archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/services/w32time/parser/ntpparser.cpp

671 lines
22 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //--------------------------------------------------------------------
  2. // NtpParser - implementation
  3. // Copyright (C) Microsoft Corporation, 2000
  4. //
  5. // Created by: Louis Thomas (louisth), 2-29-00
  6. // Based upon the parser created by kumarp, 23-June-1999
  7. //
  8. // NTP parser for NetMon
  9. //
  11. #include <windows.h>
  12. #include <netmon.h>
  13. #include <parser.h>
  14. #include <stdlib.h>
  15. #include <string.h>
  16. #include <stdio.h>
  18. #include "..\lib\EndianSwap.inl"
  20. //#define MODULEPRIVATE static // so statics show up in VC
  21. #define MODULEPRIVATE // statics don't show up in ntsd either!
  23. #define ARRAYSIZE(a) (sizeof(a)/sizeof(a[0]))
  26. //--------------------------------------------------------------------
  27. // Forward declarations
  29. VOID WINAPIV Ntp_FormatSummary(LPPROPERTYINST pPropertyInst);
  30. VOID WINAPIV Ntp_FormatNtpTime(LPPROPERTYINST pPropertyInst);
  31. VOID WINAPIV Ntp_FormatStratum(LPPROPERTYINST pPropertyInst);
  32. VOID WINAPIV Ntp_FormatPollInterval(LPPROPERTYINST pPropertyInst);
  33. VOID WINAPIV Ntp_FormatPrecision(LPPROPERTYINST pPropertyInst);
  34. VOID WINAPIV Ntp_FormatRootDelay(LPPROPERTYINST pPropertyInst);
  35. VOID WINAPIV Ntp_FormatRootDispersion(LPPROPERTYINST pPropertyInst);
  36. VOID WINAPIV Ntp_FormatRefId(LPPROPERTYINST pPropertyInst);
  39. //--------------------------------------------------------------------
  40. // Property Value Labels
  42. // Leap Indicator
  43. LABELED_BYTE NtpLIVals[]={
  44. {0xc0, NULL},
  45. {0x00, "LI: no warning"},
  46. {0x40, "LI: last minute has 61 seconds"},
  47. {0x80, "LI: last minute has 59 seconds"},
  48. {0xc0, "LI: clock not synchronized"},
  49. };
  50. SET NtpLISet={ARRAYSIZE(NtpLIVals), NtpLIVals};
  52. // Version
  53. LABELED_BYTE NtpVersionVals[]={
  54. {0x38, NULL},
  55. {0x00, "Version: 0"},
  56. {0x08, "Version: 1"},
  57. {0x10, "Version: 2"},
  58. {0x18, "Version: 3"},
  59. {0x20, "Version: 4"},
  60. {0x28, "Version: 5"},
  61. {0x30, "Version: 6"},
  62. {0x38, "Version: 7"},
  63. };
  64. SET NtpVersionSet={ARRAYSIZE(NtpVersionVals), NtpVersionVals};
  66. // Mode
  67. LABELED_BYTE NtpModeVals[]={
  68. {7, NULL},
  69. {0, "Mode: reserved"},
  70. {1, "Mode: symmetric active"},
  71. {2, "Mode: symmetric passive"},
  72. {3, "Mode: client"},
  73. {4, "Mode: server"},
  74. {5, "Mode: broadcast"},
  75. {6, "Mode: reserved for NTP control message"},
  76. {7, "Mode: reserved for private use"},
  77. };
  78. SET NtpModeSet={ARRAYSIZE(NtpModeVals), NtpModeVals};
  80. enum {
  81. NTP_MODE_Reserved=0,
  82. NTP_MODE_SymmetricActive,
  83. NTP_MODE_SymmetricPassive,
  84. NTP_MODE_Client,
  85. NTP_MODE_Server,
  86. NTP_MODE_Broadcast,
  87. NTP_MODE_Control,
  88. NTP_MODE_Private,
  89. };
  91. //--------------------------------------------------------------------
  92. // property ordinals (These must be kept in sync with the contents of NtpPropertyTable)
  93. enum {
  94. Ntp_Summary=0,
  95. Ntp_LeapIndicator,
