From: Guy Harris <gharris@sonic.net>
Date: Mon, 9 Sep 2024 21:48:16 +0000 (-0700)
Subject: pflog: note why we can't handle this all at run time. [skip ci]
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/a9a8f757b99dd623d3900aab92fdae18263b7ce5

pflog: note why we can't handle this all at run time. [skip ci]

I.e., we could handle *some* differences between pflog types at run time
by looking at the length of the header, but we can't handle all of them,
because the NetBSD, DragonFly BSD, and Darwin headers are all the same
length, and there's at least one way that NetBSD and Darwin pflog files
would have to be dissected differently.
---

diff --git a/print-pflog.c b/print-pflog.c
index 3d72716d..0e79b706 100644
--- a/print-pflog.c
+++ b/print-pflog.c
@@ -47,6 +47,24 @@ struct pf_addr {
 #define v6	pfa.v6
 };
 
+/*
+ * This header is:
+ *
+ *    61 bytes long on NetBSD, DragonFly BSD. and Darwin;
+ *    84 bytes lon on OpenBSD;
+ *    72 bytes long on FreeBSD;
+ *
+ * which, unfortunately, does not allow us to distinguish, based on
+ * the header length, between the three OSes listed as having 61-byte
+ * headers.  As the action values differ between them, this makes it
+ * impossible to correctly dissect the reason values that differ
+ * between NetBSD and Darwin (reason value 15) without having some
+ * way to explicitly tell tcpdump what to do.
+ *
+ * (We could, I guess, label reason value 15 as
+ * "state-locked (NetBSD)/dummynet (macOS etc.)" or something such as
+ * that.)
+ */
 struct pfloghdr {
 	nd_uint8_t	length;
 	nd_uint8_t	af;