ntp: make ntp.precision an uint8.
[metze/wireshark/wip.git] / epan / dissectors / packet-ntp.c
1 /* packet-ntp.c
2  * Routines for NTP packet dissection
3  * Copyright 1999, Nathan Neulinger <nneul@umr.edu>
4  *
5  * Wireshark - Network traffic analyzer
6  * By Gerald Combs <gerald@wireshark.org>
7  * Copyright 1998 Gerald Combs
8  *
9  * Copied from packet-tftp.c
10  *
11  * SPDX-License-Identifier: GPL-2.0-or-later
12  */
13
14 #include "config.h"
15
16 #include <math.h>
17
18 #include <epan/packet.h>
19 #include <epan/expert.h>
20 #include <epan/addr_resolv.h>
21 #include <epan/tvbparse.h>
22
23 #include "packet-ntp.h"
24
25 void proto_register_ntp(void);
26 void proto_reg_handoff_ntp(void);
27
28 /*
29  * Dissecting NTP packets version 3 and 4 (RFC5905, RFC2030, RFC1769, RFC1361,
30  * RFC1305).
31  *
32  * Those packets have simple structure:
33  *                      1                   2                   3
34  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
35  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
36  * |LI | VN  |Mode |    Stratum    |     Poll      |   Precision   |
37  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
38  * |                          Root Delay                           |
39  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
40  * |                       Root Dispersion                         |
41  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
42  * |                    Reference Identifier                       |
43  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
44  * |                   Reference Timestamp (64)                    |
45  * |                                                               |
46  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
47  * |                   Originate Timestamp (64)                    |
48  * |                                                               |
49  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
50  * |                    Receive Timestamp (64)                     |
51  * |                                                               |
52  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
53  * |                    Transmit Timestamp (64)                    |
54  * |                                                               |
55  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
56  * |                 Key Identifier (optional) (32)                |
57  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
58  * |                 Message Digest (optional) (128/160)           |
59  * |                                                               |
60  * |                                                               |
61  * |                                                               |
62  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
63  * NTP timestamps are represented as a 64-bit unsigned fixed-point number,
64  * in seconds relative to 0h on 1 January 1900. The integer part is in the
65  * first 32 bits and the fraction part in the last 32 bits.
66  *
67  *
68  * NTP Control messages as defined in version 2, 3 and 4 (RFC1119, RFC1305) use
69  * the following structure:
70  *                      1                   2                   3
71  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
72  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
73  * |00 | VN  | 110 |R E M| OpCode  |           Sequence            |
74  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
75  * |            Status             |        Association ID         |
76  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
77  * |            Offset             |             Count             |
78  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
79  * |                                                               |
80  * |                     Data (468 octets max)                     |
81  * |                                                               |
82  * |                               |        Padding (zeros)        |
83  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
84  * |                 Authenticator (optional) (96)                 |
85  * |                                                               |
86  * |                                                               |
87  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
88  *
89  * Not yet implemented: complete dissection of TPCTRL_OP_SETTRAP,
90  * NTPCTRL_OP_ASYNCMSG, NTPCTRL_OP_UNSETTRAPSETTRAP Control-Messages
91  *
92  */
93
94 #define UDP_PORT_NTP    123
95 #define TCP_PORT_NTP    123
96
97 /* Leap indicator, 2bit field is used to warn of a inserted/deleted
98  * second, or clock unsynchronized indication.
99  */
100 #define NTP_LI_MASK     0xC0
101
102 #define NTP_LI_NONE     0
103 #define NTP_LI_61       1
104 #define NTP_LI_59       2
105 #define NTP_LI_UNKNOWN  3
106
107 static const value_string li_types[] = {
108         { NTP_LI_NONE,    "no warning" },
109         { NTP_LI_61,      "last minute of the day has 61 seconds" },
110         { NTP_LI_59,      "last minute of the day has 59 seconds" },
111         { NTP_LI_UNKNOWN, "unknown (clock unsynchronized)" },
112         { 0,              NULL}
113 };
114
115 /* Version info, 3bit field informs about NTP version used in particular
116  * packet. According to rfc2030, version info could be only 3 or 4, but I
117  * have noticed packets with 1 or even 6 as version numbers. They are
118  * produced as a result of ntptrace command. Are those packets malformed
119  * on purpose? I don't know yet, probably some browsing through ntp sources
120  * would help. My solution is to put them as reserved for now.
121  */
122 #define NTP_VN_MASK     0x38
123
124 static const value_string ver_nums[] = {
125         { 0,    "reserved" },
126         { 1,    "NTP Version 1" },
127         { 2,    "NTP Version 2" },
128         { 3,    "NTP Version 3" },
129         { 4,    "NTP Version 4" },
130         { 5,    "reserved" },
131         { 6,    "reserved" },
132         { 7,    "reserved" },
133         { 0,    NULL}
134 };
135
136 /* Mode, 3bit field representing mode of communication.
137  */
138 #define NTP_MODE_MASK   7
139
140 #define NTP_MODE_RSV    0
141 #define NTP_MODE_SYMACT 1
142 #define NTP_MODE_SYMPAS 2
143 #define NTP_MODE_CLIENT 3
144 #define NTP_MODE_SERVER 4
145 #define NTP_MODE_BCAST  5
146 #define NTP_MODE_CTRL   6
147 #define NTP_MODE_PRIV   7
148
149 static const value_string mode_types[] = {
150         { NTP_MODE_RSV,         "reserved" },
151         { NTP_MODE_SYMACT,      "symmetric active" },
152         { NTP_MODE_SYMPAS,      "symmetric passive" },
153         { NTP_MODE_CLIENT,      "client" },
154         { NTP_MODE_SERVER,      "server" },
155         { NTP_MODE_BCAST,       "broadcast" },
156         { NTP_MODE_CTRL,        "reserved for NTP control message"},
157         { NTP_MODE_PRIV,        "reserved for private use" },
158         { 0,            NULL}
159 };
160
161 static const value_string info_mode_types[] = {
162         { NTP_MODE_RSV,         "reserved" },
163         { NTP_MODE_SYMACT,      "symmetric active" },
164         { NTP_MODE_SYMPAS,      "symmetric passive" },
165         { NTP_MODE_CLIENT,      "client" },
166         { NTP_MODE_SERVER,      "server" },
167         { NTP_MODE_BCAST,       "broadcast" },
168         { NTP_MODE_CTRL,        "control"},
169         { NTP_MODE_PRIV,        "private" },
170         { 0,            NULL}
171 };
172
173 /* According to rfc, primary (stratum-0 and stratum-1) servers should set
174  * their Reference ID (4bytes field) according to following table:
175  */
176 static const struct {
177         const char *id;
178         const char *data;
179 } primary_sources[] = {
180         /* IANA / RFC 5905 */
181         { "GOES",       "Geostationary Orbit Environment Satellite" },
182         { "GPS\0",      "Global Position System" },
183         { "GAL\0",      "Galileo Positioning System" },
184         { "PPS\0",      "Generic pulse-per-second" },
185         { "IRIG",       "Inter-Range Instrumentation Group" },
186         { "WWVB",       "LF Radio WWVB Ft. Collins, CO 60 kHz" },
187         { "DCF\0",      "LF Radio DCF77 Mainflingen, DE 77.5 kHz" },
188         { "HBG\0",      "LF Radio HBG Prangins, HB 75 kHz" },
189         { "MSF\0",      "LF Radio MSF Anthorn, UK 60 kHz" },
190         { "JJY\0",      "LF Radio JJY Fukushima, JP 40 kHz, Saga, JP 60 kHz" },
191         { "LORC",       "MF Radio LORAN C station, 100 kHz" },
192         { "TDF\0",      "MF Radio Allouis, FR 162 kHz" },
193         { "CHU\0",      "HF Radio CHU Ottawa, Ontario" },
194         { "WWV\0",      "HF Radio WWV Ft. Collins, CO" },
195         { "WWVH",       "HF Radio WWVH Kauai, HI" },
196         { "NIST",       "NIST telephone modem" },
197         { "ACTS",       "NIST telephone modem" },
198         { "USNO",       "USNO telephone modem" },
199         { "PTB\0",      "European telephone modem" },
200
201         /* Unofficial codes */
202         { "LOCL",       "uncalibrated local clock" },
203         { "CESM",       "calibrated Cesium clock" },
204         { "RBDM",       "calibrated Rubidium clock" },
205         { "OMEG",       "OMEGA radionavigation system" },
206         { "DCN\0",      "DCN routing protocol" },
207         { "TSP\0",      "TSP time protocol" },
208         { "DTS\0",      "Digital Time Service" },
209         { "ATOM",       "Atomic clock (calibrated)" },
210         { "VLF\0",      "VLF radio (OMEGA,, etc.)" },
211         { "1PPS",       "External 1 PPS input" },
212         { "FREE",       "(Internal clock)" },
213         { "INIT",       "(Initialization)" },
214         { "\0\0\0\0",   "NULL" },
215         { NULL,         NULL}
216 };
217
218 #define NTP_EXT_R_MASK 0x80
219
220 static const value_string ext_r_types[] = {
221         { 0,            "Request" },
222         { 1,            "Response" },
223         { 0,            NULL}
224 };
225
226 #define NTP_EXT_ERROR_MASK 0x40
227 #define NTP_EXT_VN_MASK 0x3f
228
229 static const value_string ext_op_types[] = {
230         { 0,            "NULL" },
231         { 1,            "ASSOC" },
232         { 2,            "CERT" },
233         { 3,            "COOK" },
234         { 4,            "AUTO" },
235         { 5,            "TAI" },
236         { 6,            "SIGN" },
237         { 7,            "IFF" },
238         { 8,            "GQ" },
239         { 9,            "MV" },
240         { 0,            NULL}
241 };
242
243 #define NTPCTRL_R_MASK 0x80
244
245 #define ctrl_r_types ext_r_types
246
247 #define NTPCTRL_ERROR_MASK 0x40
248 #define NTPCTRL_MORE_MASK 0x20
249 #define NTPCTRL_OP_MASK 0x1f
250
251 #define NTPCTRL_OP_UNSPEC 0             /* unspeciffied */
252 #define NTPCTRL_OP_READSTAT 1           /* read status */
253 #define NTPCTRL_OP_READVAR 2            /* read variables */
254 #define NTPCTRL_OP_WRITEVAR 3           /* write variables */
255 #define NTPCTRL_OP_READCLOCK 4          /* read clock variables */