  96. Ntp_Version,
  97. Ntp_Mode,
  98. Ntp_Stratum,
  99. Ntp_PollInterval,
  100. Ntp_Precision,
  101. Ntp_RootDelay,
  102. Ntp_RootDispersion,
  103. Ntp_RefId,
  104. Ntp_ReferenceTimeStamp,
  105. Ntp_OriginateTimeStamp,
  106. Ntp_ReceiveTimeStamp,
  107. Ntp_TransmitTimeStamp
  108. };
  110. // Properties
  111. PROPERTYINFO NtpPropertyTable[]={
  112. {
  113. 0, 0,
  114. "Summary",
  115. "Summary of the NTP Packet",
  116. PROP_TYPE_SUMMARY,
  117. PROP_QUAL_NONE,
  118. NULL,
  119. 80, // max string size
  120. Ntp_FormatSummary
  121. }, {
  122. 0, 0,
  123. "LI",
  124. "Leap Indicator",
  125. PROP_TYPE_BYTE,
  126. PROP_QUAL_LABELED_BITFIELD,
  127. &NtpLISet,
  128. 80,
  129. FormatPropertyInstance
  130. }, {
  131. 0, 0,
  132. "Version",
  133. "NTP Version",
  134. PROP_TYPE_BYTE,
  135. PROP_QUAL_LABELED_BITFIELD,
  136. &NtpVersionSet,
  137. 80,
  138. FormatPropertyInstance
  139. }, {
  140. 0, 0,
  141. "Mode",
  142. "Mode",
  143. PROP_TYPE_BYTE,
  144. PROP_QUAL_LABELED_BITFIELD,
  145. &NtpModeSet,
  146. 80,
  147. FormatPropertyInstance
  148. }, {
  149. 0, 0,
  150. "Stratum",
  151. "Stratum",
  152. PROP_TYPE_BYTE,
  153. PROP_QUAL_NONE,
  154. NULL,
  155. 80,
  156. Ntp_FormatStratum
  157. }, {
  158. 0, 0,
  159. "Poll Interval",
  160. "Maximum interval between two successive messages",
  161. PROP_TYPE_BYTE,
  162. PROP_QUAL_NONE,
  163. NULL,
  164. 80,
  165. Ntp_FormatPollInterval
  166. }, {
  167. 0, 0,
  168. "Precision",
  169. "Precision of the local clock",
  170. PROP_TYPE_BYTE,
  171. PROP_QUAL_NONE,
  172. NULL,
  173. 80,
  174. Ntp_FormatPrecision
  175. }, {
  176. 0, 0,
  177. "Root Delay",
  178. "Total roundtrip delay to the primary reference source",
  179. PROP_TYPE_DWORD,
  180. PROP_QUAL_NONE,
  181. NULL,
  182. 80,
  183. Ntp_FormatRootDelay
  184. }, {
  185. 0, 0,
  186. "Root Dispersion",
  187. "Nominal error relative to the primary reference source",
  188. PROP_TYPE_DWORD,
  189. PROP_QUAL_NONE,
  190. NULL,
  191. 80,
  192. Ntp_FormatRootDispersion
  193. }, {
  194. 0, 0,
  195. "Reference Identifier",
  196. "Reference source identifier",
  197. PROP_TYPE_DWORD,
  198. PROP_QUAL_NONE,
  199. NULL,
  200. 80,
  201. Ntp_FormatRefId
  202. }, {
  203. 0, 0,
  204. "Reference Timestamp",
  205. "Time server was last synchronized",
  206. PROP_TYPE_LARGEINT,
  207. PROP_QUAL_NONE,
  208. NULL,
  209. 150,
  210. Ntp_FormatNtpTime
  211. }, {
  212. 0, 0,
  213. "Originate Timestamp",
  214. "Time at client when packet was transmitted",
  215. PROP_TYPE_LARGEINT,
  216. PROP_QUAL_NONE,
  217. NULL,
  218. 150,
  219. Ntp_FormatNtpTime
  220. }, {
  221. 0, 0,
  222. "Receive Timestamp",
  223. "Time at server when packet was received",
  224. PROP_TYPE_LARGEINT,
  225. PROP_QUAL_NONE,
  226. NULL,
  227. 150,
  228. Ntp_FormatNtpTime
  229. }, {
  230. 0, 0,
  231. "Transmit Timestamp",
  232. "Time at server when packet was transmitted",
  233. PROP_TYPE_LARGEINT,
  234. PROP_QUAL_NONE,
  235. NULL,
  236. 150,
  237. Ntp_FormatNtpTime
  238. },
  239. };
  241. //####################################################################
