From: hannes <hannes>
Date: Fri, 29 Oct 2004 11:42:52 +0000 (+0000)
Subject: add support for syslog
X-Git-Tag: tcpdump-3.9.1~250
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/115ce6fc62e5935398afb764182bcaff0aa59d04

add support for syslog
---

diff --git a/FILES b/FILES
index 73d0f6fe..ea319bdd 100644
--- a/FILES
+++ b/FILES
@@ -191,6 +191,7 @@ print-stp.c
 print-sunatm.c
 print-sunrpc.c
 print-symantec.c
+print-syslog.c
 print-tcp.c
 print-telnet.c
 print-tftp.c
diff --git a/Makefile.in b/Makefile.in
index 46d8e439..f5ae6a17 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -17,7 +17,7 @@
 #  WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 #  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 #
-# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.292 2004-10-19 15:59:39 hannes Exp $ (LBL)
+# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.293 2004-10-29 11:42:53 hannes Exp $ (LBL)
 
 #
 # Various configurable paths (remember to edit Makefile.in, not Makefile)
@@ -85,7 +85,7 @@ CSRC =	addrtoname.c cpack.c gmpls.c oui.c gmt2local.c ipproto.c \
 	print-pptp.c print-radius.c print-raw.c print-rip.c \
 	print-rsvp.c print-rx.c print-sctp.c print-sip.c print-sl.c print-sll.c \
 	print-snmp.c print-stp.c print-sunatm.c print-sunrpc.c \
-	print-symantec.c print-tcp.c print-telnet.c print-tftp.c \
+	print-symantec.c print-syslog.c print-tcp.c print-telnet.c print-tftp.c \
 	print-timed.c print-token.c print-udp.c print-vjc.c print-vrrp.c \
 	print-wb.c print-zephyr.c setsignal.c tcpdump.c util.c
 
diff --git a/interface.h b/interface.h
index 4dfbf388..19597e88 100644
--- a/interface.h
+++ b/interface.h
@@ -18,7 +18,7 @@
  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.235 2004-10-19 15:59:40 hannes Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/tcpdump/interface.h,v 1.236 2004-10-29 11:42:53 hannes Exp $ (LBL)
  */
 
 #ifndef tcpdump_interface_h
@@ -282,6 +282,7 @@ extern void zephyr_print(const u_char *, int);
 extern void hsrp_print(const u_char *, u_int);
 extern void bfd_print(const u_char *, u_int, u_int);
 extern void sip_print(const u_char *, u_int);
+extern void syslog_print(const u_char *, u_int);
 
