From: Sreeja Athirkandathil Narayanan (sathirka) <sathirka@cisco.com>
Date: Wed, 9 Nov 2022 15:19:38 +0000 (+0000)
Subject: Pull request #3653: appid: NTP detection improvements
X-Git-Tag: 3.1.47.0~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6513489c050ac3db741760fb8dadb442288d7896;p=thirdparty%2Fsnort3.git

Pull request #3653: appid: NTP detection improvements

Merge in SNORT/snort3 from ~OSTEPANO/snort3:ntp_detection_fix to master

Squashed commit of the following:

commit 8830778cda84c976cbb27c5e146d6833eb6238ef
Author: Oleksandr Stepanov <ostepano@cisco.com>
Date:   Fri Nov 4 05:43:33 2022 -0400

    appid: NTP detection improvements
---

diff --git a/src/network_inspectors/appid/service_plugins/service_ntp.cc b/src/network_inspectors/appid/service_plugins/service_ntp.cc
index 1add4dca6..b4d5146ff 100644
--- a/src/network_inspectors/appid/service_plugins/service_ntp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ntp.cc
@@ -61,7 +61,7 @@ NtpServiceDetector::NtpServiceDetector(ServiceDiscovery* sd)
 {
     handler = sd;
     name = "ntp";
-    proto = IpProtocol::TCP;
+    proto = IpProtocol::UDP;
     detectorType = DETECTOR_TYPE_DECODER;
 
     appid_registry =
@@ -71,8 +71,7 @@ NtpServiceDetector::NtpServiceDetector(ServiceDiscovery* sd)
 
     service_ports =
     {
-        { 123, IpProtocol::UDP, false },
-        { 123, IpProtocol::TCP, false }
+        { 123, IpProtocol::UDP, false }
     };
 
     handler->register_detector(name, this, proto);
@@ -112,9 +111,9 @@ int NtpServiceDetector::validate(AppIdDiscoveryArgs& args)
 
         if (nh->stratum > 15)
             goto fail;
-        if (nh->poll && (nh->poll < 4 || nh->poll > 14))
+        if (nh->poll && (nh->poll < 3 || nh->poll > 17))
             goto fail;
-        if (nh->precision > -6 || nh->precision < -20)
+        if (nh->precision > -6 || nh->precision < -24)
             goto fail;
     }
     else