Re: [tcpdump-workers] [libpcap] Add Android, kmsg and text DLT vales (#28)

2013-04-12 Thread Michael Richardson 

{please use the mailing list}

> "MichalLabedzki" == MichalLabedzki   writes:
MichalLabedzki> 1. Android - Android has binary logs knows as
MichalLabedzki> Logger/Logcat (adb logcat -Bf file.logcat). One
MichalLabedzki> packet is one log, timestamps is also
MichalLabedzki> available. This semms to be similar to currently
MichalLabedzki> exists DBus support in libpcap. Please see example
MichalLabedzki> Wireshark implementation:
MichalLabedzki> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8279 

As an Android hacker, I'm not sure that I see the value in a pcap format
of this.  The contents of these logs are generally unstructured, vs dbus
messages which have a definite structure to them.

MichalLabedzki> 2. Linux kernel messages (/dev/kmsg or /proc/kmsg,
MichalLabedzki> available tool: dmesg) - captures of kernel messages
MichalLabedzki> could be interested from bug analyse side (together
MichalLabedzki> with protocol payload). I am working on implementing
MichalLabedzki> this for libpcap and Wireshark. See
MichalLabedzki>
MichalLabedzki> 
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/Documentation/ABI/testing/dev-kmsg
 


Again, I these are generally unstructured output.

MichalLabedzki> 3. Text - (text-file) also see
MichalLabedzki>
MichalLabedzki> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8279 
for example Wireshark implementation 
MichalLabedzki> One line can be treat as Wireshark packet - it could
MichalLabedzki> be useful for code review, because you can add
MichalLabedzki> comment on line what you like. Also can be used for
MichalLabedzki> text-based interfaces like console/tty.  

-- 
]   Never tell me the odds! | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works| network architect  [ 
] m...@sandelman.ca  http://www.sandelman.ca/|   ruby on rails[ 

___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

[tcpdump-workers] Hardlings and absolute paths

2013-04-12 Thread Flemming H. Sørensen 
Hello,

While building libpcap and tcpdump on Pyro, I noticed something in 
libpcap/Makefile.in; You're using hard links, and absolute paths.

Hardlinks: This may work well on most systems, but our native filesystem 
doesn't support hardlinks, so it would really be appreciated, if it was changed 
to symlinks. You already use symlinks in other places.

Absolute paths: This may work well, if every individual users builds it, and 
installs directly to the location in which they want it. I do, however, feel it 
would be nice to have relative paths, so the package can be moved around. You 
already use relative paths in other places.

As the mentioned issues are only affect the man(3) pages, the suggested changes 
shouldn't cause any unforeseen problems.

I hope you will take my suggestions under advisement. Patch attached.


Best regards
Flemming H. Sørensen
The Pyro OS Team
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Hardlings and absolute paths

2013-04-12 Thread Guy Harris 

On Apr 12, 2013, at 9:45 AM, "Flemming H. Sørensen" 
 wrote:

> I hope you will take my suggestions under advisement. Patch attached.

No, it's not attached; your message had no attachment.  Did it not get 
attached, or did the attachment get stripped off by, for example, the mailing 
list processor for tcpdump-workers?
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Hardlings and absolute paths

2013-04-12 Thread Michael Richardson 

> "Flemming" == Flemming H Sørensen  writes:
Flemming> I hope you will take my suggestions under
Flemming> advisement. Patch attached. 

Patch not attached. Please use github.

___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Hardlings and absolute paths

2013-04-12 Thread Flemming H. Sørensen 
I looks like it was stripped off: Here's a download link:
http://pyro-os.org/STORAGE/libpcap.patch.gz

// Flemming


>On Apr 12, 2013, at 9:45 AM, "Flemming H. Sørensen" 
> wrote:
>
>> I hope you will take my suggestions under advisement. Patch attached.
>
>No, it's not attached; your message had no attachment.  Did it not get 
>attached, or did the attachment get stripped off by, for example, the mailing 
>list processor for tcpdump-workers?
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] [libpcap] Add Android, kmsg and text DLT vales (#28)

2013-04-12 Thread Guy Harris 

On Apr 12, 2013, at 6:37 AM, Michael Richardson  wrote:

> {please use the mailing list}

Yes, this is where new link-layer type requests should be made.

