I put the SNMP build issue off to the side for now since I can get around it. Now I'm up and running (almost) with 0-7.9. This is the first time I've run against captures with NTP packets since the NTP support has been added.
There are a couple of problems with the NTP decoding:
1) It gets a SIGBUS on my Solaris box as it tries to do an unaligned access referencing a long value in the packet instead of copying those bytes to an aligned location then referencing it. I haven't finished looking at it, but most of the payload portion of the packet should probably be copied out to avoid this type of problem.
2) There is a comment in the code that all v3 and v4 servers (if not stratum 1) set the reference identifier field to the IP address of their higher-level server. Before attempting a hostname conversion, there is no check that this packet is FROM a server (in my case, it's from a client request packet, and I have NO idea what's in this field). Secondly, I'm not comfortable with the claim that ALL non-stratum-1 servers set this field to an IP address.
3) The routine only accepts V3 and V4 NTP as acceptable, but we should really accept at least V2 (and possibly anything) as being okay.
I'll be looking at this more tomorrow, but I wanted to get the word out in case anyone else was seeing a problem.
Regards,
Phil Techau
----------------------------------------------------------------
Get your free email from AltaVista at http://altavista.iname.com
