/*
- * Copyright (c) 1998-2004 Hannes Gredler <hannes@tcpdump.org>
+ * Copyright (c) 1998-2004 Hannes Gredler <hannes@gredler.at>
* The TCPDUMP project
*
* Redistribution and use in source and binary forms, with or without
* FOR A PARTICULAR PURPOSE.
*/
-#ifndef lint
-static const char rcsid[] _U_ =
- "@(#) $Header: /tcpdump/master/tcpdump/print-syslog.c,v 1.1 2004-10-29 11:42:53 hannes Exp $";
-#endif
+/* \summary: Syslog protocol printer */
+/* specification: RFC 3164 (not RFC 5424) */
#ifdef HAVE_CONFIG_H
-#include "config.h"
+#include <config.h>
#endif
-#include <tcpdump-stdinc.h>
-
-#include <stdio.h>
-#include <stdlib.h>
+#include "netdissect-stdinc.h"
-#include "interface.h"
+#include "netdissect.h"
#include "extract.h"
-#include "addrtoname.h"
-/*
+
+/*
* tokenlists and #defines taken from Ethereal - Network traffic analyzer
*/
#define SYSLOG_SEVERITY_MASK 0x0007 /* 0000 0000 0000 0111 */
#define SYSLOG_FACILITY_MASK 0x03f8 /* 0000 0011 1111 1000 */
-#define SYSLOG_MAX_DIGITS 3 /* The maximum number if priority digits to read in. */
+#define SYSLOG_MAX_DIGITS 3 /* The maximum number of priority digits to read in. */
static const struct tok syslog_severity_values[] = {
{ 0, "emergency" },
};
void
-syslog_print(register const u_char *pptr, register u_int len)
+syslog_print(netdissect_options *ndo,
+ const u_char *pptr, u_int len)
{
- u_int16_t msg_off = 0;
- u_int16_t pri = 0;
- u_int16_t facility,severity;
+ uint16_t msg_off = 0;
+ uint16_t pri = 0;
+ uint16_t facility,severity;
+ ndo->ndo_protocol = "syslog";
/* extract decimal figures that are
* encapsulated within < > tags
* based on this decimal figure extract the
* severity and facility values
*/
- if (!TTEST2(*pptr, 1))
- goto trunc;
+ if (GET_U_1(pptr) != '<')
+ goto invalid;
+ msg_off++;
- if (*(pptr+msg_off) == '<') {
+ while (msg_off <= SYSLOG_MAX_DIGITS &&
+ GET_U_1(pptr + msg_off) >= '0' &&
+ GET_U_1(pptr + msg_off) <= '9') {
+ pri = pri * 10 + (GET_U_1(pptr + msg_off) - '0');
msg_off++;
-
- if (!TTEST2(*(pptr+msg_off), 1))
- goto trunc;
-
- while ( *(pptr+msg_off) >= '0' &&
- *(pptr+msg_off) <= '9' &&
- msg_off <= SYSLOG_MAX_DIGITS) {
-
- if (!TTEST2(*(pptr+msg_off), 1))
- goto trunc;
-
- pri = pri * 10 + (*(pptr+msg_off) - '0');
- msg_off++;
-
- if (!TTEST2(*(pptr+msg_off), 1))
- goto trunc;
-
- }
- if (*(pptr+msg_off) == '>')
- msg_off++;
- } else {
- printf("[|syslog]");
- return;
}
+ if (GET_U_1(pptr + msg_off) != '>')
+ goto invalid;
+ msg_off++;
+
facility = (pri & SYSLOG_FACILITY_MASK) >> 3;
severity = pri & SYSLOG_SEVERITY_MASK;
-
- if (vflag < 1 )
+ if (ndo->ndo_vflag < 1 )
{
- printf("SYSLOG %s.%s, length: %u",
+ ND_PRINT("SYSLOG %s.%s, length: %u",
tok2str(syslog_facility_values, "unknown (%u)", facility),
tok2str(syslog_severity_values, "unknown (%u)", severity),
len);
return;
}
-
- printf("SYSLOG, length: %u\n\tFacility %s (%u), Severity %s (%u)\n\tMsg: ",
+
+ ND_PRINT("SYSLOG, length: %u\n\tFacility %s (%u), Severity %s (%u)\n\tMsg: ",
len,
tok2str(syslog_facility_values, "unknown (%u)", facility),
facility,
severity);
/* print the syslog text in verbose mode */
- for (; msg_off < len; msg_off++) {
- if (!TTEST2(*(pptr+msg_off), 1))
- goto trunc;
- safeputchar(*(pptr+msg_off));
- }
+ /*
+ * RFC 3164 Section 4.1.3: "There is no ending delimiter to this part.
+ * The MSG part of the syslog packet MUST contain visible (printing)
+ * characters."
+ *
+ * RFC 5424 Section 8.2: "This document does not impose any mandatory
+ * restrictions on the MSG or PARAM-VALUE content. As such, they MAY
+ * contain control characters, including the NUL character."
+ *
+ * Hence, to aid in protocol debugging, print the full MSG without
+ * beautification to make it clear what was transmitted on the wire.
+ */
+ if (len > msg_off)
+ (void)nd_printn(ndo, pptr + msg_off, len - msg_off, NULL);
- if (vflag > 1) {
- if(!print_unknown_data(pptr,"\n\t",len))
- return;
- }
-
+ if (ndo->ndo_vflag > 1)
+ print_unknown_data(ndo, pptr, "\n\t", len);
return;
-trunc:
- printf("[|syslog]");
+invalid:
+ nd_print_invalid(ndo);
}
projects / tcpdump / blobdiff