Re: [patch] Teach tcpdump to recognize new OpenBSD pflog packets

[Eygene Ryabinkin <rea-tcpdump () codelabs ru>]

Max, good day.

Thu, Sep 27, 2007 at 05:07:11PM +0200, Max Laier wrote:
> > Cc'ing him.  Max, what do you think about it?
>
> My plan is to import the new releases with my "fix" to FreeBSD in the next 
> few days.  From my experience and feedback from various sources the need 
> to look at old pflog dumps is rather small (if not non-existing).

I have a bunch of old pflog dumps on my firewalls saved for the
inspection (I have ones going back to 2005), so it is definitely
not non-existing ;))

Is there any good reason to avoid messing with the size of the
pflog header, as I did in the patch?  Just now it is equivalent
to the inspection of the DLT_ value.  Sure, OpenBSD people can
later decide to reshuffle the fields once more without disturbing
the structure size.  This is the only argument that comes to my
mind, but such change does not happened yet, so why bother in
advance?

Anyway, could you please take a look at the FreeBSD's bin/116610,
it was recently assigned to the pf team and it is duplicating
my effort to push the patch here.  If you will decide to drop
my changes -- please, close the PR too.

Thanks!
-- 
Eygene
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.