Re: tcpdump -A: really printable characters

2015-07-13 Thread lists 
Historic overview of OpenBSD across platforms has always been intriguing
to say the least.

 I sent a mail to naddy mentioning that a long time ago (feels like 10
 years ago) we talked about using vis, but this would have made our

Ignore this if it wastes time, what is 'vis' and is it platform /
architecture specific? Rather means to get what it was planned to
achieve probably..

 tcpdump far too different from others.  Not that it is very similar,
 because of the baked-in privsep work.  Which reminds me... I have a
 diff to send out...

Could you draw some lines in the sand for people anticipating tame?

Re: tcpdump -A: really printable characters

2015-07-13 Thread ludovic coues 
2015-07-13 13:14 GMT+02:00  li...@wrant.com:
 Ignore this if it wastes time, what is 'vis' and is it platform /
 architecture specific? Rather means to get what it was planned to
 achieve probably..

$ man vis
[...]
NAME
vis ─ display non-printable characters in a visual format


-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: tcpdump -A: really printable characters

2015-07-12 Thread Christian Weisgerber 
Sebastien Marie:

  --- tcpdump.c   18 Apr 2015 18:28:38 -  1.70
  +++ tcpdump.c   11 Jul 2015 20:35:11 -
  @@ -603,8 +603,10 @@ default_print_ascii(const u_char *cp, un
  printf(\n);
  for (i = 0; i  length; i++) {
  c = cp[i];
  -   c = isprint(c) || isspace(c) ? c : '.';
  -   putchar(c);
  +   if (isprint(c) || c == '\t' || c == '\n' || c == '\r')
 
 does printing '\r' will allow overriding previously printed char on line ?

Yes.  I thought of this, but note that default_print_ascii() is
only used for -A output, not for -X, and that all human-readable
protocols (SMTP, SIP, ...), which are the ones where you might want
to use -A in the first place, have \r\n line endings.  If you need
to see the exact bytes, use -X.

-- 
Christian naddy Weisgerber  na...@mips.inka.de

Re: tcpdump -A: really printable characters

2015-07-12 Thread Sebastien Marie 
On Sun, Jul 12, 2015 at 01:53:54PM +0200, Christian Weisgerber wrote:
 Sebastien Marie:
 
   --- tcpdump.c 18 Apr 2015 18:28:38 -  1.70
   +++ tcpdump.c 11 Jul 2015 20:35:11 -
   @@ -603,8 +603,10 @@ default_print_ascii(const u_char *cp, un
 printf(\n);
 for (i = 0; i  length; i++) {
 c = cp[i];
   - c = isprint(c) || isspace(c) ? c : '.';
   - putchar(c);
   + if (isprint(c) || c == '\t' || c == '\n' || c == '\r')
  
  does printing '\r' will allow overriding previously printed char on line ?
 
 Yes.  I thought of this, but note that default_print_ascii() is
 only used for -A output, not for -X, and that all human-readable
 protocols (SMTP, SIP, ...), which are the ones where you might want
 to use -A in the first place, have \r\n line endings.  If you need
 to see the exact bytes, use -X.
 

It makes sens. And it is the same as the previous behaviour (\r was
already printed).

OK semarie@
-- 
Sebastien Marie

tcpdump -A: really printable characters

2015-07-11 Thread Christian Weisgerber 
I was looking at some SIP traffic (urgh) with tcpdump -A | less and
wondered why ^K and ^L were considered printable characters.  Let's
tighten this a bit.  Equivalent to what tcpdump.org has.

OK?

Index: tcpdump.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v
retrieving revision 1.70
diff -u -p -r1.70 tcpdump.c
--- tcpdump.c   18 Apr 2015 18:28:38 -  1.70
+++ tcpdump.c   11 Jul 2015 20:35:11 -
@@ -603,8 +603,10 @@ default_print_ascii(const u_char *cp, un
printf(\n);
for (i = 0; i  length; i++) {
c = cp[i];
-   c = isprint(c) || isspace(c) ? c : '.';
-   putchar(c);
+   if (isprint(c) || c == '\t' || c == '\n' || c == '\r')
+   putchar(c);
+   else
+   putchar('.');
}
 }
 
-- 
Christian naddy Weisgerber  na...@mips.inka.de

Re: tcpdump -A: really printable characters

2015-07-11 Thread Sebastien Marie 
On Sat, Jul 11, 2015 at 10:45:44PM +0200, Christian Weisgerber wrote:
 I was looking at some SIP traffic (urgh) with tcpdump -A | less and
 wondered why ^K and ^L were considered printable characters.  Let's
 tighten this a bit.  Equivalent to what tcpdump.org has.
 
 OK?
 
 Index: tcpdump.c
 ===
 RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v
 retrieving revision 1.70
 diff -u -p -r1.70 tcpdump.c
 --- tcpdump.c 18 Apr 2015 18:28:38 -  1.70
 +++ tcpdump.c 11 Jul 2015 20:35:11 -
 @@ -603,8 +603,10 @@ default_print_ascii(const u_char *cp, un
   printf(\n);
   for (i = 0; i  length; i++) {
   c = cp[i];
 - c = isprint(c) || isspace(c) ? c : '.';
 - putchar(c);
 + if (isprint(c) || c == '\t' || c == '\n' || c == '\r')

does printing '\r' will allow overriding previously printed char on line ?

$ echo 'bad thing\rgood thing'
good thing

 + putchar(c);
 + else
 + putchar('.');
   }
  }
  

-- 
Sebastien Marie

Re: tcpdump -A: really printable characters

2015-07-11 Thread Theo de Raadt 
  Index: tcpdump.c
  ===
  RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v
  retrieving revision 1.70
  diff -u -p -r1.70 tcpdump.c
  --- tcpdump.c   18 Apr 2015 18:28:38 -  1.70
  +++ tcpdump.c   11 Jul 2015 20:35:11 -
  @@ -603,8 +603,10 @@ default_print_ascii(const u_char *cp, un
  printf(\n);
  for (i = 0; i  length; i++) {
  c = cp[i];
  -   c = isprint(c) || isspace(c) ? c : '.';
  -   putchar(c);
  +   if (isprint(c) || c == '\t' || c == '\n' || c == '\r')
 
 does printing '\r' will allow overriding previously printed char on line ?
 
 $ echo 'bad thing\rgood thing'
 good thing

Hah, yeah pretty bad.

I sent a mail to naddy mentioning that a long time ago (feels like 10
years ago) we talked about using vis, but this would have made our
tcpdump far too different from others.  Not that it is very similar,
because of the baked-in privsep work.  Which reminds me... I have a
diff to send out...