diff options
Diffstat (limited to 'epan/dissectors/packet-syslog.c')
-rw-r--r-- | epan/dissectors/packet-syslog.c | 233 |
1 files changed, 123 insertions, 110 deletions
diff --git a/epan/dissectors/packet-syslog.c b/epan/dissectors/packet-syslog.c index f50c80e135..f03e3a6a4a 100644 --- a/epan/dissectors/packet-syslog.c +++ b/epan/dissectors/packet-syslog.c @@ -47,115 +47,115 @@ void proto_register_syslog(void); /* The maximum number if priority digits to read in. */ #define MAX_DIGITS 3 -#define LEVEL_EMERG 0 -#define LEVEL_ALERT 1 -#define LEVEL_CRIT 2 -#define LEVEL_ERR 3 -#define LEVEL_WARNING 4 -#define LEVEL_NOTICE 5 -#define LEVEL_INFO 6 -#define LEVEL_DEBUG 7 +#define LEVEL_EMERG 0 +#define LEVEL_ALERT 1 +#define LEVEL_CRIT 2 +#define LEVEL_ERR 3 +#define LEVEL_WARNING 4 +#define LEVEL_NOTICE 5 +#define LEVEL_INFO 6 +#define LEVEL_DEBUG 7 static const value_string short_lev[] = { - { LEVEL_EMERG, "EMERG" }, - { LEVEL_ALERT, "ALERT" }, - { LEVEL_CRIT, "CRIT" }, - { LEVEL_ERR, "ERR" }, - { LEVEL_WARNING, "WARNING" }, - { LEVEL_NOTICE, "NOTICE" }, - { LEVEL_INFO, "INFO" }, - { LEVEL_DEBUG, "DEBUG" }, + { LEVEL_EMERG, "EMERG" }, + { LEVEL_ALERT, "ALERT" }, + { LEVEL_CRIT, "CRIT" }, + { LEVEL_ERR, "ERR" }, + { LEVEL_WARNING, "WARNING" }, + { LEVEL_NOTICE, "NOTICE" }, + { LEVEL_INFO, "INFO" }, + { LEVEL_DEBUG, "DEBUG" }, { 0, NULL } }; -#define FAC_KERN 0 -#define FAC_USER 1 -#define FAC_MAIL 2 -#define FAC_DAEMON 3 -#define FAC_AUTH 4 -#define FAC_SYSLOG 5 -#define FAC_LPR 6 -#define FAC_NEWS 7 -#define FAC_UUCP 8 -#define FAC_CRON 9 -#define FAC_AUTHPRIV 10 -#define FAC_FTP 11 -#define FAC_NTP 12 -#define FAC_LOGAUDIT 13 -#define FAC_LOGALERT 14 -#define FAC_CRON_SOL 15 -#define FAC_LOCAL0 16 -#define FAC_LOCAL1 17 -#define FAC_LOCAL2 18 -#define FAC_LOCAL3 19 -#define FAC_LOCAL4 20 -#define FAC_LOCAL5 21 -#define FAC_LOCAL6 22 -#define FAC_LOCAL7 23 +#define FAC_KERN 0 +#define FAC_USER 1 +#define FAC_MAIL 2 +#define FAC_DAEMON 3 +#define FAC_AUTH 4 +#define FAC_SYSLOG 5 +#define FAC_LPR 6 +#define FAC_NEWS 7 +#define FAC_UUCP 8 +#define FAC_CRON 9 +#define FAC_AUTHPRIV 10 +#define FAC_FTP 11 +#define FAC_NTP 12 +#define FAC_LOGAUDIT 13 +#define FAC_LOGALERT 14 +#define FAC_CRON_SOL 15 +#define FAC_LOCAL0 16 +#define FAC_LOCAL1 17 +#define FAC_LOCAL2 18 +#define FAC_LOCAL3 19 +#define FAC_LOCAL4 20 +#define FAC_LOCAL5 21 +#define FAC_LOCAL6 22 +#define FAC_LOCAL7 23 static const value_string short_fac[] = { - { FAC_KERN, "KERN" }, - { FAC_USER, "USER" }, - { FAC_MAIL, "MAIL" }, - { FAC_DAEMON, "DAEMON" }, - { FAC_AUTH, "AUTH" }, - { FAC_SYSLOG, "SYSLOG" }, - { FAC_LPR, "LPR" }, - { FAC_NEWS, "NEWS" }, - { FAC_UUCP, "UUCP" }, - { FAC_CRON, "CRON" }, /* The BSDs, Linux, and others */ - { FAC_AUTHPRIV, "AUTHPRIV" }, - { FAC_FTP, "FTP" }, - { FAC_NTP, "NTP" }, - { FAC_LOGAUDIT, "LOGAUDIT" }, - { FAC_LOGALERT, "LOGALERT" }, - { FAC_CRON_SOL, "CRON" }, /* Solaris */ - { FAC_LOCAL0, "LOCAL0" }, - { FAC_LOCAL1, "LOCAL1" }, - { FAC_LOCAL2, "LOCAL2" }, - { FAC_LOCAL3, "LOCAL3" }, - { FAC_LOCAL4, "LOCAL4" }, - { FAC_LOCAL5, "LOCAL5" }, - { FAC_LOCAL6, "LOCAL6" }, - { FAC_LOCAL7, "LOCAL7" }, + { FAC_KERN, "KERN" }, + { FAC_USER, "USER" }, + { FAC_MAIL, "MAIL" }, + { FAC_DAEMON, "DAEMON" }, + { FAC_AUTH, "AUTH" }, + { FAC_SYSLOG, "SYSLOG" }, + { FAC_LPR, "LPR" }, + { FAC_NEWS, "NEWS" }, + { FAC_UUCP, "UUCP" }, + { FAC_CRON, "CRON" }, /* The