From da6a780adf41e6d89d9c69d66144f73e70af5173 Mon Sep 17 00:00:00 2001
From: Roberto Moreda <moreda@allenta.com>
Date: Sun, 8 Mar 2015 00:39:54 +0100
Subject: [PATCH] Added support for aschex encoding payload

---
 src/output-plugins/spo_syslog_full.c | 13 ++++++++
 src/output-plugins/spo_syslog_full.h |  1 +
 src/util.c                           | 48 ++++++++++++++++++++++++++++
 src/util.h                           |  1 +
 4 files changed, 63 insertions(+)

diff --git a/src/output-plugins/spo_syslog_full.c b/src/output-plugins/spo_syslog_full.c
index f02b547..0b670a4 100644
--- a/src/output-plugins/spo_syslog_full.c
+++ b/src/output-plugins/spo_syslog_full.c
@@ -861,6 +861,15 @@ int Syslog_FormatPayload(OpSyslog_Data *data, Packet *p) {
 	    }
 	    break;
 
+  case ENCODE_ASCHEX:
+      if( (aschex_STATIC(p->pkt,p->pkth->caplen,
+            data->payload_escape_buffer)))
+      {
+    /* XXX */
+    return 1;
+      }
+      break;
+
 	default:
 	    FatalError("[%s()]: Unknown encoding payload scheme [%d] \n",
 		       __FUNCTION__,
@@ -1438,6 +1447,10 @@ OpSyslog_Data *OpSyslog_ParseArgs(char *args)
                     {
                         op_data->payload_encoding = ENCODE_BASE64;
                     }
+                    else if(strcasecmp("aschex",stoks[1]) == 0)
+                    {
+                        op_data->payload_encoding = ENCODE_ASCHEX;
+                    }
 		    else
                     {
                         LogMessage("Invalid payload_encoding defined [%s], will use HEX encoding by default \n",stoks[1]);
diff --git a/src/output-plugins/spo_syslog_full.h b/src/output-plugins/spo_syslog_full.h
index 1f930dc..69b0987 100644
--- a/src/output-plugins/spo_syslog_full.h
+++ b/src/output-plugins/spo_syslog_full.h
@@ -52,6 +52,7 @@
 #define ENCODE_HEX    0x0000
 #define ENCODE_ASCII  0x0001
 #define ENCODE_BASE64 0x0002
+#define ENCODE_ASCHEX 0x0003
 
 #define SYSLOG_MAX_QUERY_SIZE MAX_QUERY_LENGTH  
 
diff --git a/src/util.c b/src/util.c
index 2a2d7a4..2068949 100644
--- a/src/util.c
+++ b/src/util.c
@@ -2595,6 +2595,54 @@ u_int32_t fasthex_STATIC(const u_char *xdata, int length,char *retbuf)
     return 0;
 }
 
+u_int32_t aschex_STATIC(const u_char *xdata, int length, char *retbuf) {
+    char conv[] = "0123456789ABCDEF";
+    char *asc_msg;
+    char *hex_msg;
+    const u_char *index;
+    char *ridx;
+
+    if (xdata == NULL ||
+        retbuf == NULL ||
+        (length *3) + 2 > MAX_QUERY_LENGTH ) {
+        return 1;
+    }
+
+    asc_msg = malloc(MAX_QUERY_LENGTH);
+    hex_msg = malloc(MAX_QUERY_LENGTH);
+    if (asc_msg == NULL || hex_msg == NULL) {
+        FatalError("aschex_STATIC(): Can't allocate memory\n");
+    }
+
+    /* Obtain ascii msg */
+    memset(asc_msg, '\0', MAX_QUERY_LENGTH);
+    index = xdata;
+    ridx = asc_msg;
+    while (index < xdata + length) {
+        if (*index > 0x20 && *index < 0x7F) *ridx++ = *index;
+        else *ridx++ = '.';
+        index++;
+    }
+
+    /* Obtain hex msg */
+    memset(hex_msg, '\0', MAX_QUERY_LENGTH);
+    index = xdata;
+    ridx = hex_msg;
+    while (index < xdata + length) {
+        *ridx++ = conv[((*index & 0xFF)>>4)];
+        *ridx++ = conv[((*index & 0xFF)&0x0F)];
+        index++;
+    }
+
+    /* Concat asc and hex msgs */
+    snprintf(retbuf, MAX_QUERY_LENGTH, "%s %s", asc_msg, hex_msg);
+
+    /* Free local resources */
+    free(asc_msg);
+    free(hex_msg);
+
+    return 0;
+}
 
 /*
  *   Fatal Integer Parser
diff --git a/src/util.h b/src/util.h
index f3fb900..1ea5136 100644
--- a/src/util.h
+++ b/src/util.h
@@ -221,6 +221,7 @@ int GetLocalTimezone();
 u_int32_t fasthex_STATIC(const u_char *xdata, int length,char *retbuf);
 u_int32_t base64_STATIC(const u_char * xdata, int length,char *output);
 u_int32_t ascii_STATIC(const u_char *xdata, int length,char *ret_val);
+u_int32_t aschex_STATIC(const u_char *xdata, int length,char *ret_val);
 
 u_int32_t GetTimestampByComponent_STATIC(uint32_t sec, uint32_t usec, int tz,char *buf);
 u_int32_t GetTimestampByStruct_STATIC(register const struct timeval *tvp, int tz,char *buf);