https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261566
--- Comment #1 from Guy Harris <ghar...@sonic.net> --- Note also that, if you try to read a DLT_PFLOG capture with the OpenBSD struct pfloghdr, and round the length up to a multiple of 8, you will *NOT* correctly read it. Here's version 1.29 of sys/net/if_pflog.h: https://cvsweb.openbsd.org/src/sys/net/if_pflog.h?rev=1.29&content-type=text/x-cvsweb-markup struct pf_addr is 16 bytes (containing a union big enough to hold either an IPv4 or an IPv6 address, as per version 1.505 of sys/net/pfvar.h: https://cvsweb.openbsd.org/src/sys/net/pfvar.h?rev=1.505&content-type=text/x-cvsweb-markup ), IFNAMSIZ is 16, sa_family_t is 1 byte, and uid_t and pid_t are both 4 bytes, for a total of 1+1+1+1+16+16+4+4+4+4+4+4+1+1+1+1+16+16+2+2 = 100 bytes, which is *not* a multiple of 8, although it *is* a multiple of 4. The new-style header was introduced in version 1.8: https://cvsweb.openbsd.org/src/sys/net/if_pflog.h?rev=1.8&content-type=text/x-cvsweb-markup https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflog.h.diff?r1=1.7&r2=1.8&f=h and they got rid of the "PFLOG_REAL_HDRLEN doesn't include the padding to a 4-byte boundary" stuff in version 1.16: https://cvsweb.openbsd.org/src/sys/net/if_pflog.h?rev=1.16&content-type=text/x-cvsweb-markup https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflog.h.diff?r1=1.15&r2=1.16&f=h -- You are receiving this mail because: You are the assignee for the bug.
