Ethereal-dev: Re: [Ethereal-dev] bug in ethereal version 0.9.11 concerning pflog

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 15 May 2003 00:13:22 -0700
On Thu, May 01, 2003 at 09:21:50PM -0400, John Scarfone wrote:
> Looks like you're correct.  This did change between OpenBSD versions 3.2 and 
> 3.3.  I was unaware of that.  The change was made here:  
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfvar.h.diff?r1=1.123&r2=1.124&f=h
> 
> So this isn't really an Ethereal bug.
> 
> It would be nice though if eventually the Ethereal decoding was changed to 
> work with the latest OpenBSD version.

Well, if by "the latest OpenBSD version" you mean "the pflog files in
3.3", it'd be nice for people running Ethereal on 3.3, but not so nice
for people running it on earlier versions or with pflog files from
earlier versions.

It appears that 3.4 might use the DLT_PFLOG value assigned by
tcpdump.org, allowing Ethereal (and tcpdump.org's tcpdump) to
distinguish between the old and new file formats; Can Erkin Acar
contributed a patch to handle both of them, so that should work for 3.2
and earlier systems, and for 3.4 - it doesn't help with 3.3, though, as
they didn't change the DLT_ value.