256 #define NTPCTRL_OP_WRITECLOCK 5         /* write clock variables */
257 #define NTPCTRL_OP_SETTRAP 6            /* set trap address */
258 #define NTPCTRL_OP_ASYNCMSG 7           /* asynchronous message */
259 #define NTPCTRL_OP_CONFIGURE 8          /* runtime configuration */
260 #define NTPCTRL_OP_SAVECONFIG 9         /* save config to file */
261 #define NTPCTRL_OP_READ_MRU 10          /* retrieve MRU (mrulist) */
262 #define NTPCTRL_OP_READ_ORDLIST_A 11    /* ordered list req. auth. */
263 #define NTPCTRL_OP_REQ_NONCE 12         /* request a client nonce */
264 #define NTPCTRL_OP_UNSETTRAP 31         /* unset trap */
265
266 static const value_string ctrl_op_types[] = {
267         { NTPCTRL_OP_UNSPEC,            "reserved" },
268         { NTPCTRL_OP_READSTAT,          "read status" },
269         { NTPCTRL_OP_READVAR,           "read variables" },
270         { NTPCTRL_OP_WRITEVAR,          "write variables" },
271         { NTPCTRL_OP_READCLOCK,         "read clock variables" },
272         { NTPCTRL_OP_WRITECLOCK,        "write clock variables" },
273         { NTPCTRL_OP_SETTRAP,           "set trap address/port" },
274         { NTPCTRL_OP_ASYNCMSG,          "asynchronous message" },
275         { NTPCTRL_OP_CONFIGURE,         "runtime configuration" },
276         { NTPCTRL_OP_SAVECONFIG,        "save config to file" },
277         { NTPCTRL_OP_READ_MRU,          "retrieve MRU (mrulist)" },
278         { NTPCTRL_OP_READ_ORDLIST_A,    "retrieve ordered list" },
279         { NTPCTRL_OP_REQ_NONCE,         "request a client nonce" },
280         { NTPCTRL_OP_UNSETTRAP,         "unset trap address/port" },
281         { 0,            NULL}
282 };
283
284 #define NTPCTRL_SYSSTATUS_LI_MASK               0xC000
285 #define NTPCTRL_SYSSTATUS_CLK_MASK              0x3F00
286 #define NTPCTRL_SYSSTATUS_COUNT_MASK    0x00F0
287 #define NTPCTRL_SYSSTATUS_CODE_MASK             0x000F
288
289 static const value_string ctrl_sys_status_clksource_types[] = {
290         { 0,            "unspecified or unknown" },
291         { 1,            "Calibrated atomic clock (e.g. HP 5061)" },
292         { 2,            "VLF (band 4) or LF (band 5) radio (e.g. OMEGA, WWVB)" },
293         { 3,            "HF (band 7) radio (e.g. CHU, MSF, WWV/H)" },
294         { 4,            "UHF (band 9) satellite (e.g. GOES, GPS)" },
295         { 5,            "local net (e.g. DCN, TSP, DTS)" },
296         { 6,            "UDP/NTP" },
297         { 7,            "UDP/TIME" },
298         { 8,            "eyeball-and-wristwatch" },
299         { 9,            "telephone modem (e.g. NIST)" },
300         { 0,            NULL}
301 };
302
303 static const value_string ctrl_sys_status_event_types[] = {
304         { 0,            "unspecified" },
305         { 1,            "frequency correction (drift) file not available" },
306         { 2,            "frequency correction started (frequency stepped)" },
307         { 3,            "spike detected and ignored, starting stepout timer" },
308         { 4,            "frequency training started" },
309         { 5,            "clock synchronized" },
310         { 6,            "system restart" },
311         { 7,            "panic stop (required step greater than panic threshold)" },
312         { 8,            "no system peer" },
313         { 9,            "leap second insertion/deletion armed" },
314         { 10,           "leap second disarmed" },
315         { 11,           "leap second inserted or deleted" },
316         { 12,           "clock stepped (stepout timer expired)" },
317         { 13,           "kernel loop discipline status changed" },
318         { 14,           "leapseconds table loaded from file" },
319         { 15,           "leapseconds table outdated, updated file needed" },
320         { 0,            NULL}
321 };
322
323 #define NTPCTRL_PEERSTATUS_STATUS_MASK          0xF800
324 #define NTPCTRL_PEERSTATUS_CONFIG_MASK          0x8000
325 #define NTPCTRL_PEERSTATUS_AUTHENABLE_MASK      0x4000
326 #define NTPCTRL_PEERSTATUS_AUTHENTIC_MASK       0x2000
327 #define NTPCTRL_PEERSTATUS_REACH_MASK           0x1000
328 #define NTPCTRL_PEERSTATUS_BCAST_MASK           0x0800
329 #define NTPCTRL_PEERSTATUS_SEL_MASK             0x0700
330 #define NTPCTRL_PEERSTATUS_COUNT_MASK           0x00F0
331 #define NTPCTRL_PEERSTATUS_CODE_MASK            0x000F
332
333 static const true_false_string tfs_ctrl_peer_status_config = {"configured (peer.config)", "not configured (peer.config)" };
334 static const true_false_string tfs_ctrl_peer_status_authenable = { "authentication enabled (peer.authenable)", "authentication disabled (peer.authenable)" };
335 static const true_false_string tfs_ctrl_peer_status_authentic = { "authentication okay (peer.authentic)", "authentication not okay (peer.authentic)" };
336 static const true_false_string tfs_ctrl_peer_status_reach = {"reachability okay (peer.reach != 0)", "reachability not okay (peer.reach != 0)" };
337
338 static const value_string ctrl_peer_status_selection_types[] = {
339         { 0,            "rejected" },
340         { 1,            "passed sanity checks (tests 1 through 8 in Section 3.4.3)" },
341         { 2,            "passed correctness checks (intersection algorithm in Section 4.2.1)" },
342         { 3,            "passed candidate checks (if limit check implemented)" },
343         { 4,            "passed outlyer checks (clustering algorithm in Section 4.2.2)" },
344         { 5,            "current synchronization source; max distance exceeded (if limit check implemented)" },
345         { 6,            "current synchronization source; max distance okay" },
346         { 7,            "reserved" },
347         { 0,            NULL}
348 };
349
350 static const value_string ctrl_peer_status_event_types[] = {
351         { 0,            "unspecified" },
352         { 1,            "association mobilized" },
353         { 2,            "association demobilized" },
354         { 3,            "peer unreachable (peer.reach was nonzero now zero)" },
355         { 4,            "peer reachable (peer.reach was zero now nonzero)" },
356         { 5,            "association restarted or timed out" },
357         { 6,            "no server found (ntpdate mode)" },
358         { 7,            "rate exceeded (kiss code RATE)" },
359         { 8,            "access denied (kiss code DENY)" },
360         { 9,            "leap armed from server LI code" },
361         { 10,           "become system peer" },
362         { 11,           "reference clock event (see clock status word)" },
363         { 12,           "authentication failure" },
364         { 13,           "popcorn spike suppressor" },
365         { 14,           "entering interleave mode" },
366         { 15,           "interleave error (recovered)" },
367         { 16,           "leapsecond values update from server" },
368         { 0,            NULL}
369 };
370
371 #define NTPCTRL_CLKSTATUS_STATUS_MASK   0xFF00
372 #define NTPCTRL_CLKSTATUS_CODE_MASK             0x00FF
373
374 static const value_string ctrl_clk_status_types[] = {
375         { 0,            "clock operating within nominals" },
376         { 1,            "reply timeout" },
377         { 2,            "bad reply format" },
378         { 3,            "hardware or software fault" },
379         { 4,            "propagation failure" },
380         { 5,            "bad date format or value" },
381         { 6,            "bad time format or value" },
382         { 0,            NULL}
383 };
384
385 #define NTP_CTRL_ERRSTATUS_CODE_MASK    0xFF00
386
387 static const value_string ctrl_err_status_types[] = {
388         { 0,            "unspecified" },
389         { 1,            "authentication failure" },
390         { 2,            "invalid message length or format" },
391         { 3,            "invalid opcode" },
392         { 4,            "unknown association identifier" },
393         { 5,            "unknown variable name" },
394         { 6,            "invalid variable value" },
395         { 7,            "administratively prohibited" },
396         { 0,            NULL}
397 };
398
399 static const value_string err_values_types[] = {
400         { 0,            "No error" },
401         { 1,            "incompatible implementation number"},
402         { 2,            "unimplemented request code" },
403         { 3,            "format error" },
404         { 4,            "no data available" },
405         { 5,            "unknown" },
406         { 6,            "unknown" },
407         { 7,            "authentication failure"},
408         { 0,            NULL}
409 };
410
411 #define NTPPRIV_R_MASK 0x80
412
413 #define priv_r_types ext_r_types
414
415 #define NTPPRIV_MORE_MASK 0x40
416
417 #define NTPPRIV_AUTH_MASK 0x80
418 #define NTPPRIV_SEQ_MASK 0x7f
419
420 #define XNTPD 0x03
421
422 static const value_string priv_impl_types[] = {
423         { 0,            "UNIV" },
424         { 2,            "XNTPD_OLD (pre-IPv6)" },
425         { 3,            "XNTPD" },
426         { 0,            NULL}
427 };
428
429 #define MON_GETLIST_1 42
430
431 static const value_string priv_rc_types[] = {
432         { 0,            "PEER_LIST" },
433         { 1,            "PEER_LIST_SUM" },
434         { 2,            "PEER_INFO" },
435         { 3,            "PEER_STATS" },
436         { 4,            "SYS_INFO" },
437         { 5,            "SYS_STATS" },
438         { 6,            "IO_STATS" },
439         { 7,            "MEM_STATS" },
440         { 8,            "LOOP_INFO" },
441         { 9,            "TIMER_STATS" },
442         { 10,           "CONFIG" },
443         { 11,           "UNCONFIG" },
444         { 12,           "SET_SYS_FLAG" },
445         { 13,           "CLR_SYS_FLAG" },
446         { 16,           "GET_RESTRICT" },
447         { 17,           "RESADDFLAGS" },
448         { 18,           "RESSUBFLAGS" },
449         { 19,           "UNRESTRICT" },
450         { 20,           "MON_GETLIST" },
451         { 21,           "RESET_STATS" },
452         { 22,           "RESET_PEER" },
453         { 23,           "REREAD_KEYS" },
454         { 26,           "TRUSTKEY" },
455         { 27,           "UNTRUSTKEY" },
456         { 28,           "AUTHINFO" },
457         { 29,           "TRAPS" },
458         { 30,           "ADD_TRAP" },
459         { 31,           "CLR_TRAP" },
460         { 32,           "REQUEST_KEY" },
461         { 33,           "CONTROL_KEY" },
462         { 34,           "GET_CTLSTATS" },
463         { 36,           "GET_CLOCKINFO" },
464         { 37,           "SET_CLKFUDGE" },
465         { 38,           "GET_KERNEL" },
466         { 39,           "GET_CLKBUGINFO" },
467         { 42,           "MON_GETLIST_1" },
468         { 43,           "HOSTNAME_ASSOCID" },
469         { 0,            NULL}
470 };
471 static value_string_ext priv_rc_types_ext = VALUE_STRING_EXT_INIT(priv_rc_types);
472
473 static const range_string stratum_rvals[] = {
474         { 0,    0, "unspecified or invalid" },
475         { 1,    1, "primary reference" },
476         { 2,    15, "secondary reference" },