 #ifdef INET6
 extern void ip6_print(const u_char *, u_int);
diff --git a/print-syslog.c b/print-syslog.c
new file mode 100755
index 00000000..3685d620
--- /dev/null
+++ b/print-syslog.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright (c) 1998-2004  Hannes Gredler <hannes@tcpdump.org>
+ *      The TCPDUMP project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that: (1) source code
+ * distributions retain the above copyright notice and this paragraph
+ * in its entirety, and (2) distributions including binary code include
+ * the above copyright notice and this paragraph in its entirety in
+ * the documentation or other materials provided with the distribution.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
+ * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
+ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+static const char rcsid[] _U_ =
+    "@(#) $Header: /tcpdump/master/tcpdump/print-syslog.c,v 1.1 2004-10-29 11:42:53 hannes Exp $";
+#endif
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <tcpdump-stdinc.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "interface.h"
+#include "extract.h"
+#include "addrtoname.h"
+
+/* 
+ * tokenlists and #defines taken from Ethereal - Network traffic analyzer
+ * by Gerald Combs <gerald@ethereal.com>
+ */
+
+#define SYSLOG_SEVERITY_MASK 0x0007  /* 0000 0000 0000 0111 */
+#define SYSLOG_FACILITY_MASK 0x03f8  /* 0000 0011 1111 1000 */
+#define SYSLOG_MAX_DIGITS 3 /* The maximum number if priority digits to read in. */
+
+static const struct tok syslog_severity_values[] = {
+  { 0,      "emergency" },
+  { 1,      "alert" },
+  { 2,      "critical" },
+  { 3,      "error" },
+  { 4,      "warning" },
+  { 5,      "notice" },
+  { 6,      "info" },
+  { 7,      "debug" },
+  { 0, NULL },
+};
+
+static const struct tok syslog_facility_values[] = {
+  { 0,     "kernel" },
+  { 1,     "user" },
+  { 2,     "mail" },
+  { 3,     "daemon" },
+  { 4,     "auth" },
+  { 5,     "syslog" },
+  { 6,     "lpr" },
+  { 7,     "news" },
+  { 8,     "uucp" },
+  { 9,     "cron" },
+  { 10,    "authpriv" },
+  { 11,    "ftp" },
+  { 12,    "ntp" },
+  { 13,    "security" },
+  { 14,    "console" },
+  { 15,    "cron" },
+  { 16,    "local0" },
+  { 17,    "local1" },
+  { 18,    "local2" },
+  { 19,    "local3" },
+  { 20,    "local4" },
+  { 21,    "local5" },
+  { 22,    "local6" },
+  { 23,    "local7" },
+  { 0, NULL },
+};
+
+void
+syslog_print(register const u_char *pptr, register u_int len)
+{
+    u_int16_t msg_off = 0;
+    u_int16_t pri = 0;
+    u_int16_t facility,severity;
+
+    /* extract decimal figures that are
+     * encapsulated within < > tags
+     * based on this decimal figure extract the
+     * severity and facility values
+     */
+
+    if (!TTEST2(*pptr, 1))
+        goto trunc;
+
+    if (*(pptr+msg_off) == '<') {
+        msg_off++;
+
+        if (!TTEST2(*(pptr+msg_off), 1))
+            goto trunc;
+
+        while ( *(pptr+msg_off) >= '0' &&
+                *(pptr+msg_off) <= '9' &&
+                msg_off <= SYSLOG_MAX_DIGITS) {
+
+            if (!TTEST2(*(pptr+msg_off), 1))
+                goto trunc;
+
+            pri = pri * 10 + (*(pptr+msg_off) - '0');
+            msg_off++;
+
+            if (!TTEST2(*(pptr+msg_off), 1))
+                goto trunc;
+
+        if (*(pptr+msg_off) == '>')
+            msg_off++;
+        }
+    } else {
+        printf("[|syslog]");
+        return;
+    }
+
+    facility = (pri & SYSLOG_FACILITY_MASK) >> 3;
+    severity = pri & SYSLOG_SEVERITY_MASK;
+
+    
+    if (vflag < 1 )
+    {
+        printf("SYSLOG %s.%s, length: %u",
+               tok2str(syslog_facility_values, "unknown (%u)", facility),
+               tok2str(syslog_severity_values, "unknown (%u)", severity),
+               len);
+        return;
+    }
+       
+    printf("SYSLOG, length: %u\n\tFacility %s (%u), Severity %s (%u)\n\tMsg: ",
+           len,
+           tok2str(syslog_facility_values, "unknown (%u)", facility),
+           facility,
+           tok2str(syslog_severity_values, "unknown (%u)", severity),
+           severity);
+
+    /* print the syslog text in verbose mode */
+    for (; msg_off < len; msg_off++) {
+        if (!TTEST2(*(pptr+msg_off), 1))
+            goto trunc;
+        safeputchar(*(pptr+msg_off));        
+    }
+
+    if (vflag > 1) {
+        if(!print_unknown_data(pptr,"\n\t",len))
+            return;
+    }
+    
+    return;
+
+trunc:
+        printf("[|syslog]");
+}
diff --git a/print-udp.c b/print-udp.c
index eace4c5d..1875dc8c 100644
--- a/print-udp.c
+++ b/print-udp.c
@@ -21,7 +21,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-udp.c,v 1.133 2004-07-27 17:04:21 hannes Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-udp.c,v 1.134 2004-10-29 11:42:54 hannes Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -681,6 +681,8 @@ udp_print(register const u_char *bp, u_int length,
 			lmp_print((const u_char *)(up + 1), length);
                 else if (ISPORT(SIP_PORT))
 			sip_print((const u_char *)(up + 1), length);
+                else if (ISPORT(SYSLOG_PORT))
+			syslog_print((const u_char *)(up + 1), length);
 		else
 			(void)printf("UDP, length %u",
 			    (u_int32_t)(ulen - sizeof(*up)));