NTP Version 3 Client Decode PDML output issue (Reference ID Issue)
The decoding of a NTP Version 3 Client packet produces an 'Unidentified reference source' value causing invalid PDML (XML) output to be produced.
Steps to reproduce
Use the attached packet capture file to see the invalid 'Reference ID' field. I have also attached an PDML (XML) output file using the following command:
/sbin/tshark -t r -n -r "/tmp/capture_file.cap" -T pdml >| /tmp/capture_file.xml
The xmllint utility will fail: [root@shopper2 tmp]# /sbin/tshark -t r -n -r "/tmp/capture_file.cap" -T pdml | xmllint - Running as user "root" and group "root". This could be dangerous. -:115: parser error : Input is not proper UTF-8, indicate encoding ! Bytes: 0xEF 0x26 0x23 0x78 name="ntp.refid" showname="Reference ID: Unidentified reference source '�
What is the current bug behavior?
InValid PDML (XML) is produced.
What is the expected correct behavior?
Valid PDML (XML) should always be produced.
Sample capture file
A 1 packet (NTP Version 3 Client) packet is attached.capture_file.cap
Relevant logs and/or screenshots
PDML out put file:
See field: "ntp.refid" that contains the invalid XML syntax.
[root@shopper2 tmp]# tshark -v
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 3.4.2 (Git commit a889cf1b)
Copyright 1998-2020 Gerald Combs firstname.lastname@example.org and contributors. License GPLv2+: GNU GPL version 2 or later https://www.gnu.org/licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3, with GLib 2.64.6, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.17.0, without Lua, with GnuTLS 3.6.15 and PKCS #11 (closed) support, with Gcrypt 1.8.5, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.41.0, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.10.
Running on Linux 5.9.14-100.fc32.x86_64, with Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz (with SSE4.2), with 15689 MB of physical memory, with locale en_US.UTF-8, with libpcap version 1.9.1 (with TPACKET_V3), with GnuTLS 3.6.15, with Gcrypt 1.8.5, with brotli 1.0.9, with zlib 1.2.11, binary plugins supported (0 loaded).
Built using gcc 10.2.1 20201125 (Red Hat 10.2.1-9).