477         { 16,   16, "unsynchronized" },
478         { 17,   255, "reserved" },
479         { 0,    0, NULL }
480 };
481
482 #define NTP_MD5_ALGO 0
483 #define NTP_SHA_ALGO 1
484
485 static const value_string authentication_types[] = {
486         { NTP_MD5_ALGO,         "MD5" },
487         { NTP_SHA_ALGO,         "SHA" },
488         { 0,            NULL}
489 };
490
491
492 /*
493  * Maximum MAC length : 160 bits MAC + 32 bits Key ID
494  */
495 #define MAX_MAC_LEN     (6 * sizeof (guint32))
496
497 static int proto_ntp = -1;
498
499 static int hf_ntp_flags = -1;
500 static int hf_ntp_flags_li = -1;
501 static int hf_ntp_flags_vn = -1;
502 static int hf_ntp_flags_mode = -1;
503 static int hf_ntp_stratum = -1;
504 static int hf_ntp_ppoll = -1;
505 static int hf_ntp_precision = -1;
506 static int hf_ntp_rootdelay = -1;
507 static int hf_ntp_rootdispersion = -1;
508 static int hf_ntp_refid = -1;
509 static int hf_ntp_reftime = -1;
510 static int hf_ntp_org = -1;
511 static int hf_ntp_rec = -1;
512 static int hf_ntp_xmt = -1;
513 static int hf_ntp_keyid = -1;
514 static int hf_ntp_mac = -1;
515 static int hf_ntp_padding = -1;
516 static int hf_ntp_key_type = -1;
517 static int hf_ntp_key_index = -1;
518 static int hf_ntp_key_signature = -1;
519
520 static int hf_ntp_ext = -1;
521 static int hf_ntp_ext_flags = -1;
522 static int hf_ntp_ext_flags_r = -1;
523 static int hf_ntp_ext_flags_error = -1;
524 static int hf_ntp_ext_flags_vn = -1;
525 static int hf_ntp_ext_op = -1;
526 static int hf_ntp_ext_len = -1;
527 static int hf_ntp_ext_associd = -1;
528 static int hf_ntp_ext_tstamp = -1;
529 static int hf_ntp_ext_fstamp = -1;
530 static int hf_ntp_ext_vallen = -1;
531 static int hf_ntp_ext_val = -1;
532 static int hf_ntp_ext_siglen = -1;
533 static int hf_ntp_ext_sig = -1;
534
535 static int hf_ntpctrl_flags2 = -1;
536 static int hf_ntpctrl_flags2_r = -1;
537 static int hf_ntpctrl_flags2_error = -1;
538 static int hf_ntpctrl_flags2_more = -1;
539 static int hf_ntpctrl_flags2_opcode = -1;
540 static int hf_ntpctrl_sequence = -1;
541 static int hf_ntpctrl_status = -1;
542 static int hf_ntpctrl_error_status_word = -1;
543 static int hf_ntpctrl_sys_status_li = -1;
544 static int hf_ntpctrl_sys_status_clksrc = -1;
545 static int hf_ntpctrl_sys_status_count = -1;
546 static int hf_ntpctrl_sys_status_code = -1;
547 static int hf_ntpctrl_peer_status_b0 = -1;
548 static int hf_ntpctrl_peer_status_b1 = -1;
549 static int hf_ntpctrl_peer_status_b2 = -1;
550 static int hf_ntpctrl_peer_status_b3 = -1;
551 static int hf_ntpctrl_peer_status_b4 = -1;
552 static int hf_ntpctrl_peer_status_selection = -1;
553 static int hf_ntpctrl_peer_status_count = -1;
554 static int hf_ntpctrl_peer_status_code = -1;
555 static int hf_ntpctrl_clk_status = -1;
556 static int hf_ntpctrl_clk_status_code = -1;
557 static int hf_ntpctrl_associd = -1;
558 static int hf_ntpctrl_offset = -1;
559 static int hf_ntpctrl_count = -1;
560 static int hf_ntpctrl_data = -1;
561 static int hf_ntpctrl_item = -1;
562 static int hf_ntpctrl_trapmsg = -1;
563 static int hf_ntpctrl_ordlist = -1;
564 static int hf_ntpctrl_configuration = -1;
565 static int hf_ntpctrl_mru = -1;
566 static int hf_ntpctrl_nonce = -1;
567
568 static int hf_ntppriv_flags_r = -1;
569 static int hf_ntppriv_flags_more = -1;
570 static int hf_ntppriv_auth_seq = -1;
571 static int hf_ntppriv_auth = -1;
572 static int hf_ntppriv_seq = -1;
573 static int hf_ntppriv_impl = -1;
574 static int hf_ntppriv_reqcode = -1;
575 static int hf_ntppriv_errcode = -1;
576 static int hf_ntppriv_numitems = -1;
577 static int hf_ntppriv_mbz = -1;
578 static int hf_monlist_item = -1;
579 static int hf_ntppriv_itemsize = -1;
580 static int hf_ntppriv_avgint = -1;
581 static int hf_ntppriv_lsint = -1;
582 static int hf_ntppriv_count = -1;
583 static int hf_ntppriv_restr = -1;
584 static int hf_ntppriv_addr = -1;
585 static int hf_ntppriv_daddr = -1;
586 static int hf_ntppriv_flags = -1;
587 static int hf_ntppriv_port = -1;
588 static int hf_ntppriv_mode = -1;
589 static int hf_ntppriv_version = -1;
590 static int hf_ntppriv_v6_flag = -1;
591 static int hf_ntppriv_addr6 = -1;
592 static int hf_ntppriv_daddr6 = -1;
593
594 static gint ett_ntp = -1;
595 static gint ett_ntp_flags = -1;
596 static gint ett_ntp_ext = -1;
597 static gint ett_ntp_ext_flags = -1;
598 static gint ett_ntpctrl_flags2 = -1;
599 static gint ett_ntpctrl_status = -1;
600 static gint ett_ntpctrl_data = -1;
601 static gint ett_ntpctrl_item = -1;
602 static gint ett_ntppriv_auth_seq = -1;
603 static gint ett_monlist_item = -1;
604 static gint ett_ntp_authenticator = -1;
605
606 static expert_field ei_ntp_ext = EI_INIT;
607
608 static const char *mon_names[12] = {
609         "Jan",
610         "Feb",
611         "Mar",
612         "Apr",
613         "May",
614         "Jun",
615         "Jul",
616         "Aug",
617         "Sep",
618         "Oct",
619         "Nov",
620         "Dec"
621 };
622
623 static const int *ntp_header_fields[] = {
624         &hf_ntp_flags_li,
625         &hf_ntp_flags_vn,
626         &hf_ntp_flags_mode,
627         NULL
628 };
629
630 /*
631         * dissect peer status word:
632         *                      1
633         *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
634         * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
635         * | Status  | Sel | Count | Code  |
636         * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
637         */
638 static const int *peer_status_flags[] = {
639         &hf_ntpctrl_peer_status_b0,
640         &hf_ntpctrl_peer_status_b1,
641         &hf_ntpctrl_peer_status_b2,
642         &hf_ntpctrl_peer_status_b3,
643         &hf_ntpctrl_peer_status_b4,
644         &hf_ntpctrl_peer_status_selection,
645         &hf_ntpctrl_peer_status_count,
646         &hf_ntpctrl_peer_status_code,
647         NULL
648 };
649
650 /* parser definitions */
651 static tvbparse_wanted_t *want;
652 static tvbparse_wanted_t *want_ignore;
653
654 /* NTP_BASETIME is in fact epoch - ntp_start_time */
655 #define NTP_BASETIME 2208988800u
656 #define NTP_FLOAT_DENOM 4294967296.0
657 #define NTP_TS_SIZE 100
658
659 /* Modified tvb_ntp_fmt_ts
660  * tvb_mip6_fmt_ts - converts MIP6 timestamp to human readable string.
661  *      Timestamp
662  *
663  *         A 64-bit unsigned integer field containing a timestamp.  The
664  *          value indicates the number of seconds since January 1, 1970,
665  *          00:00 UTC, by using a fixed point format.  In this format, the
666  *          integer number of seconds is contained in the first 48 bits of
667  *          the field, and the remaining 16 bits indicate the number of
668  *          1/65536 fractions of a second.
669  *
670  * TVB and an offset (IN).
671  * returns pointer to filled buffer.  This buffer will be freed automatically once
672  * dissection of the next packet occurs.
673  */
674 const char *
675 tvb_mip6_fmt_ts(tvbuff_t *tvb, gint offset)
676 {
677         guint64 tempstmp;
678         guint32 tempfrac;
679         time_t temptime;
680         struct tm *bd;
681         double fractime;
682
683         tempstmp = tvb_get_ntoh48(tvb, offset);
684         tempfrac = tvb_get_ntohs(tvb, offset+6);
685         tempfrac <<= 16;
686         if ((tempstmp == 0) && (tempfrac == 0)) {
687                 return "NULL";
688         }
689
690         temptime = (time_t)(tempstmp /*- NTP_BASETIME*/);
691         bd = gmtime(&temptime);
692         if(!bd){
693                 return "Not representable";
694         }
695
696         fractime = bd->tm_sec + tempfrac / NTP_FLOAT_DENOM;
697         return wmem_strdup_printf(wmem_packet_scope(), "%s %2d, %d %02d:%02d:%07.4f UTC",
698                  mon_names[bd->tm_mon],
699                  bd->tm_mday,
700                  bd->tm_year + 1900,
701                  bd->tm_hour,
702                  bd->tm_min,
703                  fractime);
704 }
705 /* tvb_ntp_fmt_ts - converts NTP timestamp to human readable string.
706  * TVB and an offset (IN).
707  * returns pointer to filled buffer.  This buffer will be freed automatically once
708  * dissection of the next packet occurs.
709  */
710 const char *
711 tvb_ntp_fmt_ts(tvbuff_t *tvb, gint offset)
712 {
713         guint32 tempstmp, tempfrac;
714         time_t temptime;
715         struct tm *bd;
716         double fractime;
717         char *buff;
718
719         tempstmp = tvb_get_ntohl(tvb, offset);
720         tempfrac = tvb_get_ntohl(tvb, offset+4);
721         if ((tempstmp == 0) && (tempfrac == 0)) {
722                 return "NULL";
723         }
724
725         /* We need a temporary variable here so the unsigned math
726          * works correctly (for years > 2036 according to RFC 2030
727          * chapter 3).
728          */
729         temptime = (time_t)(tempstmp - NTP_BASETIME);
730         bd = gmtime(&temptime);
731         if(!bd){
732                 return "Not representable";
733         }
734
735         fractime = bd->tm_sec + tempfrac / NTP_FLOAT_DENOM;
736         buff=(char *)wmem_alloc(wmem_packet_scope(), NTP_TS_SIZE);
737         g_snprintf(buff, NTP_TS_SIZE,
738                  "%s %2d, %d %02d:%02d:%09.6f UTC",
739                  mon_names[bd->tm_mon],
740                  bd->tm_mday,
741                  bd->tm_year + 1900,
742                  bd->tm_hour,
743                  bd->tm_min,
744                  fractime);
745         return buff;
746 }
747
748 /* tvb_ntp_fmt_ts_sec - converts an NTP timestamps second part (32bits) to an human readable string.
749 * TVB and an offset (IN).
750 * returns pointer to filled buffer.  This buffer will be freed automatically once
751 * dissection of the next packet occurs.
752 */
753 const char *
754 tvb_ntp_fmt_ts_sec(tvbuff_t *tvb, gint offset)
755 {
756         guint32 tempstmp;
757         time_t temptime;
758         struct tm *bd;
759         char *buff;
760
761         tempstmp = tvb_get_ntohl(tvb, offset);
762         if (tempstmp == 0){
763                 return "NULL";
764         }
765
766         /* We need a temporary variable here so the unsigned math
767         * works correctly (for years > 2036 according to RFC 2030
768         * chapter 3).
769         */
770         temptime = (time_t)(tempstmp - NTP_BASETIME);
771         bd = gmtime(&temptime);
772         if (!bd){
773                 return "Not representable";
774         }
775
776         buff = (char *)wmem_alloc(wmem_packet_scope(), NTP_TS_SIZE);
777         g_snprintf(buff, NTP_TS_SIZE,
778                 "%s %2d, %d %02d:%02d:%02d UTC",
779                 mon_names[bd->tm_mon],
780                 bd->tm_mday,
781                 bd->tm_year + 1900,
782                 bd->tm_hour,
783                 bd->tm_min,
784                 bd->tm_sec);
785         return buff;
786 }
787
788 void
789 ntp_to_nstime(tvbuff_t *tvb, gint offset, nstime_t *nstime)
790 {
791         guint32 tempstmp;
792
793         /* We need a temporary variable here so the unsigned math
794          * works correctly (for years > 2036 according to RFC 2030
795          * chapter 3).
