diff options
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 4 | ||||
| -rw-r--r-- | src/lib/protocols/ntp.c | 14 |
3 files changed, 8 insertions, 12 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 15c83d325..c1c57bb6f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1439,8 +1439,8 @@ struct ndpi_flow_struct { } dns; struct { - u_int8_t request_code; u_int8_t version; + u_int8_t mode; } ntp; struct { diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 2fe6ec584..64c6c2d6d 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1383,8 +1383,8 @@ int ndpi_dpi2json(struct ndpi_detection_module_struct *ndpi_struct, case NDPI_PROTOCOL_NTP: ndpi_serialize_start_of_block(serializer, "ntp"); - ndpi_serialize_string_uint32(serializer, "request_code", flow->protos.ntp.request_code); - ndpi_serialize_string_uint32(serializer, "version", flow->protos.ntp.request_code); + ndpi_serialize_string_uint32(serializer, "version", flow->protos.ntp.version); + ndpi_serialize_string_uint32(serializer, "mode", flow->protos.ntp.mode); ndpi_serialize_end_of_block(serializer); break; diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c index 79c8d3979..1804fdceb 100644 --- a/src/lib/protocols/ntp.c +++ b/src/lib/protocols/ntp.c @@ -44,15 +44,11 @@ static void ndpi_search_ntp_udp(struct ndpi_detection_module_struct *ndpi_struct if (packet->udp->dest == htons(123) || packet->udp->source == htons(123)) { NDPI_LOG_DBG2(ndpi_struct, "NTP port and length detected\n"); - - if ((((packet->payload[0] & 0x38) >> 3) <= 4)) { - - // 38 in binary representation is 00111000 - flow->protos.ntp.version = (packet->payload[0] & 0x38) >> 3; - - if (packet->payload_packet_len > 3 && flow->protos.ntp.version == 2) { - flow->protos.ntp.request_code = packet->payload[3]; - } + uint8_t version = (packet->payload[0] & 56) >> 3; + + if (version <= 4) { + flow->protos.ntp.version = version; + flow->protos.ntp.mode = packet->payload[0] & 7; NDPI_LOG_INFO(ndpi_struct, "found NTP\n"); ndpi_int_ntp_add_connection(ndpi_struct, flow); |