Re: tcpdump -A: really printable characters
Historic overview of OpenBSD across platforms has always been intriguing to say the least. I sent a mail to naddy mentioning that a long time ago (feels like 10 years ago) we talked about using vis, but this would have made our Ignore this if it wastes time, what is 'vis' and is it platform / architecture specific? Rather means to get what it was planned to achieve probably.. tcpdump far too different from others. Not that it is very similar, because of the baked-in privsep work. Which reminds me... I have a diff to send out... Could you draw some lines in the sand for people anticipating tame?
Re: tcpdump -A: really printable characters
2015-07-13 13:14 GMT+02:00 li...@wrant.com: Ignore this if it wastes time, what is 'vis' and is it platform / architecture specific? Rather means to get what it was planned to achieve probably.. $ man vis [...] NAME vis ─ display non-printable characters in a visual format -- Cordialement, Coues Ludovic +336 148 743 42
Re: tcpdump -A: really printable characters
Sebastien Marie: --- tcpdump.c 18 Apr 2015 18:28:38 - 1.70 +++ tcpdump.c 11 Jul 2015 20:35:11 - @@ -603,8 +603,10 @@ default_print_ascii(const u_char *cp, un printf(\n); for (i = 0; i length; i++) { c = cp[i]; - c = isprint(c) || isspace(c) ? c : '.'; - putchar(c); + if (isprint(c) || c == '\t' || c == '\n' || c == '\r') does printing '\r' will allow overriding previously printed char on line ? Yes. I thought of this, but note that default_print_ascii() is only used for -A output, not for -X, and that all human-readable protocols (SMTP, SIP, ...), which are the ones where you might want to use -A in the first place, have \r\n line endings. If you need to see the exact bytes, use -X. -- Christian naddy Weisgerber na...@mips.inka.de
Re: tcpdump -A: really printable characters
On Sun, Jul 12, 2015 at 01:53:54PM +0200, Christian Weisgerber wrote: Sebastien Marie: --- tcpdump.c 18 Apr 2015 18:28:38 - 1.70 +++ tcpdump.c 11 Jul 2015 20:35:11 - @@ -603,8 +603,10 @@ default_print_ascii(const u_char *cp, un printf(\n); for (i = 0; i length; i++) { c = cp[i]; - c = isprint(c) || isspace(c) ? c : '.'; - putchar(c); + if (isprint(c) || c == '\t' || c == '\n' || c == '\r') does printing '\r' will allow overriding previously printed char on line ? Yes. I thought of this, but note that default_print_ascii() is only used for -A output, not for -X, and that all human-readable protocols (SMTP, SIP, ...), which are the ones where you might want to use -A in the first place, have \r\n line endings. If you need to see the exact bytes, use -X. It makes sens. And it is the same as the previous behaviour (\r was already printed). OK semarie@ -- Sebastien Marie
tcpdump -A: really printable characters
I was looking at some SIP traffic (urgh) with tcpdump -A | less and wondered why ^K and ^L were considered printable characters. Let's tighten this a bit. Equivalent to what tcpdump.org has. OK? Index: tcpdump.c === RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v retrieving revision 1.70 diff -u -p -r1.70 tcpdump.c --- tcpdump.c 18 Apr 2015 18:28:38 - 1.70 +++ tcpdump.c 11 Jul 2015 20:35:11 - @@ -603,8 +603,10 @@ default_print_ascii(const u_char *cp, un printf(\n); for (i = 0; i length; i++) { c = cp[i]; - c = isprint(c) || isspace(c) ? c : '.'; - putchar(c); + if (isprint(c) || c == '\t' || c == '\n' || c == '\r') + putchar(c); + else + putchar('.'); } } -- Christian naddy Weisgerber na...@mips.inka.de
Re: tcpdump -A: really printable characters
On Sat, Jul 11, 2015 at 10:45:44PM +0200, Christian Weisgerber wrote: I was looking at some SIP traffic (urgh) with tcpdump -A | less and wondered why ^K and ^L were considered printable characters. Let's tighten this a bit. Equivalent to what tcpdump.org has. OK? Index: tcpdump.c === RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v retrieving revision 1.70 diff -u -p -r1.70 tcpdump.c --- tcpdump.c 18 Apr 2015 18:28:38 - 1.70 +++ tcpdump.c 11 Jul 2015 20:35:11 - @@ -603,8 +603,10 @@ default_print_ascii(const u_char *cp, un printf(\n); for (i = 0; i length; i++) { c = cp[i]; - c = isprint(c) || isspace(c) ? c : '.'; - putchar(c); + if (isprint(c) || c == '\t' || c == '\n' || c == '\r') does printing '\r' will allow overriding previously printed char on line ? $ echo 'bad thing\rgood thing' good thing + putchar(c); + else + putchar('.'); } } -- Sebastien Marie
Re: tcpdump -A: really printable characters
Index: tcpdump.c === RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v retrieving revision 1.70 diff -u -p -r1.70 tcpdump.c --- tcpdump.c 18 Apr 2015 18:28:38 - 1.70 +++ tcpdump.c 11 Jul 2015 20:35:11 - @@ -603,8 +603,10 @@ default_print_ascii(const u_char *cp, un printf(\n); for (i = 0; i length; i++) { c = cp[i]; - c = isprint(c) || isspace(c) ? c : '.'; - putchar(c); + if (isprint(c) || c == '\t' || c == '\n' || c == '\r') does printing '\r' will allow overriding previously printed char on line ? $ echo 'bad thing\rgood thing' good thing Hah, yeah pretty bad. I sent a mail to naddy mentioning that a long time ago (feels like 10 years ago) we talked about using vis, but this would have made our tcpdump far too different from others. Not that it is very similar, because of the baked-in privsep work. Which reminds me... I have a diff to send out...