796          */
797         tempstmp  = tvb_get_ntohl(tvb, offset);
798         if (tempstmp)
799                 nstime->secs = (time_t)(tempstmp - NTP_BASETIME);
800         else
801                 nstime->secs = (time_t)tempstmp; /* 0 */
802
803         nstime->nsecs = (int)(tvb_get_ntohl(tvb, offset+4)/(NTP_FLOAT_DENOM/1000000000.0));
804 }
805
806
807 static int
808 dissect_ntp_ext(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ntp_tree, int offset)
809 {
810         proto_tree *ext_tree, *flags_tree;
811         proto_item *tf, *ext_item;
812         guint16 extlen;
813         int endoffset;
814         guint8 flags;
815         guint32 vallen, vallen_round, siglen;
816
817         extlen = tvb_get_ntohs(tvb, offset+2);
818         tf = proto_tree_add_item(ntp_tree, hf_ntp_ext, tvb, offset, extlen, ENC_NA);
819         ext_tree = proto_item_add_subtree(tf, ett_ntp_ext);
820
821         if (extlen < 8) {
822                 /* Extension length isn't enough for the extension header.
823                  * Report the error, and return an offset that goes to
824                  * the end of the tvbuff, so we stop dissecting.
825                  */
826                 expert_add_info_format(pinfo, tf, &ei_ntp_ext, "Extension length %u < 8", extlen);
827                 return tvb_reported_length(tvb);
828         }
829         if (extlen % 4) {
830                 /* Extension length isn't a multiple of 4.
831                  * Report the error, and return an offset that goes
832                  * to the end of the tvbuff, so we stop dissecting.
833                  */
834                 expert_add_info_format(pinfo, tf, &ei_ntp_ext, "Extension length %u isn't a multiple of 4",
835                                 extlen);
836                 return tvb_reported_length(tvb);
837         }
838         endoffset = offset + extlen;
839
840         flags = tvb_get_guint8(tvb, offset);
841         tf = proto_tree_add_uint(ext_tree, hf_ntp_ext_flags, tvb, offset, 1, flags);
842         flags_tree = proto_item_add_subtree(tf, ett_ntp_ext_flags);
843         proto_tree_add_uint(flags_tree, hf_ntp_ext_flags_r, tvb, offset, 1, flags);
844         proto_tree_add_uint(flags_tree, hf_ntp_ext_flags_error, tvb, offset, 1, flags);
845         proto_tree_add_uint(flags_tree, hf_ntp_ext_flags_vn, tvb, offset, 1, flags);
846         offset += 1;
847
848         proto_tree_add_item(ext_tree, hf_ntp_ext_op, tvb, offset, 1, ENC_BIG_ENDIAN);
849         offset += 1;
850
851         proto_tree_add_uint(ext_tree, hf_ntp_ext_len, tvb, offset, 2, extlen);
852         offset += 2;
853
854         if ((flags & NTP_EXT_VN_MASK) != 2) {
855                 /* don't care about autokey v1 */
856                 return endoffset;
857         }
858
859         proto_tree_add_item(ext_tree, hf_ntp_ext_associd, tvb, offset, 4, ENC_BIG_ENDIAN);
860         offset += 4;
861
862         /* check whether everything up to "vallen" is present */
863         if (extlen < MAX_MAC_LEN) {
864                 /* XXX - report as error? */
865                 return endoffset;
866         }
867
868         proto_tree_add_item(ext_tree, hf_ntp_ext_tstamp, tvb, offset, 4, ENC_BIG_ENDIAN);
869         offset += 4;
870         proto_tree_add_item(ext_tree, hf_ntp_ext_fstamp, tvb, offset, 4, ENC_BIG_ENDIAN);
871         offset += 4;
872         /* XXX fstamp can be server flags */
873
874         vallen = tvb_get_ntohl(tvb, offset);
875         ext_item = proto_tree_add_uint(ext_tree, hf_ntp_ext_vallen, tvb, offset, 4, vallen);
876         offset += 4;
877         vallen_round = (vallen + 3) & (-4);
878         if (vallen != 0) {
879                 if ((guint32)(endoffset - offset) < vallen_round) {
880                         /*
881                          * Value goes past the length of the extension
882                          * field.
883                          */
884                         expert_add_info_format(pinfo, ext_item, &ei_ntp_ext,
885                                         "Value length makes value go past the end of the extension field");
886                         return endoffset;
887                 }
888                 proto_tree_add_item(ext_tree, hf_ntp_ext_val, tvb, offset, vallen, ENC_NA);
889         }
890         offset += vallen_round;
891
892         siglen = tvb_get_ntohl(tvb, offset);
893         ext_item = proto_tree_add_uint(ext_tree, hf_ntp_ext_siglen, tvb, offset, 4, siglen);
894         offset += 4;
895         if (siglen != 0) {
896                 if (offset + (int)siglen > endoffset) {
897                         /*
898                          * Value goes past the length of the extension
899                          * field.
900                          */
901                         expert_add_info_format(pinfo, ext_item, &ei_ntp_ext,
902                                                 "Signature length makes value go past the end of the extension field");
903                         return endoffset;
904                 }
905                 proto_tree_add_item(ext_tree, hf_ntp_ext_sig, tvb, offset, siglen, ENC_NA);
906         }
907         return endoffset;
908 }
909
910 static void
911 dissect_ntp_std(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ntp_tree)
912 {
913         guint8 stratum;
914         guint8 ppoll;
915         gint8 precision;
916         double rootdelay;
917         double rootdispersion;
918         guint32 refid_addr;
919         gchar *buff;
920         int i;
921         int macofs;
922         gint maclen;
923
924         proto_tree_add_bitmask(ntp_tree, tvb, 0, hf_ntp_flags, ett_ntp_flags, ntp_header_fields, ENC_NA);
925
926         /* Stratum, 1byte field represents distance from primary source
927          */
928         proto_tree_add_item(ntp_tree, hf_ntp_stratum, tvb, 1, 1, ENC_NA);
929         stratum = tvb_get_guint8(tvb, 1);
930
931         /* Poll interval, 1byte field indicating the maximum interval
932          * between successive messages, in seconds to the nearest
933          * power of two.
934          */
935         ppoll = tvb_get_guint8(tvb, 2);
936         if ((ppoll >= 4) && (ppoll <= 17)) {
937                 proto_tree_add_uint_format_value(ntp_tree, hf_ntp_ppoll, tvb, 2, 1,
938                         ppoll, "%u (%u seconds)", ppoll, 1 << ppoll);
939         } else {
940                 proto_tree_add_uint_format_value(ntp_tree, hf_ntp_ppoll, tvb, 2, 1,
941                         ppoll, "invalid (%u)", ppoll);
942         }
943
944         /* Precision, 1 byte field indicating the precision of the
945          * local clock, in seconds to the nearest power of two.
946          */
947         precision = tvb_get_guint8(tvb, 3);
948         proto_tree_add_uint_format_value(ntp_tree, hf_ntp_precision, tvb, 3, 1,
949                 (guint8)precision, "%8.6f seconds", pow(2, precision));
950
951         /* Root Delay is a 32-bit signed fixed-point number indicating
952          * the total roundtrip delay to the primary reference source,
953          * in seconds with fraction point between bits 15 and 16.
954          */
955         rootdelay = tvb_get_ntohis(tvb, 4) +
956                         (tvb_get_ntohs(tvb, 6) / 65536.0);
957         proto_tree_add_double(ntp_tree, hf_ntp_rootdelay, tvb, 4, 4, rootdelay);
958
959         /* Root Dispersion, 32-bit unsigned fixed-point number indicating
960          * the nominal error relative to the primary reference source, in
961          * seconds with fraction point between bits 15 and 16.
962          */
963         rootdispersion = tvb_get_ntohis(tvb, 8) +
964                                 (tvb_get_ntohs(tvb, 10) / 65536.0);
965         proto_tree_add_double(ntp_tree, hf_ntp_rootdispersion, tvb, 8, 4, rootdispersion);
966
967         /* Now, there is a problem with secondary servers.  Standards
968          * asks from stratum-2 - stratum-15 servers to set this to the
969          * low order 32 bits of the latest transmit timestamp of the
970          * reference source.
971          * But, all V3 and V4 servers set this to IP address of their
972          * higher level server. My decision was to resolve this address.
973          */
974         buff = (gchar *)wmem_alloc(wmem_packet_scope(), NTP_TS_SIZE);
975         if (stratum <= 1) {
976                 g_snprintf (buff, NTP_TS_SIZE, "Unidentified reference source '%.4s'",
977                         tvb_get_string_enc(wmem_packet_scope(), tvb, 12, 4, ENC_ASCII));
978                 for (i = 0; primary_sources[i].id; i++) {
979                         if (tvb_memeql(tvb, 12, primary_sources[i].id, 4) == 0) {
980                                 g_snprintf(buff, NTP_TS_SIZE, "%s",
981                                         primary_sources[i].data);
982                                 break;
983                         }
984                 }
985         } else {
986                 int buffpos;
987                 refid_addr = tvb_get_ipv4(tvb, 12);
988                 buffpos = g_snprintf(buff, NTP_TS_SIZE, "%s", get_hostname (refid_addr));
989                 if (buffpos >= NTP_TS_SIZE) {
990                         buff[NTP_TS_SIZE-4]='.';
991                         buff[NTP_TS_SIZE-3]='.';
992                         buff[NTP_TS_SIZE-2]='.';
993                         buff[NTP_TS_SIZE-1]=0;
994                 }
995         }
996         proto_tree_add_bytes_format_value(ntp_tree, hf_ntp_refid, tvb, 12, 4,
997                                         NULL, "%s", buff);
998
999         /* Reference Timestamp: This is the time at which the local clock was
1000          * last set or corrected.
1001          */
1002         proto_tree_add_item(ntp_tree, hf_ntp_reftime, tvb, 16, 8, ENC_TIME_NTP|ENC_BIG_ENDIAN);
1003
1004         /* Originate Timestamp: This is the time at which the request departed
1005          * the client for the server.
1006          */
1007         proto_tree_add_item(ntp_tree, hf_ntp_org, tvb, 24, 8, ENC_TIME_NTP|ENC_BIG_ENDIAN);
1008
1009         /* Receive Timestamp: This is the time at which the request arrived at
1010          * the server.
1011          */
1012         proto_tree_add_item(ntp_tree, hf_ntp_rec, tvb, 32, 8, ENC_TIME_NTP|ENC_BIG_ENDIAN);
1013
1014         /* Transmit Timestamp: This is the time at which the reply departed the
1015          * server for the client.
1016          */
1017         proto_tree_add_item(ntp_tree, hf_ntp_xmt, tvb, 40, 8, ENC_TIME_NTP|ENC_BIG_ENDIAN);
1018
1019         /* MAX_MAC_LEN is the largest message authentication code
1020          * (MAC) length.  If we have more data left in the packet
1021          * after the header than that, the extra data is NTP4
1022          * extensions; parse them as such.
