On Sunday 08 July 2007, Guy Harris wrote: > Max Laier wrote: > > the attached makes libpcap and tcpdump use pfvar.h/if_pflog.h from > > the host system (if available) - which is what most people will > > want[*]. > > What most people want, I think, is to be able to capture on the pflog > interface and read pflog files, regardless of how that happens; if that > can be done without using the host system's if_pflog.h, they probably > won't care. > > If the DLT_ value for pflog files were changed every time the pflog > header was changed, that could be done. Unfortunately, that hasn't > happened (at least one OpenBSD change doesn't appear to have been > accompanied by a DLT_ value change), so, at least for formats used in > the past, that can't be fixed. > > Given that, unless the various systems supporting pflog interfaces are > willing to agree to have, in the future, different DLT_ values for > different pflog headers (which would probably mean introducing new DLT_ > values for all systems, so we can start afresh), my inclination would > be to completely omit support for pflog files on systems that don't > have a <net/if_pflog.h> header. (Unfortunately, we can't handle the > case of a pflog file from, for example, OpenBSD 3.4 through 3.7 being > read on OpenBSD 3.8 through 4.1 - the header format changed, but the > DLT_ value didn't - so the only way to detect that is to see that > tcpdump etc. just show junk.) > > As such, I'd be willing to check the change in - if it were modified to > completely remove DLT_PFLOG support if there is no <net/if_pflog.h> > header, as a change to make it handle only headers for the OS and > version on which it's built would imply no support if a given > OS+version doesn't *have* pflog.
I'll resubmit a changed version of the patch tomorrow. Thanks. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
signature.asc
Description: This is a digitally signed message part.