  243. //--------------------------------------------------------------------
  244. VOID WINAPIV Ntp_FormatSummary(LPPROPERTYINST pPropertyInst) {
  246. BYTE bMode=(*pPropertyInst->lpByte)&7;
  248. switch (bMode) {
  249. case NTP_MODE_Client:
  250. lstrcpy(pPropertyInst->szPropertyText, "Client request");
  251. break;
  253. case NTP_MODE_Server:
  254. lstrcpy(pPropertyInst->szPropertyText, "Server response");
  255. break;
  257. case NTP_MODE_SymmetricActive:
  258. lstrcpy(pPropertyInst->szPropertyText, "Active request");
  259. break;
  261. case NTP_MODE_SymmetricPassive:
  262. lstrcpy(pPropertyInst->szPropertyText, "Passive reponse");
  263. break;
  265. case NTP_MODE_Broadcast:
  266. lstrcpy(pPropertyInst->szPropertyText, "Time broadcast");
  267. break;
  269. default:
  270. lstrcpy(pPropertyInst->szPropertyText, "Other NTP packet");
  271. break;
  272. }
  273. }
  275. //--------------------------------------------------------------------
  276. VOID WINAPIV Ntp_FormatStratum(LPPROPERTYINST pPropertyInst) {
  278. unsigned __int8 nStratum=(*pPropertyInst->lpByte);
  280. char * szMeaning;
  281. if (0==nStratum) {
  282. szMeaning="unspecified or unavailable";
  283. } else if (1==nStratum) {
  284. szMeaning="primary reference (syncd by radio clock)";
  285. } else if (nStratum<16) {
  286. szMeaning="secondary reference (syncd by NTP)";
  287. } else {
  288. szMeaning="reserved";
  289. }
  290. wsprintf(pPropertyInst->szPropertyText, "Stratum: 0x%02X = %u = %s", nStratum, nStratum, szMeaning);
  291. }
  293. //--------------------------------------------------------------------
  294. VOID WINAPIV Ntp_FormatPollInterval(LPPROPERTYINST pPropertyInst) {
  295. char * szMeaning;
  296. char szBuf[30];
  298. signed __int8 nPollInterval=(*pPropertyInst->lpByte);
  300. if (0==nPollInterval) {
  301. szMeaning="unspecified";
  302. } else if (nPollInterval<4 || nPollInterval>14) {
  303. szMeaning="out of valid range";
  304. } else {
  305. wsprintf(szBuf, "%ds", 1<<nPollInterval);
  306. szMeaning=szBuf;
  307. }
  308. wsprintf(pPropertyInst->szPropertyText, "Poll Interval: 0x%02X = %d = %s", (unsigned __int8)nPollInterval, nPollInterval, szMeaning);
  309. }
  311. //--------------------------------------------------------------------
  312. VOID WINAPIV Ntp_FormatPrecision(LPPROPERTYINST pPropertyInst) {
  313. char * szMeaning;
  314. char szBuf[30];
  316. signed __int8 nPrecision=(*pPropertyInst->lpByte);
  318. if (0==nPrecision) {
  319. szMeaning="unspecified";
  320. } else if (nPrecision>-2 || nPrecision<-31) {
  321. szMeaning="out of valid range";
  322. } else {
  323. szMeaning=szBuf;
  324. char * szUnit="s";
  325. double dTickInterval=1.0/(1<<(-nPrecision));
  326. if (dTickInterval<1) {
  327. dTickInterval*=1000;
  328. szUnit="ms";
  329. }
  330. if (dTickInterval<1) {
  331. dTickInterval*=1000;
  332. szUnit="�s";
  333. }
  334. if (dTickInterval<1) {
  335. dTickInterval*=1000;
  336. szUnit="ns";
  337. }
  338. sprintf(szBuf, "%g%s per tick", dTickInterval, szUnit);
  339. }
  340. wsprintf(pPropertyInst->szPropertyText, "Precision: 0x%02X = %d = %s", (unsigned __int8)nPrecision, nPrecision, szMeaning);
  341. }