1023          */
1024         macofs = 48;
1025         while (tvb_reported_length_remaining(tvb, macofs) > (gint)MAX_MAC_LEN)
1026                 macofs = dissect_ntp_ext(tvb, pinfo, ntp_tree, macofs);
1027
1028         /* When the NTP authentication scheme is implemented, the
1029          * Key Identifier and Message Digest fields contain the
1030          * message authentication code (MAC) information defined in
1031          * Appendix C of RFC-1305. Will print this as hex code for now.
1032          */
1033         if (tvb_reported_length_remaining(tvb, macofs) >= 4)
1034                 proto_tree_add_item(ntp_tree, hf_ntp_keyid, tvb, macofs, 4, ENC_NA);
1035         macofs += 4;
1036         maclen = tvb_reported_length_remaining(tvb, macofs);
1037         if (maclen > 0)
1038                 proto_tree_add_item(ntp_tree, hf_ntp_mac, tvb, macofs, maclen, ENC_NA);
1039 }
1040
1041 static void
1042 dissect_ntp_ctrl(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *ntp_tree)
1043 {
1044         guint8 flags2;
1045         proto_tree *data_tree, *item_tree, *auth_tree;
1046         proto_item *td, *ti;
1047         guint16 associd;
1048         guint16 datalen;
1049         guint16 data_offset;
1050         gint length_remaining;
1051         gboolean auth_diss = FALSE;
1052
1053         tvbparse_t *tt;
1054         tvbparse_elem_t *element;
1055
1056         static const int *ntpctrl_flags[] = {
1057                 &hf_ntpctrl_flags2_r,
1058                 &hf_ntpctrl_flags2_error,
1059                 &hf_ntpctrl_flags2_more,
1060                 &hf_ntpctrl_flags2_opcode,
1061                 NULL
1062         };
1063         proto_tree_add_bitmask(ntp_tree, tvb, 0, hf_ntp_flags, ett_ntp_flags, ntp_header_fields, ENC_NA);
1064         proto_tree_add_bitmask(ntp_tree, tvb, 1, hf_ntpctrl_flags2, ett_ntpctrl_flags2, ntpctrl_flags, ENC_NA);
1065         flags2 = tvb_get_guint8(tvb, 1);
1066
1067         proto_tree_add_item(ntp_tree, hf_ntpctrl_sequence,    tvb, 2, 2, ENC_BIG_ENDIAN);
1068         associd = tvb_get_ntohs(tvb, 6);
1069         /*
1070          * further processing of status is only necessary in server responses
1071          */
1072         if (flags2 & NTPCTRL_R_MASK) {
1073                 if (flags2 & NTPCTRL_ERROR_MASK) {
1074                         /*
1075                          * if error bit is set: dissect error status word
1076                          *                      1
1077                          *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1078                          * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1079                          * |  Error Code   |   reserved    |
1080                          * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1081                          */
1082                         static const int *errorstatus[] = {
1083                                 &hf_ntpctrl_error_status_word,
1084                                 NULL
1085                         };
1086
1087                         /* Check if this is an error response... */
1088                         proto_tree_add_bitmask(ntp_tree, tvb, 4, hf_ntpctrl_status, ett_ntpctrl_status, errorstatus, ENC_BIG_ENDIAN);
1089                 } else {
1090                         /* ...otherwise status word depends on OpCode */
1091                         switch (flags2 & NTPCTRL_OP_MASK) {
1092                         case NTPCTRL_OP_READSTAT:
1093                         case NTPCTRL_OP_READVAR:
1094                         case NTPCTRL_OP_WRITEVAR:
1095                         case NTPCTRL_OP_ASYNCMSG:
1096                                 if (associd)
1097                                         proto_tree_add_bitmask(ntp_tree, tvb, 4, hf_ntpctrl_status, ett_ntpctrl_status, peer_status_flags, ENC_BIG_ENDIAN);
1098                                 else
1099                                 {
1100                                         /*
1101                                          * dissect system status word:
1102                                          *                      1
1103                                          *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1104                                          * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1105                                          * |LI | ClkSource | Count | Code  |
1106                                          * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1107                                          */
1108                                         static const int *systemstatus[] = {
1109                                                 &hf_ntpctrl_sys_status_li,
1110                                                 &hf_ntpctrl_sys_status_clksrc,
1111                                                 &hf_ntpctrl_sys_status_count,
1112                                                 &hf_ntpctrl_sys_status_code,
1113                                                 NULL
1114                                         };
1115
1116                                         proto_tree_add_bitmask(ntp_tree, tvb, 4, hf_ntpctrl_status, ett_ntpctrl_status, systemstatus, ENC_BIG_ENDIAN);
1117                                 }
1118                                 break;
1119                         case NTPCTRL_OP_READCLOCK:
1120                         case NTPCTRL_OP_WRITECLOCK:
1121                                 {
1122                                 /*
1123                                  * dissect clock status word:
1124                                  *                      1
1125                                  *  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
1126                                  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1127                                  * | Clock Status  |  Event Code   |
1128                                  * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
1129                                  */
1130                                 static const int *clockstatus[] = {
1131                                         &hf_ntpctrl_clk_status,
1132                                         &hf_ntpctrl_clk_status_code,
1133                                         NULL
1134                                 };
1135
1136                                 proto_tree_add_bitmask(ntp_tree, tvb, 4, hf_ntpctrl_status, ett_ntpctrl_status, clockstatus, ENC_BIG_ENDIAN);
1137                                 }
1138                                 break;
1139                         case NTPCTRL_OP_SETTRAP:
1140                         case NTPCTRL_OP_UNSETTRAP:
1141                         default:
1142                                 proto_tree_add_item(ntp_tree, hf_ntpctrl_status, tvb, 4, 2, ENC_BIG_ENDIAN);
1143                                 break;
1144                         }
1145                 }
1146         }
1147         else
1148         {
1149                 proto_tree_add_item(ntp_tree, hf_ntpctrl_status, tvb, 4, 2, ENC_BIG_ENDIAN);
1150         }
1151         proto_tree_add_item(ntp_tree, hf_ntpctrl_associd, tvb, 6, 2, ENC_BIG_ENDIAN);
1152         proto_tree_add_item(ntp_tree, hf_ntpctrl_offset, tvb, 8, 2, ENC_BIG_ENDIAN);
1153         datalen = tvb_get_ntohs(tvb, 10);
1154         proto_tree_add_uint(ntp_tree, hf_ntpctrl_count, tvb, 10, 2, datalen);
1155
1156         /*
1157          * dissect Data part of the NTP control message
1158          */
1159         if (datalen) {
1160                 data_offset = 12;
1161                 td = proto_tree_add_item(ntp_tree, hf_ntpctrl_data, tvb, data_offset, datalen, ENC_NA);
1162                 data_tree = proto_item_add_subtree(td, ett_ntpctrl_data);
1163                 switch(flags2 & NTPCTRL_OP_MASK) {
1164                 case NTPCTRL_OP_READSTAT:
1165                         if (!associd) {
1166                                 /*
1167                                  * if associd == 0 then data part contains a list of the form
1168                                  * <association identifier><status word>,
1169                                  */
1170                                 while(datalen) {
1171                                         ti = proto_tree_add_item(data_tree, hf_ntpctrl_item, tvb, data_offset, 4, ENC_NA);
1172                                         item_tree = proto_item_add_subtree(ti, ett_ntpctrl_item);
1173                                         proto_tree_add_item(item_tree, hf_ntpctrl_associd, tvb, data_offset, 2, ENC_BIG_ENDIAN);
1174                                         data_offset += 2;
1175                                         proto_tree_add_bitmask(ntp_tree, tvb, data_offset, hf_ntpctrl_status, ett_ntpctrl_status, peer_status_flags, ENC_BIG_ENDIAN);
1176                                         data_offset += 2;
1177                                         datalen -= 4;
1178                                 }
1179                                 break;
1180                         }
1181                         /*
1182                          * but if associd != 0,
1183                          * then data part could be the same as if opcode is NTPCTRL_OP_READVAR
1184                          * --> so, no "break" here!
1185                          */
1186                         /* FALL THROUGH */
1187                 case NTPCTRL_OP_READVAR:
1188                 case NTPCTRL_OP_WRITEVAR:
1189                 case NTPCTRL_OP_READCLOCK:
1190                 case NTPCTRL_OP_WRITECLOCK:
1191                         tt = tvbparse_init(tvb, data_offset, datalen, NULL, want_ignore);
1192                         while( (element = tvbparse_get(tt, want)) != NULL ) {
1193                                 tvbparse_tree_add_elem(data_tree, element);
1194                         }
1195                         break;
1196                 case NTPCTRL_OP_ASYNCMSG:
1197                         proto_tree_add_item(data_tree, hf_ntpctrl_trapmsg, tvb, data_offset, datalen, ENC_ASCII|ENC_NA);
1198                         break;
1199                 case NTPCTRL_OP_CONFIGURE:
1200                 case NTPCTRL_OP_SAVECONFIG:
1201                         proto_tree_add_item(data_tree, hf_ntpctrl_configuration, tvb, data_offset, datalen, ENC_ASCII|ENC_NA);
1202                         auth_diss = TRUE;
1203                         break;
1204                 case NTPCTRL_OP_READ_MRU:
1205                         proto_tree_add_item(data_tree, hf_ntpctrl_mru, tvb, data_offset, datalen, ENC_ASCII|ENC_NA);
1206                         auth_diss = TRUE;
1207                         break;
1208                 case NTPCTRL_OP_READ_ORDLIST_A:
1209                         proto_tree_add_item(data_tree, hf_ntpctrl_ordlist, tvb, data_offset, datalen, ENC_ASCII|ENC_NA);
