On 2/5/2015 2:11 PM, Pedro Giffuni wrote: > > On 02/05/15 13:30, Luigi Rizzo wrote: >> Hi, >> the update to tcpdump 4.6.2 also lost svn272451 and 272653 (addition of >> CAP_EVENT to the capabilities given to tcpdump). >> >> Given this and the other bug fixed in 277638, I am not sure if there >> are other local changes that have been lost in the merge. >> Also I wonder whether there is something we should have done >> differently when applying local changes to code in contrib/ to make >> sure that the merge from vendor does not overwrite them ? >> >> cheers >> luigi > > FWIW, I think what happened here is that upstream merged > our capsicum changes only partially and the corresponding clash > made it difficult to understand what came from where. > > If our local changes are too big and upstream is very active, > this complexity is unavoidable but it is always good to try to > upstream all that we can, and the tcpdump maintainers have > been rather open to taking changes. > > Cheers, > > Pedro.
I've been sitting on a change for a while that I don't think upstream can take. https://people.freebsd.org/~bdrewery/patches/tcpdump-pflog-uid.diff is a version of the patch. I'm not sure if it was my final one. I would need to test again before committing. The problem is that pf is implemented differently on FreeBSD and OpenBSD for pid/uid tracking. The code would be overly complex to support both and I gave up on that. Even getting it to work on FreeBSD required the _KERNEL define hack for UID_MAX, which our pf uses to note 'no uid value'. I was considering committing this, but was not sure on the proper way to note our changes. #if __FreeBSD__ was my guess. -- Regards, Bryan Drewery
signature.asc
Description: OpenPGP digital signature
