On Tue, Jan 28, 2003 at 04:46:35PM -0500, jolan wrote: > On Tue, Jan 28, 2003 at 10:37:30PM +0100, Henning Brauer wrote: > > thx for the verification, I'll have a look. > > fwiw, i'm seeing this too.. now that i'm looking for it :)
This looks very weird, almost as if the snapshots were not properly built. Can you fetch the -current source for sys/net/pfvar.h and usr.sbin/tcpdump, then cp /usr/src/sys/net/pfvar.h /usr/include/net/ cd /usr/src/usr.sbin/tcpdump/ rm -rf obj/* rm -rf obj make obj make make install And then try to repeat the behavior? If all sources are completely updated to -current, and the entire system is rebuilt, there's no way tcpdump could still be built from an outdated pfvar.h. Yet that's what would explain the messages you quoted. You're not running old pcap files through a new tcpdump, right? The binary format for pflog entries has slightly changed... Daniel