  343. //--------------------------------------------------------------------
  344. VOID WINAPIV Ntp_FormatRootDelay(LPPROPERTYINST pPropertyInst) {
  345. char * szMeaning;
  346. char szBuf[30];
  348. DWORD dwRootDelay=EndianSwap((unsigned __int32)*pPropertyInst->lpDword);
  350. if (0==dwRootDelay) {
  351. szMeaning="unspecified";
  352. } else {
  353. szMeaning=szBuf;
  354. sprintf(szBuf, "%gs", ((double)((signed __int32)dwRootDelay))/0x00010000);
  355. }
  357. wsprintf(pPropertyInst->szPropertyText, "Root Delay: 0x%04X.%04Xs = %s", dwRootDelay>>16, dwRootDelay&0x0000FFFF, szMeaning);
  358. }
  360. //--------------------------------------------------------------------
  361. VOID WINAPIV Ntp_FormatRootDispersion(LPPROPERTYINST pPropertyInst) {
  362. char * szMeaning;
  363. char szBuf[30];
  365. DWORD dwRootDispersion=EndianSwap((unsigned __int32)*pPropertyInst->lpDword);
  367. if (0==dwRootDispersion) {
  368. szMeaning="unspecified";
  369. } else {
  370. szMeaning=szBuf;
  371. sprintf(szBuf, "%gs", ((double)((signed __int32)dwRootDispersion))/0x00010000);
  372. }
  374. wsprintf(pPropertyInst->szPropertyText, "Root Dispersion: 0x%04X.%04Xs = %s", dwRootDispersion>>16, dwRootDispersion&0x0000FFFF, szMeaning);
  375. }
  377. //--------------------------------------------------------------------
  378. VOID WINAPIV Ntp_FormatRefId(LPPROPERTYINST pPropertyInst) {
  379. char * szMeaning;
  380. char szBuf[30];
  382. DWORD dwRefID=EndianSwap((unsigned __int32)*pPropertyInst->lpDword);
  383. unsigned __int8 nStratum=*(pPropertyInst->lpByte-11);
  384. unsigned int nVersion=*(pPropertyInst->lpByte-12);
  385. nVersion&=0x38;
  386. nVersion>>=3;
  389. if (0==dwRefID) {
  390. szMeaning="unspecified";
  391. } else if (0==nStratum || 1==nStratum) {
  392. szMeaning=szBuf;
  393. char szId[5];
  394. szId[0]=pPropertyInst->lpByte[0];
  395. szId[1]=pPropertyInst->lpByte[1];
  396. szId[2]=pPropertyInst->lpByte[2];
  397. szId[3]=pPropertyInst->lpByte[3];
  398. szId[4]='\0';
  399. sprintf(szBuf, "source name: \"%s\"", szId);
  400. } else if (nVersion<4) {
  401. szMeaning=szBuf;
  402. sprintf(szBuf, "source IP: %u.%u.%u.%u",
  403. pPropertyInst->lpByte[0], pPropertyInst->lpByte[1],
  404. pPropertyInst->lpByte[2], pPropertyInst->lpByte[3]);
  405. } else {
  406. szMeaning=szBuf;
  407. sprintf(szBuf, "last reference timestamp fraction: %gs", ((double)dwRefID)/(4294967296.0));
  408. }
  410. wsprintf(pPropertyInst->szPropertyText, "Reference Identifier: 0x%08X = %s", dwRefID, szMeaning);
  412. }
  416. //--------------------------------------------------------------------
  417. // conversion constants
  418. #define NTPTIMEOFFSET (0x014F373BFDE04000)
  419. #define FIVETOTHESEVETH (0x001312D)
  421. //--------------------------------------------------------------------
  422. // convert from big-endian NTP-stye timestamp to little-endian NT-style timestamp
  423. unsigned __int64 NtTimeFromNtpTime(unsigned __int64 qwNtpTime) {
  424. //return (qwNtpTime*(10**7)/(2**32))+NTPTIMEOFFSET
  425. // ==>
  426. //return (qwNtpTime*(5**7)/(2**25))+NTPTIMEOFFSET
  427. // ==>
  428. //return ((qwNTPtime*FIVETOTHESEVETH)>>25)+NTPTIMEOFFSET;
