aboutsummaryrefslogtreecommitdiff
path: root/src/lib/protocols/syslog.c
diff options
context:
space:
mode:
authorLuca <deri@ntop.org>2015-07-01 17:40:14 +0200
committerLuca <deri@ntop.org>2015-07-01 17:40:14 +0200
commit60884f9047882863d27f7e8f5fb760897c599800 (patch)
tree2b09f2ec1a551b59a98baee790c858fb3e038ffe /src/lib/protocols/syslog.c
parent49ea23530f876930896dc5aa6a84ef6219589171 (diff)
Split former protocol into upper and lower protocol
Diffstat (limited to 'src/lib/protocols/syslog.c')
-rw-r--r--src/lib/protocols/syslog.c136
1 files changed, 68 insertions, 68 deletions
diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c
index 108a490a4..2d578b2cc 100644
--- a/src/lib/protocols/syslog.c
+++ b/src/lib/protocols/syslog.c
@@ -27,104 +27,104 @@
#ifdef NDPI_PROTOCOL_SYSLOG
static void ndpi_int_syslog_add_connection(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
+ *ndpi_struct, struct ndpi_flow_struct *flow)
{
- ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SYSLOG);
+ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SYSLOG, NDPI_PROTOCOL_UNKNOWN);
}
void ndpi_search_syslog(struct ndpi_detection_module_struct
- *ndpi_struct, struct ndpi_flow_struct *flow)
+ *ndpi_struct, struct ndpi_flow_struct *flow)
{
- struct ndpi_packet_struct *packet = &flow->packet;
+ struct ndpi_packet_struct *packet = &flow->packet;
-// struct ndpi_id_struct *src=ndpi_struct->src;
-// struct ndpi_id_struct *dst=ndpi_struct->dst;
+ // struct ndpi_id_struct *src=ndpi_struct->src;
+ // struct ndpi_id_struct *dst=ndpi_struct->dst;
- u_int8_t i;
+ u_int8_t i;
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "search syslog\n");
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "search syslog\n");
- if (packet->payload_packet_len > 20 && packet->payload_packet_len <= 1024 && packet->payload[0] == '<') {
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "checked len>20 and <1024 and first symbol=<.\n");
- i = 1;
+ if (packet->payload_packet_len > 20 && packet->payload_packet_len <= 1024 && packet->payload[0] == '<') {
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "checked len>20 and <1024 and first symbol=<.\n");
+ i = 1;
- for (;;) {
- if (packet->payload[i] < '0' || packet->payload[i] > '9' || i++ > 3) {
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG,
- "read symbols while the symbol is a number.\n");
- break;
- }
- }
+ for (;;) {
+ if (packet->payload[i] < '0' || packet->payload[i] > '9' || i++ > 3) {
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG,
+ "read symbols while the symbol is a number.\n");
+ break;
+ }
+ }
- if (packet->payload[i++] != '>') {
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "there is no > following the number.\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG);
- return;
- } else {
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "a > following the number.\n");
- }
+ if (packet->payload[i++] != '>') {
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "there is no > following the number.\n");
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG);
+ return;
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "a > following the number.\n");
+ }
- if (packet->payload[i] == 0x20) {
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "a blank following the >: increment i.\n");
- i++;
- } else {
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "no blank following the >: do nothing.\n");
- }
+ if (packet->payload[i] == 0x20) {
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "a blank following the >: increment i.\n");
+ i++;
+ } else {
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "no blank following the >: do nothing.\n");
+ }
- /* check for "last message repeated" */
- if (i + sizeof("last message") - 1 <= packet->payload_packet_len &&
- memcmp(packet->payload + i, "last message", sizeof("last message") - 1) == 0) {
+ /* check for "last message repeated" */
+ if (i + sizeof("last message") - 1 <= packet->payload_packet_len &&
+ memcmp(packet->payload + i, "last message", sizeof("last message") - 1) == 0) {
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "found syslog by 'last message' string.\n");
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "found syslog by 'last message' string.\n");
- ndpi_int_syslog_add_connection(ndpi_struct, flow);
+ ndpi_int_syslog_add_connection(ndpi_struct, flow);
- return;
- } else if (i + sizeof("snort: ") - 1 <= packet->payload_packet_len &&
- memcmp(packet->payload + i, "snort: ", sizeof("snort: ") - 1) == 0) {
+ return;
+ } else if (i + sizeof("snort: ") - 1 <= packet->payload_packet_len &&
+ memcmp(packet->payload + i, "snort: ", sizeof("snort: ") - 1) == 0) {
- /* snort events */
+ /* snort events */
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "found syslog by 'snort: ' string.\n");
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "found syslog by 'snort: ' string.\n");
- ndpi_int_syslog_add_connection(ndpi_struct, flow);
+ ndpi_int_syslog_add_connection(ndpi_struct, flow);
- return;
- }
+ return;
+ }
- if (memcmp(&packet->payload[i], "Jan", 3) != 0
- && memcmp(&packet->payload[i], "Feb", 3) != 0
- && memcmp(&packet->payload[i], "Mar", 3) != 0
- && memcmp(&packet->payload[i], "Apr", 3) != 0
- && memcmp(&packet->payload[i], "May", 3) != 0
- && memcmp(&packet->payload[i], "Jun", 3) != 0
- && memcmp(&packet->payload[i], "Jul", 3) != 0
- && memcmp(&packet->payload[i], "Aug", 3) != 0
- && memcmp(&packet->payload[i], "Sep", 3) != 0
- && memcmp(&packet->payload[i], "Oct", 3) != 0
- && memcmp(&packet->payload[i], "Nov", 3) != 0 && memcmp(&packet->payload[i], "Dec", 3) != 0) {
+ if (memcmp(&packet->payload[i], "Jan", 3) != 0
+ && memcmp(&packet->payload[i], "Feb", 3) != 0
+ && memcmp(&packet->payload[i], "Mar", 3) != 0
+ && memcmp(&packet->payload[i], "Apr", 3) != 0
+ && memcmp(&packet->payload[i], "May", 3) != 0
+ && memcmp(&packet->payload[i], "Jun", 3) != 0
+ && memcmp(&packet->payload[i], "Jul", 3) != 0
+ && memcmp(&packet->payload[i], "Aug", 3) != 0
+ && memcmp(&packet->payload[i], "Sep", 3) != 0
+ && memcmp(&packet->payload[i], "Oct", 3) != 0
+ && memcmp(&packet->payload[i], "Nov", 3) != 0 && memcmp(&packet->payload[i], "Dec", 3) != 0) {
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG,
- "no month-shortname following: syslog excluded.\n");
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG,
+ "no month-shortname following: syslog excluded.\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG);
- return;
+ return;
- } else {
+ } else {
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG,
- "a month-shortname following: syslog detected.\n");
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG,
+ "a month-shortname following: syslog detected.\n");
- ndpi_int_syslog_add_connection(ndpi_struct, flow);
+ ndpi_int_syslog_add_connection(ndpi_struct, flow);
- return;
- }
- }
- NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "no syslog detected.\n");
+ return;
+ }
+ }
+ NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "no syslog detected.\n");
- NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG);
+ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG);
}
#endif
Powered by cgit, Themed by Ted Yin.