tcpdump mailing list archives

Re: Small configure diff to use pflog header from

From: Max Laier <max () love2party net>
Date: Mon, 3 Sep 2007 22:22:33 +0200

On Sunday 08 July 2007, Guy Harris wrote:

Max Laier wrote:

the attached makes libpcap and tcpdump use pfvar.h/if_pflog.h from
the host system (if available) - which is what most people will
want[*].


What most people want, I think, is to be able to capture on the pflog
interface and read pflog files, regardless of how that happens; if that
can be done without using the host system's if_pflog.h, they probably
won't care.

If the DLT_ value for pflog files were changed every time the pflog
header was changed, that could be done.  Unfortunately, that hasn't
happened (at least one OpenBSD change doesn't appear to have been
accompanied by a DLT_ value change), so, at least for formats used in
the past, that can't be fixed.

Given that, unless the various systems supporting pflog interfaces are
willing to agree to have, in the future, different DLT_ values for
different pflog headers (which would probably mean introducing new DLT_
values for all systems, so we can start afresh), my inclination would
be to completely omit support for pflog files on systems that don't
have a <net/if_pflog.h> header.  (Unfortunately, we can't handle the
case of a pflog file from, for example, OpenBSD 3.4 through 3.7 being
read on OpenBSD 3.8 through 4.1 - the header format changed, but the
DLT_ value didn't - so the only way to detect that is to see that
tcpdump etc. just show junk.)

As such, I'd be willing to check the change in - if it were modified to
completely remove DLT_PFLOG support if there is no <net/if_pflog.h>
header, as a change to make it handle only headers for the OS and
version on which it's built would imply no support if a given
OS+version doesn't *have* pflog.


Sorry for dropping the ball on this one.  Please see attached for the 
updated diffs.  After this "pf.h" can be removed from the sources as it 
is no longer referenced.

Is this what you were thinking about?

-- 
/"\  Best regards,                      | mlaier () freebsd org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

Attachment: tcpdump.patch
Description:

Attachment: libpcap.patch
Description:

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

Small configure diff to use pflog header from host Max Laier (Jul 01)
- Re: Small configure diff to use pflog header from host Max Laier (Jul 06)
- Re: Small configure diff to use pflog header from Guy Harris (Jul 08)
  - Re: Small configure diff to use pflog header from Max Laier (Jul 08)
  - Re: Small configure diff to use pflog header from Max Laier (Sep 03)
    - Re: Small configure diff to use pflog header from Max Laier (Sep 12)
    - Re: Small configure diff to use pflog header from Guy Harris (Sep 12)
    - tcpdump 3.9.8 / libpcap 0.9.8 releases coming shortly Ken Bantoft (Sep 12)
    - Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming Pekka Savola (Sep 12)
    - Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming Ken Bantoft (Sep 13)
    - Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming shortly Abeni Paolo (Sep 12)
    - Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming Ken Bantoft (Sep 13)
    - Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming Ken Bantoft (Sep 13)
    - Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming Guy Harris (Sep 13)
    - Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming shortly Gianluca Varenni (Sep 13)

(Thread continues...)