tcpdump mailing list archives
Re: [patch] Teach tcpdump to recognize new OpenBSD pflog packets
From: Eygene Ryabinkin <rea-tcpdump () codelabs ru>
Date: Mon, 1 Oct 2007 11:56:24 +0400
Max, good day. Thu, Sep 27, 2007 at 05:07:11PM +0200, Max Laier wrote:
Cc'ing him. Max, what do you think about it?My plan is to import the new releases with my "fix" to FreeBSD in the next few days. From my experience and feedback from various sources the need to look at old pflog dumps is rather small (if not non-existing).
I have a bunch of old pflog dumps on my firewalls saved for the inspection (I have ones going back to 2005), so it is definitely not non-existing ;)) Is there any good reason to avoid messing with the size of the pflog header, as I did in the patch? Just now it is equivalent to the inspection of the DLT_ value. Sure, OpenBSD people can later decide to reshuffle the fields once more without disturbing the structure size. This is the only argument that comes to my mind, but such change does not happened yet, so why bother in advance? Anyway, could you please take a look at the FreeBSD's bin/116610, it was recently assigned to the pf team and it is duplicating my effort to push the patch here. If you will decide to drop my changes -- please, close the PR too. Thanks! -- Eygene - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: [patch] Teach tcpdump to recognize new OpenBSD pflog packets Eygene Ryabinkin (Oct 01)