offset+2, 1, pkt->ppoll);
+		proto_tree_add_item(ntp_tree, hf_ntp_precision, offset+3, 1, pkt->precision);
+		proto_tree_add_item(ntp_tree, hf_ntp_rootdelay, offset+4, 4, pkt->rootdelay);
+		proto_tree_add_item(ntp_tree, hf_ntp_rootdispersion, offset+8, 4, pkt->rootdispersion);
+		proto_tree_add_item(ntp_tree, hf_ntp_refid, offset+12, 4, pkt->refid);
+		proto_tree_add_item(ntp_tree, hf_ntp_reftime, offset+16, 8, pkt->reftime);
+		proto_tree_add_item(ntp_tree, hf_ntp_org, offset+24, 8, pkt->org);
+		proto_tree_add_item(ntp_tree, hf_ntp_rec, offset+32, 8, pkt->rec);
+		proto_tree_add_item(ntp_tree, hf_ntp_xmt, offset+40, 8, pkt->xmt);
+
+		if ( BYTES_ARE_IN_FRAME(offset, 50) )
+			proto_tree_add_item(ntp_tree, hf_ntp_keyid, offset+48, 4, pkt->keyid);
+		if ( BYTES_ARE_IN_FRAME(offset, 53) )
+			proto_tree_add_item(ntp_tree, hf_ntp_mac, offset+52, END_OF_FRAME, pkt->mac);
+	}
+}
+
+void
+proto_register_ntp(void)
+{
+	static hf_register_info hf[] = {
+			{ &hf_ntp_flags, {	
+				"Flags", "ntp.flags", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Flags (Leap/Version/Mode)" }},
+			{ &hf_ntp_stratum, {	
+				"Peer Clock Stratum", "ntp.stratum", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Peer Clock Stratum" }},
+			{ &hf_ntp_ppoll, {	
+				"Peer Polling Interval", "ntp.ppoll", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Peer Polling Interval" }},
+			{ &hf_ntp_precision, {	
+				"Peer Clock Precision", "ntp.precision", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Peer Clock Precision" }},
+			{ &hf_ntp_rootdelay, {	
+				"Distance to Primary", "ntp.rootdelay", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Distance to Primary" }},
+			{ &hf_ntp_rootdispersion, {	
+				"Clock Dispersion", "ntp.rootdispersion", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Clock Dispersion" }},
+			{ &hf_ntp_refid, {	
+				"Reference Clock ID", "ntp.refid", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Reference Clock ID" }},
+			{ &hf_ntp_reftime, {	
+				"Reference Clock Update Time", "ntp.reftime", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Reference Clock Update Time" }},
+			{ &hf_ntp_org, {	
+				"Originate Time Stamp", "ntp.org", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Originate Time Stamp" }},
+			{ &hf_ntp_rec, {	
+				"Receive Time Stamp", "ntp.rec", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Receive Time Stamp" }},
+			{ &hf_ntp_xmt, {	
+				"Transmit Time Stamp", "ntp.xmt", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Transmit Time Stamp" }},
+			{ &hf_ntp_keyid, {	
+				"Key ID", "ntp.keyid", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Key ID" }},
+			{ &hf_ntp_mac, {	
+				"Message Authentication Code", "ntp.mac", FT_BYTES, BASE_HEX, 
+				NULL, 0, "Message Authentication Code" }},
+        };
+
+	proto_ntp = proto_register_protocol("Network Time Protocol", "ntp");
+	proto_register_field_array(proto_ntp, hf, array_length(hf));
+}
--- a/packet-ntp.h
+++ b/packet-ntp.h
@ -0,0 +1,71 @@
+/* packet-ntp.h
+ * Definitions for packet disassembly structures and routines
+ *
+ * $Id: packet-ntp.h,v 1.1 1999/10/14 05:10:30 guy Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@zing.org>
+ * Copyright 1998 Gerald Combs
+ * Joerg Mayer <jmayer@telemation.de>
+ *
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+/* This is from yahoolib.h from gtkyahoo */
+
+#ifndef PACKET_NTP_H
+#define PACKET_NTP_H
+
+/* packet structure based on one in xntp package */
+/* to satisfy it's requirements, even though the code isn't copied
+directly: */
+
+/***********************************************************************
+ *                                                                     *
+ * Copyright (c) David L. Mills 1992, 1993, 1994, 1995, 1996           *
+ *                                                                     *
+ * Permission to use, copy, modify, and distribute this software and   *
+ * its documentation for any purpose and without fee is hereby         *
+ * granted, provided that the above copyright notice appears in all    *
+ * copies and that both the copyright notice and this permission       *
+ * notice appear in supporting documentation, and that the name        *
+ * University of Delaware not be used in advertising or publicity      *
+ * pertaining to distribution of the software without specific,        *
+ * written prior permission. The University of Delaware makes no       *
+ * representations about the suitability this software for any         *
+ * purpose. It is provided "as is" without express or implied          *
+ * warranty.                                                           *
+ **********************************************************************/
