On Sat, Feb 25, 2023 at 09:28:13AM -0300, Crystal Kolipe wrote: > On Sat, Feb 25, 2023 at 11:55:50AM +0100, Peter J. Philipp wrote: > > I have found this function in tcpdump/util.c called fn_printn() that escapes > > text. > > Why would we want to use this function instead of just passing the string > directly to vis? The transformation it performs is not even uniquely > invertible.
OK let me backtrack then. If we can't modify fn_printn() to use vis() then perhaps we should still write something for tcpdump/util.c and let other files (like tcpdump/print-pfsync.c) use it too. It makes sense to me, because there might be others like this print thing. I counted the print-*.c files and they were at 70 for 7.2, which I have just scraped the surface of this iceberg (I maybe examined 25 print-*.c's). If you prefer to do it that way too I'll look at writing a function for both print-pfsync.c and print-cdp.c. Otherwise what would you suggest? One more thing I want to mention. It's a feature request... It would be cool to have some sort of whitelist to what print-*.c's (*_print()) should be executed, which goes beyond the pcap filtering. Sort of a pledge for tcpdump protocols, in some sense. This would be so that some protocols deep down can't be executed which we don't want. The GRE underflow I detected wouldn't have been hit if it was possible to limit what protocols get executed. Ie. disallowing NSH, then it would have never segfaulted. Best Regards, -peter
