Matteo,
> all you need is at
>
> http://www.openbsd.org/cgi-bin/man.cgi?query=tcpdump&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
Thanks, but as I wrote:
>> I am getting a fair bit of log lines that are shown as
>> "rule def/(short)", and I can't find anything explaining
>> the meaning of things like "(short)" - the tcpdump man
>> page only lists "short" as one of the possible values,
>> without explaining what it means.
So the tcpdump(8) page states:
reason code True if the packet was logged with the specified PF
reason code. The known codes are: match, bad-offset,
fragment, short, normalize, memory, bad-timestamp,
congestion, ip-option, proto-cksum, state-mismatch,
state-insert, state-limit, src-limit, and synproxy
But... What does reason code "short" mean? What causes it? I am sure
the *meaning* of the reason codes are documented somewhere (rather
than just listing the possible codes), but I haven't found it. I guess
the next step is to look at the source.
Julf