  429. // ==>
  430. // Note: 'After' division, we round (instead of truncate) the result for better precision
  431. unsigned __int64 qwTemp;
  432. qwNtpTime=EndianSwap(qwNtpTime);
  434. qwTemp=((qwNtpTime&0x00000000FFFFFFFF)*FIVETOTHESEVETH);
  435. qwTemp += qwTemp&0x0000000001000000; //rounding step: if 25th bit is set, round up
  436. return (qwTemp>>25) + (((qwNtpTime>>32)*FIVETOTHESEVETH)<<7) + NTPTIMEOFFSET;
  437. }
  439. //--------------------------------------------------------------------
  440. void FormatNtTimeStr(unsigned __int64 qwNtTime, char * szTime) {
  441. DWORD dwNanoSecs, dwSecs, dwMins, dwHours, dwDays;
  443. dwNanoSecs=(DWORD)(qwNtTime%10000000);
  444. qwNtTime/=10000000;
  446. dwSecs=(DWORD)(qwNtTime%60);
  447. qwNtTime/=60;
  449. dwMins=(DWORD)(qwNtTime%60);
  450. qwNtTime/=60;
  452. dwHours=(DWORD)(qwNtTime%24);
  454. dwDays=(DWORD)(qwNtTime/24);
  456. wsprintf(szTime, "%u %02u:%02u:%02u.%07us",
  457. dwDays, dwHours, dwMins, dwSecs, dwNanoSecs);
  458. }
  461. //--------------------------------------------------------------------
  462. VOID WINAPIV Ntp_FormatNtpTime(LPPROPERTYINST pPropertyInst) {
  463. LARGE_INTEGER liNtpTime;
  464. unsigned __int64 qwNtTime;
  465. unsigned __int64 qwNtTimeEpoch;
  466. char szTime[64];
  467. char szTimeEpoch[64];
  470. liNtpTime=*pPropertyInst->lpLargeInt;
  471. qwNtTime=NtTimeFromNtpTime((((unsigned __int64) liNtpTime.HighPart) << 32) |
  472. liNtpTime.LowPart);
  474. if (liNtpTime.HighPart || liNtpTime.LowPart) {
  475. FormatNtTimeStr(qwNtTime, szTime);
  476. } else {
  477. lstrcpy(szTime, "(not specified)");
  478. }
  480. wsprintf(szTimeEpoch, " -- %I64d00ns",
  481. ((((unsigned __int64)liNtpTime.HighPart) << 32) | liNtpTime.LowPart));;
  483. wsprintf(pPropertyInst->szPropertyText, "%s: 0x%08X.%08Xs %s = %s",
  484. pPropertyInst->lpPropertyInfo->Label,
  485. EndianSwap((unsigned __int32)liNtpTime.LowPart),
  486. EndianSwap((unsigned __int32)liNtpTime.HighPart),
  487. szTimeEpoch,
  488. szTime);
  489. }
  491. //####################################################################
  493. //--------------------------------------------------------------------
  494. // Create our property database and handoff sets.
  495. void BHAPI Ntp_Register(HPROTOCOL hNtp) {
  496. unsigned int nIndex;
  498. // tell netmon to make reserve some space for our property table
  499. CreatePropertyDatabase(hNtp, ARRAYSIZE(NtpPropertyTable));
  501. // add our properties to netmon's database
  502. for(nIndex=0; nIndex<ARRAYSIZE(NtpPropertyTable); nIndex++) {
  503. AddProperty(hNtp, &NtpPropertyTable[nIndex]);
  504. }
  505. }
  508. //--------------------------------------------------------------------
  509. // Destroy our property database and handoff set
  510. VOID WINAPI Ntp_Deregister(HPROTOCOL hNtp) {
  512. // tell netmon that it may now free our database
  513. DestroyPropertyDatabase(hNtp);
  514. }
  517. //--------------------------------------------------------------------
  518. // Determine whether we exist in the frame at the spot
  519. // indicated. We also indicate who (if anyone) follows us
  520. // and how much of the frame we claim.