1210                         auth_diss = TRUE;
1211                         break;
1212                 case NTPCTRL_OP_REQ_NONCE:
1213                         proto_tree_add_item(data_tree, hf_ntpctrl_nonce, tvb, data_offset, datalen, ENC_ASCII|ENC_NA);
1214                         auth_diss = TRUE;
1215                         break;
1216                 /* these opcodes doesn't carry any data: NTPCTRL_OP_SETTRAP, NTPCTRL_OP_UNSETTRAP, NTPCTRL_OP_UNSPEC */
1217                 }
1218         }
1219
1220         data_offset = 12+datalen;
1221
1222         /* Check if there is authentication */
1223         if (((flags2 & NTPCTRL_R_MASK) == 0) || auth_diss == TRUE)
1224         {
1225                 gint padding_length;
1226
1227                 length_remaining = tvb_reported_length_remaining(tvb, data_offset);
1228                 /* Check padding presence */
1229                 padding_length = (data_offset & 7) ? 8 - (data_offset & 7) : 0;
1230                 if (length_remaining > padding_length)
1231                 {
1232                         if (padding_length)
1233                         {
1234                                 proto_tree_add_item(ntp_tree, hf_ntp_padding, tvb, data_offset, padding_length, ENC_NA);
1235                                 data_offset += padding_length;
1236                                 length_remaining -= padding_length;
1237                         }
1238                         auth_tree = proto_tree_add_subtree(ntp_tree, tvb, data_offset, -1, ett_ntp_authenticator, NULL, "Authenticator");
1239                         switch (length_remaining)
1240                         {
1241                         case 20:
1242                                 ti = proto_tree_add_uint(auth_tree, hf_ntp_key_type, tvb, data_offset, 0, NTP_MD5_ALGO);
1243                                 PROTO_ITEM_SET_GENERATED(ti);
1244                                 proto_tree_add_item(auth_tree, hf_ntp_key_index, tvb, data_offset, 4, ENC_BIG_ENDIAN);
1245                                 proto_tree_add_item(auth_tree, hf_ntp_key_signature, tvb, data_offset+4, 16, ENC_NA);
1246                                 break;
1247                         case 24:
1248                                 ti = proto_tree_add_uint(auth_tree, hf_ntp_key_type, tvb, data_offset, 0, NTP_SHA_ALGO);
1249                                 PROTO_ITEM_SET_GENERATED(ti);
1250                                 proto_tree_add_item(auth_tree, hf_ntp_key_index, tvb, data_offset, 4, ENC_BIG_ENDIAN);
1251                                 proto_tree_add_item(auth_tree, hf_ntp_key_signature, tvb, data_offset+4, 20, ENC_NA);
1252                                 break;
1253                         }
1254                 }
1255         }
1256 }
1257
1258 /*
1259  * Initialize tvb-parser, which is used to dissect data part of NTP control
1260  * messages
1261  *
1262  * Here some constants are defined, which describes character groups used for
1263  * various purposes. These groups are then used to configure the two global
1264  * variables "want_ignore" and "want" that we use for dissection
1265  */
1266 static void
1267 init_parser(void)
1268 {
1269         /* specify what counts as character */
1270         tvbparse_wanted_t *want_identifier_str = tvbparse_chars(-1, 1, 0,
1271                 "abcdefghijklmnopqrstuvwxyz-_ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789", NULL, NULL, NULL);
1272         /* this is the equal sign used in assignments */
1273         tvbparse_wanted_t *want_equalsign = tvbparse_char(-1, "=", NULL, NULL, NULL);
1274         /* possible characters allowed for values */
1275         tvbparse_wanted_t *want_value = tvbparse_set_oneof(0, NULL, NULL, NULL,
1276                 tvbparse_quoted(-1, NULL, NULL, tvbparse_shrink_token_cb, '\"', '\\'),
1277                 tvbparse_quoted(-1, NULL, NULL, tvbparse_shrink_token_cb, '\'', '\\'),
1278                 tvbparse_chars(-1, 1, 0, "abcdefghijklmnopqrstuvwxyz-_ABCDEFGHIJKLMNOPQRSTUVWXYZ.0123456789 ", NULL, NULL, NULL),
1279                 NULL);
1280         tvbparse_wanted_t *want_comma = tvbparse_until(-1, NULL, NULL, NULL,
1281                 tvbparse_char(-1, ",", NULL, NULL, NULL), TP_UNTIL_SPEND);
1282         /* the following specifies an identifier */
1283         tvbparse_wanted_t *want_identifier = tvbparse_set_seq(-1, NULL, NULL, NULL,
1284                 want_identifier_str,
1285                 tvbparse_some(-1, 0, 1, NULL, NULL, NULL, want_comma),
1286                 NULL);
1287         /* the following specifies an assignment of the form identifier=value */
1288         tvbparse_wanted_t *want_assignment = tvbparse_set_seq(-1, NULL, NULL, NULL,
1289                 want_identifier_str,
1290                 want_equalsign,
1291                 tvbparse_some(-1, 0, 1, NULL, NULL, NULL, want_value),
1292                 tvbparse_some(-1, 0, 1, NULL, NULL, NULL, want_comma),
1293                 NULL);
1294
1295         /* we ignore white space characters */
1296         want_ignore = tvbparse_chars(-1, 1, 0, " \t\r\n", NULL, NULL, NULL);
1297         /* data part of control messages consists of either identifiers or assignments */
1298         want = tvbparse_set_oneof(-1, NULL, NULL, NULL,
1299                 want_assignment,
1300                 want_identifier,
1301                 NULL);
1302 }
1303
1304 static void
1305 dissect_ntp_priv(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *ntp_tree)
1306 {
1307         guint8 impl, reqcode;
1308         static const int *priv_flags[] = {
1309                 &hf_ntppriv_flags_r,
1310                 &hf_ntppriv_flags_more,
1311                 &hf_ntp_flags_vn,
1312                 &hf_ntp_flags_mode,
1313                 NULL
1314         };
1315
1316         static const int *auth_flags[] = {
1317                 &hf_ntppriv_auth,
1318                 &hf_ntppriv_seq,
1319                 NULL
1320         };
1321
1322         proto_tree_add_bitmask(ntp_tree, tvb, 0, hf_ntp_flags, ett_ntp_flags, priv_flags, ENC_NA);
1323         proto_tree_add_bitmask(ntp_tree, tvb, 0, hf_ntppriv_auth_seq, ett_ntppriv_auth_seq, auth_flags, ENC_NA);
1324
1325         impl = tvb_get_guint8(tvb, 2);
1326         proto_tree_add_uint(ntp_tree, hf_ntppriv_impl, tvb, 2, 1, impl);
1327
1328         reqcode = tvb_get_guint8(tvb, 3);
1329         proto_tree_add_uint(ntp_tree, hf_ntppriv_reqcode, tvb, 3, 1, reqcode);
1330
1331         if (impl == XNTPD && reqcode == MON_GETLIST_1) {
1332
1333                 guint16 numitems;
1334                 guint16 itemsize;
1335                 guint16 offset;
1336                 guint i;
1337
1338                 guint32 v6_flag = 0;
1339
1340                 proto_item* monlist_item;
1341                 proto_tree* monlist_item_tree;
1342
1343                 proto_tree_add_bits_item(ntp_tree, hf_ntppriv_errcode, tvb, 32, 4, ENC_BIG_ENDIAN);
1344                 proto_tree_add_bits_item(ntp_tree, hf_ntppriv_numitems, tvb, 36, 12, ENC_BIG_ENDIAN);
1345                 proto_tree_add_bits_item(ntp_tree, hf_ntppriv_mbz, tvb, 48, 4, ENC_BIG_ENDIAN);
1346                 proto_tree_add_bits_item(ntp_tree, hf_ntppriv_itemsize, tvb, 52, 12, ENC_BIG_ENDIAN);
1347
1348                 numitems = tvb_get_letohs(tvb, 5) & 0x0FFF;
1349                 itemsize = tvb_get_letohs(tvb, 7) & 0x0FFF;
1350
1351                 for (i = 0; i < numitems; i++) {
1352
1353                         offset = 8 + itemsize * i;
1354
1355                         monlist_item = proto_tree_add_string_format(ntp_tree, hf_monlist_item, tvb, offset,
1356                                 itemsize, "Monlist Item", "Monlist item: address: %s:%u",
1357                                 tvb_ip_to_str(tvb, offset + 16), tvb_get_ntohs(tvb, offset + 28));
1358                         monlist_item_tree = proto_item_add_subtree(monlist_item, ett_monlist_item);
1359
1360                         proto_tree_add_item(monlist_item_tree, hf_ntppriv_avgint, tvb, offset, 4, ENC_BIG_ENDIAN);
1361                         proto_tree_add_item(monlist_item_tree, hf_ntppriv_lsint, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1362                         proto_tree_add_item(monlist_item_tree, hf_ntppriv_restr, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
1363                         proto_tree_add_item(monlist_item_tree, hf_ntppriv_count, tvb, offset + 12, 4, ENC_BIG_ENDIAN);
1364                         proto_tree_add_item(monlist_item_tree, hf_ntppriv_addr, tvb, offset + 16, 4, ENC_BIG_ENDIAN);
1365                         proto_tree_add_item(monlist_item_tree, hf_ntppriv_daddr, tvb, offset + 20, 4, ENC_BIG_ENDIAN);
1366                         proto_tree_add_item(monlist_item_tree, hf_ntppriv_flags, tvb, offset + 24, 4, ENC_BIG_ENDIAN);
1367                         proto_tree_add_item(monlist_item_tree, hf_ntppriv_port, tvb, offset + 28, 2, ENC_BIG_ENDIAN);
1368                         proto_tree_add_item(monlist_item_tree, hf_ntppriv_mode, tvb, offset + 30, 1, ENC_BIG_ENDIAN);
1369                         proto_tree_add_item(monlist_item_tree, hf_ntppriv_version, tvb, offset + 31, 1, ENC_BIG_ENDIAN);
1370                         proto_tree_add_item_ret_uint(monlist_item_tree, hf_ntppriv_v6_flag, tvb, offset + 32, 4, ENC_BIG_ENDIAN, &v6_flag);
1371
1372                         if (v6_flag != 0) {
1373                                 proto_tree_add_item(monlist_item_tree, hf_ntppriv_addr6, tvb, offset + 36, 16, ENC_NA);
1374                                 proto_tree_add_item(monlist_item_tree, hf_ntppriv_daddr6, tvb, offset + 52, 16, ENC_NA);
1375                         }
1376                 }
1377         }
1378 }
1379
1380 /* dissect_ntp - dissects NTP packet data
1381  * tvb - tvbuff for packet data (IN)
1382  * pinfo - packet info
1383  * proto_tree - resolved protocol tree
1384  */
1385 static int
1386 dissect_ntp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
1387 {
1388         proto_tree *ntp_tree;
1389         proto_item *ti = NULL;
1390         guint8 flags;
1391         void (*dissector)(tvbuff_t *, packet_info *, proto_tree *);
1392
1393         col_set_str(pinfo->cinfo, COL_PROTOCOL, "NTP");
1394
1395         col_clear(pinfo->cinfo, COL_INFO);
1396
1397         flags = tvb_get_guint8(tvb, 0);
1398         switch (flags & NTP_MODE_MASK) {
1399         default:
1400                 dissector = dissect_ntp_std;
1401                 break;
1402         case NTP_MODE_CTRL:
1403                 dissector = dissect_ntp_ctrl;
1404                 break;
1405         case NTP_MODE_PRIV:
1406                 dissector = dissect_ntp_priv;
1407                 break;
1408         }
1409
1410         /* Adding NTP item and subtree */
1411         ti = proto_tree_add_item(tree, proto_ntp, tvb, 0, -1, ENC_NA);
1412         ntp_tree = proto_item_add_subtree(ti, ett_ntp);
