mirrors/tcpdump
0
0
Fork 0
mirror of https://github.com/the-tcpdump-group/tcpdump.git synced 2024-11-24 02:23:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
00353f9e1a
tcpdump/print-syslog.c
Francois-Xavier Le Bail 3ed92cd021 Replace the (void)nd_printn(..., NULL) calls by nd_printjn() calls 
Moreover:
Remove a now useless comment.
2021-01-08 17:12:12 +01:00

151 lines
4.2 KiB
C
Raw Blame History

/*
* Copyright (c) 1998-2004 Hannes Gredler <hannes@gredler.at>
* The TCPDUMP project
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code
* distributions retain the above copyright notice and this paragraph
* in its entirety, and (2) distributions including binary code include
* the above copyright notice and this paragraph in its entirety in
* the documentation or other materials provided with the distribution.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND
* WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
* LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE.
*/
/* \summary: Syslog protocol printer */
/* specification: RFC 3164 (not RFC 5424) */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "netdissect-stdinc.h"
#include "netdissect.h"
#include "extract.h"
/*
* tokenlists and #defines taken from Ethereal - Network traffic analyzer
* by Gerald Combs <gerald@ethereal.com>
*/
#define SYSLOG_SEVERITY_MASK 0x0007 /* 0000 0000 0000 0111 */
#define SYSLOG_FACILITY_MASK 0x03f8 /* 0000 0011 1111 1000 */
#define SYSLOG_MAX_DIGITS 3 /* The maximum number of priority digits to read in. */
static const struct tok syslog_severity_values[] = {
{ 0, "emergency" },
{ 1, "alert" },
{ 2, "critical" },
{ 3, "error" },
{ 4, "warning" },
{ 5, "notice" },
{ 6, "info" },
{ 7, "debug" },
{ 0, NULL },
};
static const struct tok syslog_facility_values[] = {
{ 0, "kernel" },
{ 1, "user" },
{ 2, "mail" },
{ 3, "daemon" },
{ 4, "auth" },
{ 5, "syslog" },
{ 6, "lpr" },
{ 7, "news" },
{ 8, "uucp" },
{ 9, "cron" },
{ 10, "authpriv" },
{ 11, "ftp" },
{ 12, "ntp" },
{ 13, "security" },
{ 14, "console" },
{ 15, "cron" },
{ 16, "local0" },
{ 17, "local1" },
{ 18, "local2" },
{ 19, "local3" },
{ 20, "local4" },
{ 21, "local5" },
{ 22, "local6" },
{ 23, "local7" },
{ 0, NULL },
};
void
syslog_print(netdissect_options *ndo,
const u_char *pptr, u_int len)
{
uint16_t msg_off = 0;
uint16_t pri = 0;
uint16_t facility,severity;
ndo->ndo_protocol = "syslog";
/* extract decimal figures that are
* encapsulated within < > tags
* based on this decimal figure extract the
* severity and facility values
*/
if (GET_U_1(pptr) != '<')
goto invalid;
msg_off++;
while (msg_off <= SYSLOG_MAX_DIGITS &&
GET_U_1(pptr + msg_off) >= '0' &&
GET_U_1(pptr + msg_off) <= '9') {
pri = pri * 10 + (GET_U_1(pptr + msg_off) - '0');
msg_off++;
}
if (GET_U_1(pptr + msg_off) != '>')
goto invalid;
msg_off++;
facility = (pri & SYSLOG_FACILITY_MASK) >> 3;
severity = pri & SYSLOG_SEVERITY_MASK;
if (ndo->ndo_vflag < 1 )
{
ND_PRINT("SYSLOG %s.%s, length: %u",
tok2str(syslog_facility_values, "unknown (%u)", facility),
tok2str(syslog_severity_values, "unknown (%u)", severity),
len);
return;
}
ND_PRINT("SYSLOG, length: %u\n\tFacility %s (%u), Severity %s (%u)\n\tMsg: ",
len,
tok2str(syslog_facility_values, "unknown (%u)", facility),
facility,
tok2str(syslog_severity_values, "unknown (%u)", severity),
severity);
/* print the syslog text in verbose mode */
/*
* RFC 3164 Section 4.1.3: "There is no ending delimiter to this part.
* The MSG part of the syslog packet MUST contain visible (printing)
* characters."
*
* RFC 5424 Section 8.2: "This document does not impose any mandatory
* restrictions on the MSG or PARAM-VALUE content. As such, they MAY
* contain control characters, including the NUL character."
*
* Hence, to aid in protocol debugging, print the full MSG without
* beautification to make it clear what was transmitted on the wire.
*/
if (len > msg_off)
nd_printjn(ndo, pptr + msg_off, len - msg_off);
if (ndo->ndo_vflag > 1)
print_unknown_data(ndo, pptr, "\n\t", len);
return;
invalid:
nd_print_invalid(ndo);
}
Reference in New Issue View Git Blame Copy Permalink