  521. LPBYTE BHAPI Ntp_RecognizeFrame(HFRAME hFrame, ULPBYTE pMacFrame, ULPBYTE pNtpFrame, DWORD MacType, DWORD BytesLeft, HPROTOCOL hPrevProtocol, DWORD nPrevProtOffset, LPDWORD pProtocolStatus, LPHPROTOCOL phNextProtocol, PDWORD_PTR InstData) {
  523. // For now, just assume that if we got called,
  524. // then the packet does contain us and we go to the end of the frame
  525. *pProtocolStatus=PROTOCOL_STATUS_CLAIMED;
  526. return NULL;
  527. }
  530. //--------------------------------------------------------------------
  531. // Indicate where in the frame each of our properties live.
  532. LPBYTE BHAPI Ntp_AttachProperties(HFRAME hFrame, ULPBYTE pMacFrame, ULPBYTE pNtpFrame, DWORD MacType, DWORD BytesLeft, HPROTOCOL hPrevProtocol, DWORD nPrevProtOffset, DWORD_PTR InstData) {
  534. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_Summary].hProperty, (WORD)BytesLeft, (LPBYTE)pNtpFrame, 0, 0, 0);
  535. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_LeapIndicator].hProperty, (WORD)1, (LPBYTE) pNtpFrame, 0, 1, 0);
  536. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_Version].hProperty, (WORD)1, (LPBYTE) pNtpFrame, 0, 1, 0);
  537. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_Mode].hProperty, (WORD)1, (LPBYTE) pNtpFrame, 0, 1, 0);
  538. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_Stratum].hProperty, (WORD)1, (LPBYTE) pNtpFrame+1, 0, 1, 0);
  539. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_PollInterval].hProperty, (WORD)1, (LPBYTE) pNtpFrame+2, 0, 1, 0);
  540. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_Precision].hProperty, (WORD)1, (LPBYTE) pNtpFrame+3, 0, 1, 0);
  541. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_RootDelay].hProperty, (WORD)4, (LPBYTE) pNtpFrame+4, 0, 1, 0);
  542. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_RootDispersion].hProperty, (WORD)4, (LPBYTE) pNtpFrame+8, 0, 1, 0);
  543. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_RefId].hProperty, (WORD)4, (LPBYTE) pNtpFrame+12, 0, 1, 0);
  544. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_ReferenceTimeStamp].hProperty, (WORD)8, (LPBYTE) pNtpFrame+16, 0, 1, 0);
  545. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_OriginateTimeStamp].hProperty, (WORD) 8, (LPBYTE) pNtpFrame+24, 0, 1, 0);
  546. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_ReceiveTimeStamp].hProperty, (WORD) 8, (LPBYTE) pNtpFrame+32, 0, 1, 0);
  547. AttachPropertyInstance(hFrame, NtpPropertyTable[Ntp_TransmitTimeStamp].hProperty, (WORD) 8, (LPBYTE) pNtpFrame+40, 0, 1, 0);
  549. return NULL;
  550. }
  553. //--------------------------------------------------------------------
  554. // Format the given properties on the given frame.