+
+struct ntp_packet
+{
+        unsigned char flags[1];    /* leap indicator, version and mode */ /* 0 */
+        unsigned char stratum[1];   /* peer's stratum */					
+        unsigned char ppoll[1];     /* the peer polling interval */
+        char precision[1];           /* peer clock precision */
+        unsigned char rootdelay[4];  /* distance to primary clock */   /* 4 */
+        unsigned char rootdispersion[4];  /* clock dispersion */ /* 8 */
+        unsigned char refid[4];    /* reference clock ID */ /* 12-15 */
+        unsigned char reftime[8];    /* time peer clock was last updated */  /* 16-23 */
+        unsigned char org[8];      /* originate time stamp */  /* 24 */
+        unsigned char rec[8];      /* receive time stamp */  /* 32 */
+        unsigned char xmt[8];     /* transmit time stamp */
+        unsigned char keyid[4];          /* key identification */ /* 48 */
+        unsigned char mac[16];   /* message-authentication code */ /* 52 - 60 */
+			/* can also be 16, if MD5 instead of DES */
+};
+
+#endif
--- a/packet-tcp.c
+++ b/packet-tcp.c
@ -1,7 +1,7 @@
 /* packet-tcp.c
 * Routines for TCP packet disassembly
 *
- * $Id: packet-tcp.c,v 1.35 1999/10/14 01:28:26 guy Exp $
+ * $Id: packet-tcp.c,v 1.36 1999/10/14 05:10:30 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -76,6 +76,7 @@ int hf_tcp_ack = -1;
 #define TCP_PORT_HTTP     80
 #define TCP_PORT_POP      110
 #define TCP_PORT_NNTP     119
+#define TCP_PORT_NTP      123
 #define TCP_PORT_NBSS     139
 #define TCP_PORT_PRINTER  515
 #define TCP_ALT_PORT_HTTP 8080
@ -487,6 +488,9 @@ dissect_tcp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
    } else if (PORT_IS(TCP_PORT_NNTP)) {
      pi.match_port = TCP_PORT_NNTP;
      dissect_nntp(pd, offset, fd, tree);
+    } else if (PORT_IS(TCP_PORT_NTP)) {
+      pi.match_port = TCP_PORT_NTP;
+      dissect_ntp(pd, offset, fd, tree);
    } else if (PORT_IS(TCP_PORT_PPTP)) {
      pi.match_port = TCP_PORT_PPTP;
      dissect_pptp(pd, offset, fd, tree);
--- a/packet-udp.c
+++ b/packet-udp.c
@ -1,7 +1,7 @@
 /* packet-udp.c
 * Routines for UDP packet disassembly
 *
- * $Id: packet-udp.c,v 1.27 1999/10/12 23:12:03 guy Exp $
+ * $Id: packet-udp.c,v 1.28 1999/10/14 05:10:32 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -66,6 +66,7 @@ typedef struct _e_udphdr {
 #define UDP_PORT_BOOTPS  67
 #define UDP_PORT_TFTP    69
 #define UDP_PORT_IPX    213
+#define UDP_PORT_NTP	123
 #define UDP_PORT_NBNS	137
 #define UDP_PORT_NBDGM	138
 #define UDP_PORT_SNMP   161
@ -238,6 +239,8 @@ dissect_udp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
      dissect_nbns(pd, offset, fd, tree);
 else if (PORT_IS(UDP_PORT_NBDGM))
      dissect_nbdgm(pd, offset, fd, tree);
+ else if (PORT_IS(UDP_PORT_NTP))
+      dissect_ntp(pd, offset, fd, tree);
 else if (PORT_IS(UDP_PORT_IPX)) /* RFC 1234 */
      dissect_ipx(pd, offset, fd, tree);
 #if defined(HAVE_UCD_SNMP_SNMP_H) || defined(HAVE_SNMP_SNMP_H)
--- a/packet.h
+++ b/packet.h
@ -1,7 +1,7 @@
 /* packet.h
 * Definitions for packet disassembly structures and routines
 *
- * $Id: packet.h,v 1.108 1999/10/14 03:50:31 itojun Exp $
+ * $Id: packet.h,v 1.109 1999/10/14 05:10:33 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -270,6 +270,8 @@ enum {
 	ETT_TELNET,
 	ETT_TELNET_SUBOPT,
 	ETT_NNTP,
+	ETT_NTP,
+	ETT_NTP_FLAGS,
 	ETT_SNMP,
 	ETT_NBSS,
 	ETT_NBSS_FLAGS,
@ -489,6 +491,7 @@ void dissect_nbns(const u_char *, int, frame_data *, proto_tree *);
 void dissect_nbss(const u_char *, int, frame_data *, proto_tree *);
 void dissect_ncp(const u_char *, int, frame_data *, proto_tree *);
 void dissect_nntp(const u_char *, int, frame_data *, proto_tree *);
+void dissect_ntp(const u_char *, int, frame_data *, proto_tree *);
 void dissect_nwlink_dg(const u_char *, int, frame_data *, proto_tree *);
 void dissect_osi(const u_char *, int, frame_data *, proto_tree *);
 void dissect_ospf(const u_char *, int, frame_data *, proto_tree *);
--- a/proto.c
+++ b/proto.c
@ -1,7 +1,7 @@
 /* proto.c
 * Routines for protocol tree
 *
- * $Id: proto.c,v 1.41 1999/10/14 01:28:29 guy Exp $
+ * $Id: proto.c,v 1.42 1999/10/14 05:10:32 guy Exp $
 *
 * Ethereal - Network traffic analyzer
 * By Gerald Combs <gerald@zing.org>
@ -138,6 +138,7 @@ void proto_register_nbt(void);
 void proto_register_ncp(void);
 void proto_register_netbios(void);
 void proto_register_nntp(void);
+void proto_register_ntp(void);
 void proto_register_null(void);
 void proto_register_ospf(void);
 void proto_register_pim(void);
@ -256,6 +257,7 @@ proto_init(void)
 	proto_register_ncp();
 	proto_register_netbios();
 	proto_register_nntp();
+	proto_register_ntp();
 	proto_register_null();
 	proto_register_ospf();
 	proto_register_pim();