diff options
| author | Ivan Kapranov <44571881+koltiradw@users.noreply.github.com> | 2025-02-15 15:22:05 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-15 13:22:05 +0100 |
| commit | 005f7030cb58aedfabe871330638a6fa5c181f86 (patch) | |
| tree | bb4a3c395726cdf694d83e90c64667ac6e2205e2 | |
| parent | 3c4d7e11fdd782f1803513aac689df2bbd396ee0 (diff) | |
reworked ntp info extraction (#2723)
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/ntp.c | 14 |
3 files changed, 8 insertions, 12 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 15c83d325..c1c57bb6f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1439,8 +1439,8 @@ struct ndpi_flow_struct { } dns; struct { - u_int8_t request_code; u_int8_t version; + u_int8_t mode; } ntp; struct { diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 2fe6ec584..64c6c2d6d 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1383,8 +1383,8 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, case NDPI_PROTOCOL_NTP: ndpi_serialize_start_of_block(serializer, "ntp"); - ndpi_serialize_string_uint32(serializer, "request_code", flow->protos.ntp.request_code); - ndpi_serialize_string_uint32(serializer, "version", flow->protos.ntp.request_code); + ndpi_serialize_string_uint32(serializer, "version", flow->protos.ntp.version); + ndpi_serialize_string_uint32(serializer, "mode", flow->protos.ntp.mode); ndpi_serialize_end_of_block(serializer); break; diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c index 79c8d3979..1804fdceb 100644 --- a/src/lib/protocols/ntp.c +++ b/src/lib/protocols/ntp.c @@ -44,15 +44,11 @@ static void ndpi_search_ntp_udp(struct ndpi_detection_module_struct *ndpi_struct if (packet->udp->dest == htons(123) || packet->udp->source == htons(123)) { NDPI_LOG_DBG2(ndpi_struct, "NTP port and length detected\n"); - - if ((((packet->payload[0] & 0x38) >> 3) <= 4)) { - - // 38 in binary representation is 00111000 - flow->protos.ntp.version = (packet->payload[0] & 0x38) >> 3; - - if (packet->payload_packet_len > 3 && flow->protos.ntp.version == 2) { - flow->protos.ntp.request_code = packet->payload[3]; - } + uint8_t version = (packet->payload[0] & 56) >> 3; + + if (version <= 4) { + flow->protos.ntp.version = version; + flow->protos.ntp.mode = packet->payload[0] & 7; NDPI_LOG_INFO(ndpi_struct, "found NTP\n"); ndpi_int_ntp_add_connection(ndpi_struct, flow); |