*/
/* \summary: Syslog protocol printer */
+/* specification: RFC 3164 (not RFC 5424) */
#ifdef HAVE_CONFIG_H
#include <config.h>
* severity and facility values
*/
- if (GET_U_1(pptr) == '<') {
- msg_off++;
- while (msg_off <= SYSLOG_MAX_DIGITS &&
- GET_U_1(pptr + msg_off) >= '0' &&
- GET_U_1(pptr + msg_off) <= '9') {
- pri = pri * 10 + (GET_U_1(pptr + msg_off) - '0');
- msg_off++;
- }
- if (GET_U_1(pptr + msg_off) != '>') {
- nd_print_trunc(ndo);
- return;
- }
+ if (GET_U_1(pptr) != '<')
+ goto invalid;
+ msg_off++;
+
+ while (msg_off <= SYSLOG_MAX_DIGITS &&
+ GET_U_1(pptr + msg_off) >= '0' &&
+ GET_U_1(pptr + msg_off) <= '9') {
+ pri = pri * 10 + (GET_U_1(pptr + msg_off) - '0');
msg_off++;
- } else {
- nd_print_trunc(ndo);
- return;
}
+ if (GET_U_1(pptr + msg_off) != '>')
+ goto invalid;
+ msg_off++;
+
facility = (pri & SYSLOG_FACILITY_MASK) >> 3;
severity = pri & SYSLOG_SEVERITY_MASK;
severity);
/* print the syslog text in verbose mode */
- for (; msg_off < len; msg_off++) {
- fn_print_char(ndo, GET_U_1(pptr + msg_off));
- }
+ /*
+ * RFC 3164 Section 4.1.3: "There is no ending delimiter to this part.
+ * The MSG part of the syslog packet MUST contain visible (printing)
+ * characters."
+ *
+ * RFC 5424 Section 8.2: "This document does not impose any mandatory
+ * restrictions on the MSG or PARAM-VALUE content. As such, they MAY
+ * contain control characters, including the NUL character."
+ *
+ * Hence, to aid in protocol debugging, print the full MSG without
+ * beautification to make it clear what was transmitted on the wire.
+ */
+ if (len > msg_off)
+ (void)nd_printn(ndo, pptr + msg_off, len - msg_off, NULL);
if (ndo->ndo_vflag > 1)
print_unknown_data(ndo, pptr, "\n\t", len);
+ return;
+
+invalid:
+ nd_print_invalid(ndo);
}
projects / tcpdump / commitdiff
