[syslog-ng] [PATCH] [dbparser] SET parser

27 Nov 2011

Hi,

based on Evan's idea, please find a patch attached, that implements the 
SET parser that matches any number of characters specified as its 
parameters.

Balint

commit ad5da5958104a1dcf5e2492370cbb7037815c3ae
Author: Balint Kovacs <blint@balabit.hu>
Date:   Sun Nov 27 18:40:28 2011 +0100

     [dbparser] Implemented SET parser

     The SET parser matches any characters specified in its parameter list
     without further checks. This is a generic solution for the need of
     matching and arbitrary number of whitespaces in messages with padding
     for fields

     Reported-By: Evan Rempel <erempel@uvic.ca>
     Signed-Off-By: Balint Kovacs <blint@balabit.hu>

diff --git a/modules/dbparser/radix.c b/modules/dbparser/radix.c
index 6afa9a4..8c43709 100644
--- a/modules/dbparser/radix.c
+++ b/modules/dbparser/radix.c
@@ -116,6 +116,21 @@ r_parser_anystring(guint8 *str, gint *len, const 
gchar *param, gpointer state, R
  }

  gboolean
+r_parser_set(guint8 *str, gint *len, const gchar *param, gpointer 
state, RParserMatch *match)
+{
+  *len = 0;
+
+  while (param && strchr(param, str[*len]))
+    (*len)++;
+
+  if (*len > 0)
+    {
+      return TRUE;
+    }
+  return FALSE;
+}
+
+gboolean
  r_parser_ipv4(guint8 *str, gint *len, const gchar *param, gpointer 
state, RParserMatch *match)
  {
    gint dots = 0;
@@ -379,6 +394,21 @@ r_new_pnode(guint8 *key)
        parser_node->parse = r_parser_anystring;
        parser_node->type = RPT_ANYSTRING;
      }
+  else if (strcmp(params[0], "SET") == 0)
+    {
+      if (params_len == 3)
+        {
+          parser_node->parse = r_parser_estring_c;
+          parser_node->type = RPT_ESTRING;
+        }
+      else
+        {
+          g_free(parser_node);
+          msg_error("Missing SET parser parameters",
+                     evt_tag_str("type", params[0]), NULL);
+          parser_node = NULL;
+        }
+    }
    else if (g_str_has_prefix(params[0], "QSTRING"))
      {
        if (params_len == 3)
diff --git a/modules/dbparser/radix.h b/modules/dbparser/radix.h
index 9082419..9756dfe 100644
--- a/modules/dbparser/radix.h
+++ b/modules/dbparser/radix.h
@@ -40,7 +40,8 @@ enum
    RPT_ANYSTRING,
    RPT_IPV6,
    RPT_IP,
-  RPT_FLOAT
+  RPT_FLOAT,
+  RPT_SET
  };

  typedef struct _RParserMatch
@@ -124,6 +125,8 @@ r_parser_type_name(guint8 type)
          return "IP";
        case RPT_FLOAT:
          return "FLOAT";
+      case RPT_SET:
+        return "SET";
        default:
          return "UNKNOWN";
      }

    