https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14271
Bug ID: 14271
Summary: Unknown system/peer event codes in NTP control
messages
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Linux
Status: UNCONFIRMED
Severity: Minor
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: g.djavad...@gmail.com
Target Milestone: ---
Created attachment 16012
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16012&action=edit
NTP control READSTAT messages
Build Information:
v2.5.0rc0-1949-gfaa4a6a5
--
Although RFC 1305 [1] defined system event codes 8-15 (system status word) and
peer event codes 6-15 (peer status word) as reserved, they are defined in
source code of reference NTP server implementation [2]:
/*
* System event codes
*/
#define EVNT_UNSPEC 0 /* unspecified */
#define EVNT_NSET 1 /* freq not set */
#define EVNT_FSET 2 /* freq set */
#define EVNT_SPIK 3 /* spike detect */
#define EVNT_FREQ 4 /* freq mode */
#define EVNT_SYNC 5 /* clock sync */
#define EVNT_SYSRESTART 6 /* restart */
#define EVNT_SYSFAULT 7 /* panic stop */
#define EVNT_NOPEER 8 /* no sys peer */
#define EVNT_ARMED 9 /* leap armed */
#define EVNT_DISARMED 10 /* leap disarmed */
#define EVNT_LEAP 11 /* leap event */
#define EVNT_CLOCKRESET 12 /* clock step */
#define EVNT_KERN 13 /* kernel event */
#define EVNT_TAI 14 /* TAI */
#define EVNT_LEAPVAL 15 /* stale leapsecond values */
/*
* Peer event codes
*/
#define PEVNT_MOBIL (1 | PEER_EVENT) /* mobilize */
#define PEVNT_DEMOBIL (2 | PEER_EVENT) /* demobilize */
#define PEVNT_UNREACH (3 | PEER_EVENT) /* unreachable */
#define PEVNT_REACH (4 | PEER_EVENT) /* reachable */
#define PEVNT_RESTART (5 | PEER_EVENT) /* restart */
#define PEVNT_REPLY (6 | PEER_EVENT) /* no reply */
#define PEVNT_RATE (7 | PEER_EVENT) /* rate exceeded */
#define PEVNT_DENY (8 | PEER_EVENT) /* access denied */
#define PEVNT_ARMED (9 | PEER_EVENT) /* leap armed */
#define PEVNT_NEWPEER (10 | PEER_EVENT) /* sys peer */
#define PEVNT_CLOCK (11 | PEER_EVENT) /* clock event */
#define PEVNT_AUTH (12 | PEER_EVENT) /* bad auth */
#define PEVNT_POPCORN (13 | PEER_EVENT) /* popcorn */
#define PEVNT_XLEAVE (14 | PEER_EVENT) /* interleave mode */
#define PEVNT_XERR (15 | PEER_EVENT) /* interleave error */
I've attached NTP control READSTAT request/response messages with unknown to
Wireshark system/peer event codes.
Thanks.
[1] https://tools.ietf.org/html/rfc1305
[2] https://github.com/ntp-project/ntp/blob/stable/include/ntp.h
P.S.: I have not checked, but maybe Clock event codes should be added too:
/*
* Clock event codes
*/
#define CEVNT_NOMINAL 0 /* unspecified */
#define CEVNT_TIMEOUT 1 /* no reply */
#define CEVNT_BADREPLY 2 /* bad format */
#define CEVNT_FAULT 3 /* fault */
#define CEVNT_PROP 4 /* bad signal */
#define CEVNT_BADDATE 5 /* bad date */
#define CEVNT_BADTIME 6 /* bad time */
#define CEVNT_MAX CEVNT_BADTIME
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
