>Synopsis: ngrep can't read OpenBSD pflog files >Category: ports amd64
>Environment:
System : OpenBSD 7.5
Details : OpenBSD 7.5-current (GENERIC) #146: Sun Jun 23
21:58:39 MDT 2024
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
tcpdump works as expected:
vm# tcpdump -nlq -r /var/log/pflog -c 1
18:38:59.703428 fd00::1.32597 > fd00::2.12345: tcp 0 [class 0x10]
[flowlabel 0x9608d]
But ngrep won't read OpenBSD pflog files correctly, including
timestamps:
vm# ngrep -q -t -I /var/log/pflog -n 1
input: /var/log/pflog
filter: (ip || ip6)
? 95740049/05/04 19:23:47.703428 P$.N.| -> #1
........._.......................................U09a.`..,.@...............
..................U096#[email protected]..
>How-To-Repeat:
ngrep -q -t I /var/log/pflog
>Fix:
Please have a look at the patch files attached, they seem to
fix the problem.
Thanks,
--Kor
patch-ngrep_c
Description: Binary data
patch-ngrep_h
Description: Binary data