  555. DWORD BHAPI Ntp_FormatProperties(HFRAME hFrame, ULPBYTE pMacFrame, ULPBYTE pNtpFrame, DWORD nPropertyInsts, LPPROPERTYINST p) {
  557. // loop through the property instances
  558. while(nPropertyInsts-->0) {
  559. // and call the formatter for each
  560. ((FORMAT)(p->lpPropertyInfo->InstanceData))(p);
  561. p++;
  562. }
  564. return NMERR_SUCCESS;
  565. }
  568. //####################################################################
  570. //--------------------------------------------------------------------
  571. // AutoInstall - return all of the information neede to install us
  572. PPF_PARSERDLLINFO WINAPI ParserAutoInstallInfo() {
  573. PPF_PARSERDLLINFO pParserDllInfo;
  574. PPF_PARSERINFO pParserInfo;
  575. DWORD NumProtocols;
  577. DWORD NumHandoffs;
  578. PPF_HANDOFFSET pHandoffSet;
  579. PPF_HANDOFFENTRY pHandoffEntry;
  581. // Allocate memory for parser info:
  582. NumProtocols=1;
  583. pParserDllInfo=(PPF_PARSERDLLINFO)HeapAlloc(GetProcessHeap(),
  584. HEAP_ZERO_MEMORY,
  585. sizeof(PF_PARSERDLLINFO) +
  586. NumProtocols * sizeof(PF_PARSERINFO));
  587. if(pParserDllInfo==NULL) {
  588. return NULL;
  589. }
  591. // fill in the parser DLL info
  592. pParserDllInfo->nParsers=NumProtocols;
  594. // fill in the individual parser infos...
  596. // Ntp ==============================================================
  597. pParserInfo=&(pParserDllInfo->ParserInfo[0]);
  598. wsprintf(pParserInfo->szProtocolName, "NTP");
  599. wsprintf(pParserInfo->szComment, "Network Time Protocol");
  600. wsprintf(pParserInfo->szHelpFile, "");
  602. // the incoming handoff set ----------------------------------------------
  603. // allocate
  604. NumHandoffs = 1;
  605. pHandoffSet = (PPF_HANDOFFSET)HeapAlloc( GetProcessHeap(),
  606. HEAP_ZERO_MEMORY,
  607. sizeof( PF_HANDOFFSET ) +
  608. NumHandoffs * sizeof( PF_HANDOFFENTRY) );
  609. if( pHandoffSet == NULL )
  610. {
  611. // just return early
  612. return pParserDllInfo;
  613. }
  615. // fill in the incoming handoff set
  616. pParserInfo->pWhoHandsOffToMe = pHandoffSet;
  617. pHandoffSet->nEntries = NumHandoffs;
  619. pHandoffEntry = &(pHandoffSet->Entry[0]);
  620. wsprintf( pHandoffEntry->szIniFile, "TCPIP.INI" );
  621. wsprintf( pHandoffEntry->szIniSection, "UDP_HandoffSet" );
  622. wsprintf( pHandoffEntry->szProtocol, "NTP" );
  623. pHandoffEntry->dwHandOffValue = 123;
  624. pHandoffEntry->ValueFormatBase = HANDOFF_VALUE_FORMAT_BASE_DECIMAL;
  626. return pParserDllInfo;
  627. }
  629. //--------------------------------------------------------------------
  630. // Tell netmon about our entry points.
  631. extern "C" BOOL WINAPI DllMain(HANDLE hInstance, ULONG Command, LPVOID Reserved) {
  633. //MessageBox(NULL, "DLLEntry", "NTP ha ha", MB_OK);
  634. static HPROTOCOL hNtp=NULL;
  635. static unsigned int nAttached=0;
  637. // what type of call is this
  638. switch(Command) {
  640. case DLL_PROCESS_ATTACH:
  641. // are we loading for the first time?
  642. if (nAttached==0) {
  643. // the first time in we need to tell netmon
  644. // about ourselves
  646. ENTRYPOINTS NtpEntryPoints={
  647. Ntp_Register,
  648. Ntp_Deregister,
  649. Ntp_RecognizeFrame,
  650. Ntp_AttachProperties,
  651. Ntp_FormatProperties
  652. };
  654. hNtp=CreateProtocol("NTP", &NtpEntryPoints, ENTRYPOINTS_SIZE);
  655. }
  656. nAttached++;
  657. break;
  659. case DLL_PROCESS_DETACH:
  660. nAttached--;
  661. // are we detaching our last instance?
  662. if (nAttached==0) {
  663. // last guy out needs to clean up
  664. DestroyProtocol(hNtp);
  665. }
  666. break;
  667. }
  669. // Netmon parsers ALWAYS return TRUE.
  670. return TRUE;
  671. }