1413
1414         /* Show version and mode in info column and NTP root */
1415         col_add_fstr(pinfo->cinfo, COL_INFO, "%s, %s",
1416                 val_to_str_const((flags & NTP_VN_MASK) >> 3, ver_nums, "Unknown version"),
1417                 val_to_str_const(flags & NTP_MODE_MASK, info_mode_types, "Unknown"));
1418
1419         proto_item_append_text(ti, " (%s, %s)",
1420                 val_to_str_const((flags & NTP_VN_MASK) >> 3, ver_nums, "Unknown version"),
1421                 val_to_str_const(flags & NTP_MODE_MASK, info_mode_types, "Unknown"));
1422
1423         /* Dissect according to mode */
1424         (*dissector)(tvb, pinfo, ntp_tree);
1425         return tvb_captured_length(tvb);
1426 }
1427
1428 void
1429 proto_register_ntp(void)
1430 {
1431         static hf_register_info hf[] = {
1432                 { &hf_ntp_flags, {
1433                         "Flags", "ntp.flags", FT_UINT8, BASE_HEX,
1434                         NULL, 0, "Flags (Leap/Version/Mode)", HFILL }},
1435                 { &hf_ntp_flags_li, {
1436                         "Leap Indicator", "ntp.flags.li", FT_UINT8, BASE_DEC,
1437                         VALS(li_types), NTP_LI_MASK, "Warning of an impending leap second to be inserted or deleted in the last minute of the current month", HFILL }},
1438                 { &hf_ntp_flags_vn, {
1439                         "Version number", "ntp.flags.vn", FT_UINT8, BASE_DEC,
1440                         VALS(ver_nums), NTP_VN_MASK, NULL, HFILL }},
1441                 { &hf_ntp_flags_mode, {
1442                         "Mode", "ntp.flags.mode", FT_UINT8, BASE_DEC,
1443                         VALS(mode_types), NTP_MODE_MASK, NULL, HFILL }},
1444                 { &hf_ntp_stratum, {
1445                         "Peer Clock Stratum", "ntp.stratum", FT_UINT8, BASE_DEC|BASE_RANGE_STRING,
1446                         RVALS(stratum_rvals), 0, NULL, HFILL }},
1447                 { &hf_ntp_ppoll, {
1448                         "Peer Polling Interval", "ntp.ppoll", FT_UINT8, BASE_DEC,
1449                         NULL, 0, "Maximum interval between successive messages", HFILL }},
1450                 { &hf_ntp_precision, {
1451                         "Peer Clock Precision", "ntp.precision", FT_UINT8, BASE_DEC,
1452                         NULL, 0, "The precision of the system clock", HFILL }},
1453                 { &hf_ntp_rootdelay, {
1454                         "Root Delay", "ntp.rootdelay", FT_DOUBLE, BASE_NONE|BASE_UNIT_STRING,
1455                         &units_second_seconds, 0, "Total round-trip delay to the reference clock", HFILL }},
1456                 { &hf_ntp_rootdispersion, {
1457                         "Root Dispersion", "ntp.rootdispersion", FT_DOUBLE, BASE_NONE|BASE_UNIT_STRING,
1458                         &units_second_seconds, 0, "Total dispersion to the reference clock", HFILL }},
1459                 { &hf_ntp_refid, {
1460                         "Reference ID", "ntp.refid", FT_BYTES, BASE_NONE,
1461                         NULL, 0, "Particular server or reference clock being used", HFILL }},
1462                 { &hf_ntp_reftime, {
1463                         "Reference Timestamp", "ntp.reftime", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC,
1464                         NULL, 0, "Time when the system clock was last set or corrected", HFILL }},
1465                 { &hf_ntp_org, {
1466                         "Origin Timestamp", "ntp.org", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC,
1467                         NULL, 0, "Time at the client when the request departed for the server", HFILL }},
1468                 { &hf_ntp_rec, {
1469                         "Receive Timestamp", "ntp.rec", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC,
1470                         NULL, 0, "Time at the server when the request arrived from the client", HFILL }},
1471                 { &hf_ntp_xmt, {
1472                         "Transmit Timestamp", "ntp.xmt", FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC,
1473                         NULL, 0, "Time at the server when the response left for the client", HFILL }},
1474                 { &hf_ntp_keyid, {
1475                         "Key ID", "ntp.keyid", FT_BYTES, BASE_NONE,
1476                         NULL, 0, NULL, HFILL }},
1477                 { &hf_ntp_mac, {
1478                         "Message Authentication Code", "ntp.mac", FT_BYTES, BASE_NONE,
1479                         NULL, 0, NULL, HFILL }},
1480                 { &hf_ntp_padding, {
1481                         "Padding", "ntp.padding", FT_BYTES, BASE_NONE,
1482                         NULL, 0, NULL, HFILL }},
1483                 { &hf_ntp_key_type, {
1484                         "Key type", "ntp.key_type", FT_UINT8, BASE_DEC,
1485                         VALS(authentication_types), 0, "Authentication algorithm used", HFILL }},
1486                 { &hf_ntp_key_index, {
1487                         "KeyIndex", "ntp.key_index", FT_UINT32, BASE_HEX,
1488                         NULL, 0, NULL, HFILL }},
1489                 { &hf_ntp_key_signature, {
1490                         "Signature", "ntp.key_signature", FT_BYTES, BASE_NONE,
1491                         NULL, 0, NULL, HFILL }},
1492
1493                 { &hf_ntp_ext, {
1494                         "Extension", "ntp.ext", FT_NONE, BASE_NONE,
1495                         NULL, 0, NULL, HFILL }},
1496                 { &hf_ntp_ext_flags, {
1497                         "Flags", "ntp.ext.flags", FT_UINT8, BASE_HEX,
1498                         NULL, 0, "Flags (Response/Error/Version)", HFILL }},
1499                 { &hf_ntp_ext_flags_r, {
1500                         "Response bit", "ntp.ext.flags.r", FT_UINT8, BASE_DEC,
1501                         VALS(ext_r_types), NTP_EXT_R_MASK, NULL, HFILL }},
1502                 { &hf_ntp_ext_flags_error, {
1503                         "Error bit", "ntp.ext.flags.error", FT_UINT8, BASE_DEC,
1504                         NULL, NTP_EXT_ERROR_MASK, NULL, HFILL }},
1505                 { &hf_ntp_ext_flags_vn, {
1506                         "Version", "ntp.ext.flags.vn", FT_UINT8, BASE_DEC,
1507                         NULL, NTP_EXT_VN_MASK, NULL, HFILL }},
1508                 { &hf_ntp_ext_op, {
1509                         "Opcode", "ntp.ext.op", FT_UINT8, BASE_DEC,
1510                         VALS(ext_op_types), 0, NULL, HFILL }},
1511                 { &hf_ntp_ext_len, {
1512                         "Extension length", "ntp.ext.len", FT_UINT16, BASE_DEC,
1513                         NULL, 0, NULL, HFILL }},
1514                 { &hf_ntp_ext_associd, {
1515                         "Association ID", "ntp.ext.associd", FT_UINT32, BASE_DEC,
1516                         NULL, 0, NULL, HFILL }},
1517                 { &hf_ntp_ext_tstamp, {
1518                         "Timestamp", "ntp.ext.tstamp", FT_UINT32, BASE_HEX,
1519                         NULL, 0, NULL, HFILL }},
1520                 { &hf_ntp_ext_fstamp, {
1521                         "File Timestamp", "ntp.ext.fstamp", FT_UINT32, BASE_HEX,
1522                         NULL, 0, NULL, HFILL }},
1523                 { &hf_ntp_ext_vallen, {
1524                         "Value length", "ntp.ext.vallen", FT_UINT32, BASE_DEC,
1525                         NULL, 0, NULL, HFILL }},
1526                 { &hf_ntp_ext_val, {
1527                         "Value", "ntp.ext.val", FT_BYTES, BASE_NONE,
1528                         NULL, 0, NULL, HFILL }},
1529                 { &hf_ntp_ext_siglen, {
1530                         "Signature length", "ntp.ext.siglen", FT_UINT32, BASE_DEC,
1531                         NULL, 0, NULL, HFILL }},
1532                 { &hf_ntp_ext_sig, {
1533                         "Signature", "ntp.ext.sig", FT_BYTES, BASE_NONE,
1534                         NULL, 0, NULL, HFILL }},
1535
1536                 { &hf_ntpctrl_flags2, {
1537                         "Flags 2", "ntp.ctrl.flags2", FT_UINT8, BASE_HEX,
1538                         NULL, 0, "Flags (Response/Error/More/Opcode)", HFILL }},
1539                 { &hf_ntpctrl_flags2_r, {
1540                         "Response bit", "ntp.ctrl.flags2.r", FT_UINT8, BASE_DEC,
1541                         VALS(ctrl_r_types), NTPCTRL_R_MASK, NULL, HFILL }},
1542                 { &hf_ntpctrl_flags2_error, {
1543                         "Error bit", "ntp.ctrl.flags2.error", FT_UINT8, BASE_DEC,
1544                         NULL, NTPCTRL_ERROR_MASK, NULL, HFILL }},
1545                 { &hf_ntpctrl_flags2_more, {
1546                         "More bit", "ntp.ctrl.flags2.more", FT_UINT8, BASE_DEC,
1547                         NULL, NTPCTRL_MORE_MASK, NULL, HFILL }},
1548                 { &hf_ntpctrl_flags2_opcode, {
1549                         "Opcode", "ntp.ctrl.flags2.opcode", FT_UINT8, BASE_DEC,
1550                         VALS(ctrl_op_types), NTPCTRL_OP_MASK, NULL, HFILL }},
1551                 { &hf_ntpctrl_sequence, {
1552                         "Sequence", "ntp.ctrl.sequence", FT_UINT16, BASE_DEC,
1553                         NULL, 0, NULL, HFILL }},
1554                 { &hf_ntpctrl_status, {
1555                         "Status", "ntp.ctrl.status", FT_UINT16, BASE_HEX,
1556                         NULL, 0, NULL, HFILL }},
1557                 { &hf_ntpctrl_error_status_word, {
1558                         "Error Status Word", "ntp.ctrl.err_status", FT_UINT16, BASE_DEC,
1559                         VALS(ctrl_err_status_types), NTP_CTRL_ERRSTATUS_CODE_MASK, NULL, HFILL }},
1560                 { &hf_ntpctrl_sys_status_li, {
1561                         "Leap Indicator", "ntp.ctrl.sys_status.li", FT_UINT16, BASE_DEC,
1562                         VALS(li_types), NTPCTRL_SYSSTATUS_LI_MASK, "Warning of an impending leap second to be inserted or deleted in the last minute of the current month", HFILL }},
1563                 { &hf_ntpctrl_sys_status_clksrc, {
1564                         "Clock Source", "ntp.ctrl.sys_status.clksrc", FT_UINT16, BASE_DEC,
1565                         VALS(ctrl_sys_status_clksource_types), NTPCTRL_SYSSTATUS_CLK_MASK, NULL, HFILL }},
1566                 { &hf_ntpctrl_sys_status_count, {
1567                         "System Event Counter", "ntp.ctrl.sys_status.count", FT_UINT16, BASE_DEC,
1568                         NULL, NTPCTRL_SYSSTATUS_COUNT_MASK, NULL, HFILL }},
1569                 { &hf_ntpctrl_sys_status_code, {
1570                         "System Event Code", "ntp.ctrl.sys_status.code", FT_UINT16, BASE_DEC,
1571                         VALS(ctrl_sys_status_event_types), NTPCTRL_SYSSTATUS_CODE_MASK, NULL, HFILL }},
1572                 { &hf_ntpctrl_peer_status_b0, {
1573                         "Peer Status", "ntp.ctrl.peer_status.config", FT_BOOLEAN, 16,
