From 7adcb5b605cc1328a3084c334f4697ec9771936c Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 15 Apr 2024 19:13:01 +0200
Subject: Adding upstream version 4.99.4.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 print-syslog.c | 150 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 150 insertions(+)
 create mode 100644 print-syslog.c

(limited to 'print-syslog.c')

diff --git a/print-syslog.c b/print-syslog.c
new file mode 100644
index 0000000..b0e1c91
--- /dev/null
+++ b/print-syslog.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 1998-2004  Hannes Gredler <hannes@gredler.at>
+ *      The TCPDUMP project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that: (1) source code
+ * distributions retain the above copyright notice and this paragraph
+ * in its entirety, and (2) distributions including binary code include
+ * the above copyright notice and this paragraph in its entirety in
+ * the documentation or other materials provided with the distribution.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND
+ * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
+ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE.
+ */
+
+/* \summary: Syslog protocol printer */
+/* specification: RFC 3164 (not RFC 5424) */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "netdissect-stdinc.h"
+
+#include "netdissect.h"
+#include "extract.h"
+
+
+/*
+ * tokenlists and #defines taken from Ethereal - Network traffic analyzer
+ * by Gerald Combs <gerald@ethereal.com>
+ */
+
+#define SYSLOG_SEVERITY_MASK 0x0007  /* 0000 0000 0000 0111 */
+#define SYSLOG_FACILITY_MASK 0x03f8  /* 0000 0011 1111 1000 */
+#define SYSLOG_MAX_DIGITS 3 /* The maximum number of priority digits to read in. */
+
+static const struct tok syslog_severity_values[] = {
+  { 0,      "emergency" },
+  { 1,      "alert" },
+  { 2,      "critical" },
+  { 3,      "error" },
+  { 4,      "warning" },
+  { 5,      "notice" },
+  { 6,      "info" },
+  { 7,      "debug" },
+  { 0, NULL },
+};
+
+static const struct tok syslog_facility_values[] = {
+  { 0,     "kernel" },
+  { 1,     "user" },
+  { 2,     "mail" },
+  { 3,     "daemon" },
+  { 4,     "auth" },
+  { 5,     "syslog" },
+  { 6,     "lpr" },
+  { 7,     "news" },
+  { 8,     "uucp" },
+  { 9,     "cron" },
+  { 10,    "authpriv" },
+  { 11,    "ftp" },
+  { 12,    "ntp" },
+  { 13,    "security" },
+  { 14,    "console" },
+  { 15,    "cron" },
+  { 16,    "local0" },
+  { 17,    "local1" },
+  { 18,    "local2" },
+  { 19,    "local3" },
+  { 20,    "local4" },
+  { 21,    "local5" },
+  { 22,    "local6" },
+  { 23,    "local7" },
+  { 0, NULL },
+};
+
+void
+syslog_print(netdissect_options *ndo,
+             const u_char *pptr, u_int len)
+{
+    uint16_t msg_off = 0;
+    uint16_t pri = 0;
+    uint16_t facility,severity;
+
+    ndo->ndo_protocol = "syslog";
+    /* extract decimal figures that are
+     * encapsulated within < > tags
+     * based on this decimal figure extract the
+     * severity and facility values
+     */
+
+    if (GET_U_1(pptr) != '<')
+        goto invalid;
+    msg_off++;
+
+    while (msg_off <= SYSLOG_MAX_DIGITS &&
+           GET_U_1(pptr + msg_off) >= '0' &&
+           GET_U_1(pptr + msg_off) <= '9') {
+        pri = pri * 10 + (GET_U_1(pptr + msg_off) - '0');
+        msg_off++;
+    }
+
+    if (GET_U_1(pptr + msg_off) != '>')
+        goto invalid;
+    msg_off++;
+
+    facility = (pri & SYSLOG_FACILITY_MASK) >> 3;
+    severity = pri & SYSLOG_SEVERITY_MASK;
+
+    if (ndo->ndo_vflag < 1 )
+    {
+        ND_PRINT("SYSLOG %s.%s, length: %u",
+               tok2str(syslog_facility_values, "unknown (%u)", facility),
+               tok2str(syslog_severity_values, "unknown (%u)", severity),
+               len);
+        return;
+    }
+
+    ND_PRINT("SYSLOG, length: %u\n\tFacility %s (%u), Severity %s (%u)\n\tMsg: ",
+           len,
+           tok2str(syslog_facility_values, "unknown (%u)", facility),
+           facility,
+           tok2str(syslog_severity_values, "unknown (%u)", severity),
+           severity);
+
+    /* print the syslog text in verbose mode */
+    /*
+     * RFC 3164 Section 4.1.3: "There is no ending delimiter to this part.
+     * The MSG part of the syslog packet MUST contain visible (printing)
+     * characters."
+     *
+     * RFC 5424 Section 8.2: "This document does not impose any mandatory
+     * restrictions on the MSG or PARAM-VALUE content.  As such, they MAY
+     * contain control characters, including the NUL character."
+     *
+     * Hence, to aid in protocol debugging, print the full MSG without
+     * beautification to make it clear what was transmitted on the wire.
+     */
+    if (len > msg_off)
+        (void)nd_printn(ndo, pptr + msg_off, len - msg_off, NULL);
+
+    if (ndo->ndo_vflag > 1)
+        print_unknown_data(ndo, pptr, "\n\t", len);
+    return;
+
+invalid:
+    nd_print_invalid(ndo);
+}
-- 
cgit v1.2.3