BSDs, Linux, and others */ + { FAC_AUTHPRIV, "AUTHPRIV" }, + { FAC_FTP, "FTP" }, + { FAC_NTP, "NTP" }, + { FAC_LOGAUDIT, "LOGAUDIT" }, + { FAC_LOGALERT, "LOGALERT" }, + { FAC_CRON_SOL, "CRON" }, /* Solaris */ + { FAC_LOCAL0, "LOCAL0" }, + { FAC_LOCAL1, "LOCAL1" }, + { FAC_LOCAL2, "LOCAL2" }, + { FAC_LOCAL3, "LOCAL3" }, + { FAC_LOCAL4, "LOCAL4" }, + { FAC_LOCAL5, "LOCAL5" }, + { FAC_LOCAL6, "LOCAL6" }, + { FAC_LOCAL7, "LOCAL7" }, { 0, NULL } }; static const value_string long_lev[] = { - { LEVEL_EMERG, "EMERG - system is unusable" }, - { LEVEL_ALERT, "ALERT - action must be taken immediately" }, - { LEVEL_CRIT, "CRIT - critical conditions" }, - { LEVEL_ERR, "ERR - error conditions" }, - { LEVEL_WARNING, "WARNING - warning conditions" }, - { LEVEL_NOTICE, "NOTICE - normal but significant condition" }, - { LEVEL_INFO, "INFO - informational" }, - { LEVEL_DEBUG, "DEBUG - debug-level messages" }, + { LEVEL_EMERG, "EMERG - system is unusable" }, + { LEVEL_ALERT, "ALERT - action must be taken immediately" }, + { LEVEL_CRIT, "CRIT - critical conditions" }, + { LEVEL_ERR, "ERR - error conditions" }, + { LEVEL_WARNING, "WARNING - warning conditions" }, + { LEVEL_NOTICE, "NOTICE - normal but significant condition" }, + { LEVEL_INFO, "INFO - informational" }, + { LEVEL_DEBUG, "DEBUG - debug-level messages" }, { 0, NULL } }; static const value_string long_fac[] = { - { FAC_KERN, "KERN - kernel messages" }, - { FAC_USER, "USER - random user-level messages" }, - { FAC_MAIL, "MAIL - mail system" }, - { FAC_DAEMON, "DAEMON - system daemons" }, - { FAC_AUTH, "AUTH - security/authorization messages" }, - { FAC_SYSLOG, "SYSLOG - messages generated internally by syslogd" }, - { FAC_LPR, "LPR - line printer subsystem" }, - { FAC_NEWS, "NEWS - network news subsystem" }, - { FAC_UUCP, "UUCP - UUCP subsystem" }, - { FAC_CRON, "CRON - clock daemon (BSD, Linux)" }, - { FAC_AUTHPRIV, "AUTHPRIV - security/authorization messages (private)" }, - { FAC_FTP, "FTP - ftp daemon" }, - { FAC_NTP, "NTP - ntp subsystem" }, - { FAC_LOGAUDIT, "LOGAUDIT - log audit" }, - { FAC_LOGALERT, "LOGALERT - log alert" }, - { FAC_CRON_SOL, "CRON - clock daemon (Solaris)" }, - { FAC_LOCAL0, "LOCAL0 - reserved for local use" }, - { FAC_LOCAL1, "LOCAL1 - reserved for local use" }, - { FAC_LOCAL2, "LOCAL2 - reserved for local use" }, - { FAC_LOCAL3, "LOCAL3 - reserved for local use" }, - { FAC_LOCAL4, "LOCAL4 - reserved for local use" }, - { FAC_LOCAL5, "LOCAL5 - reserved for local use" }, - { FAC_LOCAL6, "LOCAL6 - reserved for local use" }, - { FAC_LOCAL7, "LOCAL7 - reserved for local use" }, + { FAC_KERN, "KERN - kernel messages" }, + { FAC_USER, "USER - random user-level messages" }, + { FAC_MAIL, "MAIL - mail system" }, + { FAC_DAEMON, "DAEMON - system daemons" }, + { FAC_AUTH, "AUTH - security/authorization messages" }, + { FAC_SYSLOG, "SYSLOG - messages generated internally by syslogd" }, + { FAC_LPR, "LPR - line printer subsystem" }, + { FAC_NEWS, "NEWS - network news subsystem" }, + { FAC_UUCP, "UUCP - UUCP subsystem" }, + { FAC_CRON, "CRON - clock daemon (BSD, Linux)" }, + { FAC_AUTHPRIV, "AUTHPRIV - security/authorization messages (private)" }, + { FAC_FTP, "FTP - ftp daemon" }, + { FAC_NTP, "NTP - ntp subsystem" }, + { FAC_LOGAUDIT, "LOGAUDIT - log audit" }, + { FAC_LOGALERT, "LOGALERT - log alert" }, + { FAC_CRON_SOL, "CRON - clock daemon (Solaris)" }, + { FAC_LOCAL0, "LOCAL0 - reserved for local use" }, + { FAC_LOCAL1, "LOCAL1 - reserved for local use" }, + { FAC_LOCAL2, "LOCAL2 - reserved for local use" }, + { FAC_LOCAL3, "LOCAL3 - reserved for local use" }, + { FAC_LOCAL4, "LOCAL4 - reserved for local use" }, + { FAC_LOCAL5, "LOCAL5 - reserved for local use" }, + { FAC_LOCAL6, "LOCAL6 - reserved for local use" }, + { FAC_LOCAL7, "LOCAL7 - reserved for local use" }, { 0, NULL } }; @@ -207,14 +207,14 @@ mtp3_msu_present(tvbuff_t *tvb, packet_info *pinfo, gint fac, gint level, const * subdissector will except out, of course). */ if (len % 2) - msu_hex_dump[len - 1] = '\0'; + msu_hex_dump[len - 1] = '\0'; byte_array = convert_string_to_hex(msu_hex_dump, &nbytes); if (byte_array) { - mtp3_tvb = tvb_new_child_real_data(tvb, byte_array, (guint)nbytes, + mtp3_tvb = tvb_new_child_real_data(tvb, byte_array, (guint)nbytes, (guint)nbytes + chars_truncated / 2); - tvb_set_free_cb(mtp3_tvb, g_free); + tvb_set_free_cb(mtp3_tvb, g_free); /* ...and add the encapsulated MSU as a new data source so that it gets * its own tab in the packet bytes pane. */ @@ -261,7 +261,7 @@ dissect_syslog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) reported_msg_len = tvb_reported_length_remaining(tvb, msg_off); mtp3_tvb = mtp3_msu_present(tvb, pinfo, fac, lev, msg_str, - (reported_msg_len - msg_len)); + (reported_msg_len - msg_len)); if (mtp3_tvb == NULL) { if (pri >= 0) { @@ -296,7 +296,7 @@ dissect_syslog(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (mtp3_tvb) { proto_item *mtp3_item; mtp3_item = proto_tree_add_boolean(syslog_tree, hf_syslog_msu_present, - tvb, msg_off, msg_len, TRUE); + tvb, msg_off, msg_len, TRUE); PROTO_ITEM_SET_GENERATED(mtp3_item); } } @@ -317,24 +317,24 @@ void proto_register_syslog(void) static hf_register_info hf[] = { { &hf_syslog_facility, { "Facility", "syslog.facility", - FT_UINT8, BASE_DEC, VALS(long_fac), FACILITY_MASK, - "Message facility", HFILL } + FT_UINT8, BASE_DEC, VALS(long_fac), FACILITY_MASK, + "Message facility", HFILL } }, { &hf_syslog_level, { "Level", "syslog.level", - FT_UINT8, BASE_DEC, VALS(long_lev), PRIORITY_MASK, - "Message level", HFILL } + FT_UINT8, BASE_DEC, VALS(long_lev), PRIORITY_MASK, + "Message level", HFILL } }, { &hf_syslog_msg, { "Message", "syslog.msg", - FT_STRING, BASE_NONE, NULL, 0x0, - "Message Text", HFILL } + FT_STRING, BASE_NONE, NULL, 0x0, + "Message Text", HFILL } }, { &hf_syslog_msu_present, { "SS7 MSU present", "syslog.msu_present", - FT_BOOLEAN, BASE_NONE, NULL, 0x0, - "True if an SS7 MSU was detected in the syslog message", - HFILL } + FT_BOOLEAN, BASE_NONE, NULL, 0x0, + "True if an SS7 MSU was detected in the syslog message", + HFILL } } }; @@ -362,3 +362,16 @@ proto_reg_handoff_syslog(void) /* Find the mtp3 dissector */ mtp_handle = find_dissector("mtp3"); } + +/* + * Editor modelines - http://www.wireshark.org/tools/modelines.html + * + * Local Variables: + * c-basic-offset: 2 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * ex: set shiftwidth=2 tabstop=8 expandtab: + * :indentSize=2:tabSize=8:noTabs=true: + */ |