pflog: note why we can't handle this all at run time. [skip ci]

I.e., we could handle *some* differences between pflog types at run time
by looking at the length of the header, but we can't handle all of them,
because the NetBSD, DragonFly BSD, and Darwin headers are all the same
length, and there's at least one way that NetBSD and Darwin pflog files
would have to be dissected differently.

diff --git a/print-pflog.c b/print-pflog.c
index 3d72716d0d677327618505d46f988ae740ae1438..0e79b70644795d354854602222d5ef8d1d3fd201 100644 (file)
--- a/print-pflog.c
+++ b/print-pflog.c
@@ -47,6 +47,24 @@ struct pf_addr {
 #define v6     pfa.v6
 };
 
+/*
+ * This header is:
+ *
+ *    61 bytes long on NetBSD, DragonFly BSD. and Darwin;
+ *    84 bytes lon on OpenBSD;
+ *    72 bytes long on FreeBSD;
+ *
+ * which, unfortunately, does not allow us to distinguish, based on
+ * the header length, between the three OSes listed as having 61-byte
+ * headers.  As the action values differ between them, this makes it
+ * impossible to correctly dissect the reason values that differ
+ * between NetBSD and Darwin (reason value 15) without having some
+ * way to explicitly tell tcpdump what to do.
+ *
+ * (We could, I guess, label reason value 15 as
+ * "state-locked (NetBSD)/dummynet (macOS etc.)" or something such as
+ * that.)
+ */
 struct pfloghdr {
        nd_uint8_t      length;
        nd_uint8_t      af;