>MichalLabedzki> 3. Text - (text-file) also see
>MichalLabedzki>
>MichalLabedzki> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8279 
> for example Wireshark implementation

And see my comments, where I really don't see the point in doing this in 
Wireshark, and so *really* really don't see the point of doing it in arbitrary 
packet-capture programs.

>MichalLabedzki> One line can be treat as Wireshark packet - it could
>MichalLabedzki> be useful for code review, because you can add
>MichalLabedzki> comment on line what you like.

This is a rather extreme case of bending a tool for a purpose for which it 
wasn't intended.  Perhaps what's needed here are better code-review tools, not 
trying to make a packet sniffer into a code review tool.

>MichalLabedzki> Also can be used for
>MichalLabedzki> text-based interfaces like console/tty.  

So can vi and emacs.
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Hard links and absolute paths

2013-04-12 Thread Guy Harris 

On Apr 12, 2013, at 9:45 AM, "Flemming H. Sørensen" 
 wrote:

> While building libpcap and tcpdump on Pyro, I noticed something in 
> libpcap/Makefile.in; You're using hard links, and absolute paths.
> 
> Hardlinks: This may work well on most systems, but our native filesystem 
> doesn't support hardlinks, so it would really be appreciated, if it was 
> changed to symlinks.

You might have to ask this of other packages as well, if they're being ported 
to your OS, as that's what at least some do:

$ cd /usr/share/man/man3
$ ls -li rpc.3 auth_destroy.3
17677220 -r--r--r--  64 root  wheel  30305 Mar  1 13:01 auth_destroy.3
17677220 -r--r--r--  64 root  wheel  30305 Mar  1 13:01 rpc.3

However, whilst the OS on which I typed that and its native file system support 
hardlinks (albeit with a somewhat greasy implementation hack on the native file 
system in question, which was not created as a UN*X file system but was 
hammered into acting as one), the man page for at least one of its APIs uses 
symlinks for alias names:

$ ls -l acl_create_entry*.3
-rw-r--r--  1 root  wheel  3288 Mar  1 13:01 acl_create_entry.3
lrwxr-xr-x  1 root  wheel18 Mar  1 13:01 acl_create_entry_np.3 -> 
acl_create_entry.3

and, these days, I'm not sure any UN*X we would have a reason to care about 
these days supports only hard links, and we use symlinks elsewhere, so using 
symlinks is probably OK here.

> Absolute paths: This may work well, if every individual users builds it, and 
> installs directly to the location in which they want it. I do, however, feel 
> it would be nice to have relative paths, so the package can be moved around. 
> You already use relative paths in other places.

Umm, the reason why we're using absolute paths is that we're using hard links; 
we have to link $MANDIR/man3/foo.3pcap to $MANDIR/man3/bar.3pcap - linking 
foo.3pcap to $MANDIR/man3/bar.3pcap won't work (it will either plant foo.3pcap 
in the build directory rather than $MANDIR/man3 or will fail with EXDEV).

If we were to use *symbolic* links, *then* relative paths would be the right 
thing to use.

___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Hardlings and absolute paths

2013-04-12 Thread Flemming H. Sørensen 
I guess that wouldwork as well.

// Flemming

>Autoconf has an AC_PROG_LN_S macro which sets LN_S to 'ln -s' or 'cp -p'
>as appropriate. Would it be better to use that instead?
>
>On 4/12/13 11:12 AM, Flemming H. Sørensen wrote:
>> I looks like it was stripped off: Here's a download link:
>> http://pyro-os.org/STORAGE/libpcap.patch.gz
>> 
>> // Flemming
>> 
>> 
>>> On Apr 12, 2013, at 9:45 AM, "Flemming H. Sørensen" 
>>>  wrote:
>>>
 I hope you will take my suggestions under advisement. Patch attached.
>>>
>>> No, it's not attached; your message had no attachment.  Did it not get 
>>> attached, or did the attachment get stripped off by, for example, the 
>>> mailing list processor for tcpdump-workers?
>> ___
>> tcpdump-workers mailing list
>> tcpdump-workers@lists.tcpdump.org
>> https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
>> 
>
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers