diff options
| author | Uli Heilmeier <uh@heilmeier.eu> | 2018-01-12 14:04:10 +0100 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2018-01-12 15:34:56 +0000 |
| commit | f98cf967bd38eb52a321321cb555c0c302a14318 (patch) | |
| tree | 5def55278d949a9ae37b3c46c36816f1ce128f65 | |
| parent | 2d7c2421f6f87440332617870b620e6ecb16a031 (diff) | |
NTP: Decode data of opcodes 8,9,10,11,12
Decode additional data of NTP opcodes 8,9,10,11,12 only as one string.
There's room for improvement to dissect the string for all the
name=value pairs. To do so more samples of different implementations are
needed.
Used reference:
* https://tools.ietf.org/html/draft-ietf-ntp-mode-6-cmds-03
* http://doc.ntp.org/
* sample captures attached to bug
Bug: 14270
Change-Id: I4da537bf2a984b673845333714d8a8cb873f3147
Reviewed-on: https://code.wireshark.org/review/25281
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
| -rw-r--r-- | epan/dissectors/packet-ntp.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ntp.c b/epan/dissectors/packet-ntp.c index cdb78ab86b..6b058015f6 100644 --- a/epan/dissectors/packet-ntp.c +++ b/epan/dissectors/packet-ntp.c @@ -553,6 +553,10 @@ static int hf_ntpctrl_count = -1; static int hf_ntpctrl_data = -1; static int hf_ntpctrl_item = -1; static int hf_ntpctrl_trapmsg = -1; +static int hf_ntpctrl_ordlist = -1; +static int hf_ntpctrl_configuration = -1; +static int hf_ntpctrl_mru = -1; +static int hf_ntpctrl_nonce = -1; static int hf_ntppriv_flags_r = -1; static int hf_ntppriv_flags_more = -1; @@ -1058,6 +1062,7 @@ dissect_ntp_ctrl(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *ntp_tree) guint16 datalen; guint16 data_offset; gint length_remaining; + gboolean auth_diss = FALSE; tvbparse_t *tt; tvbparse_elem_t *element; @@ -1205,6 +1210,23 @@ dissect_ntp_ctrl(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *ntp_tree) case NTPCTRL_OP_ASYNCMSG: proto_tree_add_item(data_tree, hf_ntpctrl_trapmsg, tvb, data_offset, datalen, ENC_ASCII|ENC_NA); break; + case NTPCTRL_OP_CONFIGURE: + case NTPCTRL_OP_SAVECONFIG: + proto_tree_add_item(data_tree, hf_ntpctrl_configuration, tvb, data_offset, datalen, ENC_ASCII|ENC_NA); + auth_diss = TRUE; + break; + case NTPCTRL_OP_READ_MRU: + proto_tree_add_item(data_tree, hf_ntpctrl_mru, tvb, data_offset, datalen, ENC_ASCII|ENC_NA); + auth_diss = TRUE; + break; + case NTPCTRL_OP_READ_ORDLIST_A: + proto_tree_add_item(data_tree, hf_ntpctrl_ordlist, tvb, data_offset, datalen, ENC_ASCII|ENC_NA); + auth_diss = TRUE; + break; + case NTPCTRL_OP_REQ_NONCE: + proto_tree_add_item(data_tree, hf_ntpctrl_nonce, tvb, data_offset, datalen, ENC_ASCII|ENC_NA); + auth_diss = TRUE; + break; /* these opcodes doesn't carry any data: NTPCTRL_OP_SETTRAP, NTPCTRL_OP_UNSETTRAP, NTPCTRL_OP_UNSPEC */ } } @@ -1212,7 +1234,7 @@ dissect_ntp_ctrl(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *ntp_tree) data_offset = 12+datalen; /* Check if there is authentication */ - if ((flags2 & NTPCTRL_R_MASK) == 0) + if (((flags2 & NTPCTRL_R_MASK) == 0) || auth_diss == TRUE) { gint padding_length; @@ -1611,6 +1633,18 @@ proto_register_ntp(void) { &hf_ntpctrl_trapmsg, { "Trap message", "ntp.ctrl.trapmsg", FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, + { &hf_ntpctrl_configuration, { + "Configuration", "ntp.ctrl.configuration", FT_STRING, BASE_NONE, + NULL, 0, NULL, HFILL }}, + { &hf_ntpctrl_mru, { + "MRU", "ntp.ctrl.mru", FT_STRING, BASE_NONE, + NULL, 0, NULL, HFILL }}, + { &hf_ntpctrl_ordlist, { + "Ordered List", "ntp.ctrl.ordlist", FT_STRING, BASE_NONE, + NULL, 0, NULL, HFILL }}, + { &hf_ntpctrl_nonce, { + "Nonce", "ntp.ctrl.nonce", FT_STRING, BASE_NONE, + NULL, 0, NULL, HFILL }}, { &hf_ntppriv_flags_r, { "Response bit", "ntp.priv.flags.r", FT_UINT8, BASE_DEC, |