1574                         TFS(&tfs_ctrl_peer_status_config), NTPCTRL_PEERSTATUS_CONFIG_MASK, NULL, HFILL }},
1575                 { &hf_ntpctrl_peer_status_b1, {
1576                         "Peer Status", "ntp.ctrl.peer_status.authenable", FT_BOOLEAN, 16,
1577                         TFS(&tfs_ctrl_peer_status_authenable), NTPCTRL_PEERSTATUS_AUTHENABLE_MASK, NULL, HFILL }},
1578                 { &hf_ntpctrl_peer_status_b2, {
1579                         "Peer Status", "ntp.ctrl.peer_status.authentic", FT_BOOLEAN, 16,
1580                         TFS(&tfs_ctrl_peer_status_authentic), NTPCTRL_PEERSTATUS_AUTHENTIC_MASK, NULL, HFILL }},
1581                 { &hf_ntpctrl_peer_status_b3, {
1582                         "Peer Status", "ntp.ctrl.peer_status.reach", FT_BOOLEAN, 16,
1583                         TFS(&tfs_ctrl_peer_status_reach), NTPCTRL_PEERSTATUS_REACH_MASK, NULL, HFILL }},
1584                 { &hf_ntpctrl_peer_status_b4, {
1585                         "Peer Status broadcast association", "ntp.ctrl.peer_status.bcast", FT_BOOLEAN, 16,
1586                         TFS(&tfs_set_notset), NTPCTRL_PEERSTATUS_BCAST_MASK, NULL, HFILL }},
1587                 { &hf_ntpctrl_peer_status_selection, {
1588                         "Peer Selection", "ntp.ctrl.peer_status.selection", FT_UINT16, BASE_DEC,
1589                         VALS(ctrl_peer_status_selection_types), NTPCTRL_PEERSTATUS_SEL_MASK, NULL, HFILL }},
1590                 { &hf_ntpctrl_peer_status_count, {
1591                         "Peer Event Counter", "ntp.ctrl.peer_status.count", FT_UINT16, BASE_DEC,
1592                         NULL, NTPCTRL_PEERSTATUS_COUNT_MASK, NULL, HFILL }},
1593                 { &hf_ntpctrl_peer_status_code, {
1594                         "Peer Event Code", "ntp.ctrl.peer_status.code", FT_UINT16, BASE_DEC,
1595                         VALS(ctrl_peer_status_event_types), NTPCTRL_PEERSTATUS_CODE_MASK, NULL, HFILL }},
1596                 { &hf_ntpctrl_clk_status, {
1597                         "Clock Status", "ntp.ctrl.clock_status.status", FT_UINT16, BASE_DEC,
1598                         VALS(ctrl_clk_status_types), NTPCTRL_CLKSTATUS_STATUS_MASK, NULL, HFILL }},
1599                 { &hf_ntpctrl_clk_status_code, {
1600                         "Clock Event Code", "ntp.ctrl.clock_status.code", FT_UINT16, BASE_DEC,
1601                         NULL, NTPCTRL_CLKSTATUS_CODE_MASK, NULL, HFILL }},
1602                 { &hf_ntpctrl_data, {
1603                         "Data", "ntp.ctrl.data", FT_NONE, BASE_NONE,
1604                         NULL, 0, NULL, HFILL }},
1605                 { &hf_ntpctrl_item, {
1606                         "Item", "ntp.ctrl.item", FT_NONE, BASE_NONE,
1607                         NULL, 0, NULL, HFILL }},
1608                 { &hf_ntpctrl_associd, {
1609                         "AssociationID", "ntp.ctrl.associd", FT_UINT16, BASE_DEC,
1610                         NULL, 0, NULL, HFILL }},
1611                 { &hf_ntpctrl_offset, {
1612                         "Offset", "ntp.ctrl.offset", FT_UINT16, BASE_DEC,
1613                         NULL, 0, NULL, HFILL }},
1614                 { &hf_ntpctrl_count, {
1615                         "Count", "ntp.ctrl.count", FT_UINT16, BASE_DEC,
1616                         NULL, 0, NULL, HFILL }},
1617                 { &hf_ntpctrl_trapmsg, {
1618                         "Trap message", "ntp.ctrl.trapmsg", FT_STRING, BASE_NONE,
1619                         NULL, 0, NULL, HFILL }},
1620                 { &hf_ntpctrl_configuration, {
1621                         "Configuration", "ntp.ctrl.configuration", FT_STRING, BASE_NONE,
1622                         NULL, 0, NULL, HFILL }},
1623                 { &hf_ntpctrl_mru, {
1624                         "MRU", "ntp.ctrl.mru", FT_STRING, BASE_NONE,
1625                         NULL, 0, NULL, HFILL }},
1626                 { &hf_ntpctrl_ordlist, {
1627                         "Ordered List", "ntp.ctrl.ordlist", FT_STRING, BASE_NONE,
1628                         NULL, 0, NULL, HFILL }},
1629                 { &hf_ntpctrl_nonce, {
1630                         "Nonce", "ntp.ctrl.nonce", FT_STRING, BASE_NONE,
1631                         NULL, 0, NULL, HFILL }},
1632
1633                 { &hf_ntppriv_flags_r, {
1634                         "Response bit", "ntp.priv.flags.r", FT_UINT8, BASE_DEC,
1635                         VALS(priv_r_types), NTPPRIV_R_MASK, NULL, HFILL }},
1636                 { &hf_ntppriv_flags_more, {
1637                         "More bit", "ntp.priv.flags.more", FT_UINT8, BASE_DEC,
1638                         NULL, NTPPRIV_MORE_MASK, NULL, HFILL }},
1639                 { &hf_ntppriv_auth_seq, {
1640                         "Auth, sequence", "ntp.priv.auth_seq", FT_UINT8, BASE_DEC,
1641                         NULL, 0, "Auth bit, sequence number", HFILL }},
1642                 { &hf_ntppriv_auth, {
1643                         "Auth bit", "ntp.priv.auth", FT_UINT8, BASE_DEC,
1644                         NULL, NTPPRIV_AUTH_MASK, NULL, HFILL }},
1645                 { &hf_ntppriv_seq, {
1646                         "Sequence number", "ntp.priv.seq", FT_UINT8, BASE_DEC,
1647                         NULL, NTPPRIV_SEQ_MASK, NULL, HFILL }},
1648                 { &hf_ntppriv_impl, {
1649                         "Implementation", "ntp.priv.impl", FT_UINT8, BASE_DEC,
1650                         VALS(priv_impl_types), 0, NULL, HFILL }},
1651                 { &hf_ntppriv_reqcode, {
1652                         "Request code", "ntp.priv.reqcode", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
1653                         &priv_rc_types_ext, 0, NULL, HFILL }},
1654                 { &hf_ntppriv_errcode, {
1655                         "Err", "ntp.priv.err", FT_UINT8, BASE_HEX,
1656                         VALS(err_values_types), 0, NULL, HFILL }},
1657                 { &hf_ntppriv_numitems, {
1658                         "Number of data items", "ntp.priv.numitems", FT_UINT16, BASE_DEC,
1659                         NULL, 0, NULL, HFILL }},
1660                 { &hf_ntppriv_mbz, {
1661                         "Reserved", "ntp.priv.reserved", FT_UINT8, BASE_HEX,
1662                         NULL, 0, NULL, HFILL }},
1663                 { &hf_monlist_item, {
1664                         "Monlist item", "ntp.priv.monlist.item",
1665                         FT_STRINGZ, BASE_NONE, NULL, 0x00, NULL, HFILL }},
1666                 { &hf_ntppriv_itemsize, {
1667                         "Size of data item", "ntp.priv.monlist.itemsize", FT_UINT16, BASE_HEX,
1668                         NULL, 0, NULL, HFILL }},
1669                 { &hf_ntppriv_avgint, {
1670                         "avgint", "ntp.priv.monlist.avgint", FT_UINT32, BASE_DEC,
1671                         NULL, 0, NULL, HFILL }},
1672                 { &hf_ntppriv_lsint, {
1673                         "lsint", "ntp.priv.monlist.lsint", FT_UINT32, BASE_DEC,
1674                         NULL, 0, NULL, HFILL }},
1675                 { &hf_ntppriv_restr, {
1676                         "restr", "ntp.priv.monlist.restr", FT_UINT32, BASE_HEX,
1677                         NULL, 0, NULL, HFILL }},
1678                 { &hf_ntppriv_count, {
1679                         "count", "ntp.priv.monlist.count", FT_UINT32, BASE_DEC,
1680                         NULL, 0, NULL, HFILL }},
1681                 { &hf_ntppriv_addr, {
1682                         "remote address", "ntp.priv.monlist.remote_address", FT_IPv4, BASE_NONE,
1683                         NULL, 0, NULL, HFILL }},
1684                 { &hf_ntppriv_daddr, {
1685                         "local address", "ntp.priv.monlist.local_address", FT_IPv4, BASE_NONE,
1686                         NULL, 0, NULL, HFILL }},
1687                 { &hf_ntppriv_flags, {
1688                         "flags", "ntp.priv.monlist.flags", FT_UINT32, BASE_HEX,
1689                         NULL, 0, NULL, HFILL }},
1690                 { &hf_ntppriv_port, {
1691                         "port", "ntp.priv.monlist.port", FT_UINT16, BASE_DEC,
1692                         NULL, 0, NULL, HFILL }},
1693                 { &hf_ntppriv_mode, {
1694                         "mode", "ntp.priv.monlist.mode", FT_UINT8, BASE_DEC,
1695                         NULL, 0, NULL, HFILL }},
1696                 { &hf_ntppriv_version, {
1697                         "version", "ntp.priv.monlist.version", FT_UINT8, BASE_DEC,
1698                         NULL, 0, NULL, HFILL }},
1699                 { &hf_ntppriv_v6_flag, {
1700                         "ipv6", "ntp.priv.monlist.ipv6", FT_UINT32, BASE_DEC,
1701                         NULL, 0, NULL, HFILL }},
1702                 { &hf_ntppriv_addr6, {
1703                         "ipv6 remote addr", "ntp.priv.monlist.addr6", FT_IPv6, BASE_NONE,
1704                         NULL, 0, NULL, HFILL }},
1705                 { &hf_ntppriv_daddr6, {
1706                         "ipv6 local addr", "ntp.priv.monlist.daddr6", FT_IPv6, BASE_NONE,
1707                         NULL, 0, NULL, HFILL }}
1708         };
1709         static gint *ett[] = {
1710                 &ett_ntp,
1711                 &ett_ntp_flags,
1712                 &ett_ntp_ext,
1713                 &ett_ntp_ext_flags,
1714                 &ett_ntpctrl_flags2,
1715                 &ett_ntpctrl_status,
1716                 &ett_ntpctrl_data,
1717                 &ett_ntpctrl_item,
1718                 &ett_ntppriv_auth_seq,
1719                 &ett_monlist_item,
1720                 &ett_ntp_authenticator
1721         };
1722
1723         static ei_register_info ei[] = {
1724                 { &ei_ntp_ext, { "ntp.ext.invalid_length", PI_PROTOCOL, PI_WARN, "Extension invalid length", EXPFILL }},
1725         };
1726
1727         expert_module_t* expert_ntp;
1728
1729         proto_ntp = proto_register_protocol("Network Time Protocol", "NTP", "ntp");
1730         proto_register_field_array(proto_ntp, hf, array_length(hf));
1731         proto_register_subtree_array(ett, array_length(ett));
1732         expert_ntp = expert_register_protocol(proto_ntp);
1733         expert_register_field_array(expert_ntp, ei, array_length(ei));
1734
1735         init_parser();
1736 }
1737
1738 void
1739 proto_reg_handoff_ntp(void)
1740 {
1741         dissector_handle_t ntp_handle;
1742
1743         ntp_handle = create_dissector_handle(dissect_ntp, proto_ntp);
1744         dissector_add_uint_with_preference("udp.port", UDP_PORT_NTP, ntp_handle);
1745         dissector_add_uint_with_preference("tcp.port", TCP_PORT_NTP, ntp_handle);
1746 }
1747
1748 /*
1749  * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
1750  *
1751  * Local variables:
1752  * c-basic-offset: 8
1753  * tab-width: 8
1754  * indent-tabs-mode: t
1755  * End:
1756  *
1757  * vi: set shiftwidth=8 tabstop=8 noexpandtab:
1758  * :indentSize=8:tabSize=8:noTabs=false:
1759  */