tcpdump mailing list archives
Re: Small configure diff to use pflog header from
From: Max Laier <max () love2party net>
Date: Mon, 9 Jul 2007 00:53:25 +0200
On Sunday 08 July 2007, Guy Harris wrote:
Max Laier wrote:the attached makes libpcap and tcpdump use pfvar.h/if_pflog.h from the host system (if available) - which is what most people will want[*].What most people want, I think, is to be able to capture on the pflog interface and read pflog files, regardless of how that happens; if that can be done without using the host system's if_pflog.h, they probably won't care. If the DLT_ value for pflog files were changed every time the pflog header was changed, that could be done. Unfortunately, that hasn't happened (at least one OpenBSD change doesn't appear to have been accompanied by a DLT_ value change), so, at least for formats used in the past, that can't be fixed. Given that, unless the various systems supporting pflog interfaces are willing to agree to have, in the future, different DLT_ values for different pflog headers (which would probably mean introducing new DLT_ values for all systems, so we can start afresh), my inclination would be to completely omit support for pflog files on systems that don't have a <net/if_pflog.h> header. (Unfortunately, we can't handle the case of a pflog file from, for example, OpenBSD 3.4 through 3.7 being read on OpenBSD 3.8 through 4.1 - the header format changed, but the DLT_ value didn't - so the only way to detect that is to see that tcpdump etc. just show junk.) As such, I'd be willing to check the change in - if it were modified to completely remove DLT_PFLOG support if there is no <net/if_pflog.h> header, as a change to make it handle only headers for the OS and version on which it's built would imply no support if a given OS+version doesn't *have* pflog.
I'll resubmit a changed version of the patch tomorrow. Thanks. -- /"\ Best regards, | mlaier () freebsd org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Small configure diff to use pflog header from host Max Laier (Jul 01)
- Re: Small configure diff to use pflog header from host Max Laier (Jul 06)
- Re: Small configure diff to use pflog header from Guy Harris (Jul 08)
- Re: Small configure diff to use pflog header from Max Laier (Jul 08)
- Re: Small configure diff to use pflog header from Max Laier (Sep 03)
- Re: Small configure diff to use pflog header from Max Laier (Sep 12)
- Re: Small configure diff to use pflog header from Guy Harris (Sep 12)
- tcpdump 3.9.8 / libpcap 0.9.8 releases coming shortly Ken Bantoft (Sep 12)
- Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming Pekka Savola (Sep 12)
- Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming Ken Bantoft (Sep 13)
- Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming shortly Abeni Paolo (Sep 12)
- Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming Ken Bantoft (Sep 13)
- Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming Ken Bantoft (Sep 13)
- Re: tcpdump 3.9.8 / libpcap 0.9.8 releases coming Guy Harris (Sep 13)