Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 6115] pflog dissector outdated

Date: Fri, 5 Aug 2011 12:30:54 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6115

--- Comment #6 from Guy Harris <guy@xxxxxxxxxxxx> 2011-08-05 12:30:53 PDT ---
As you've presumably discovered, the answer to "There is a link where the
documentation/specification are available?" is,  sadly:

    http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfvar.h

    http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/pf/net/pfvar.h

    http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dist/pf/net/pfvar.h

    http://www.opensource.apple.com/source/xnu/xnu-1699.22.73/bsd/net/pfvar.h

That's it.  It can change from OS to OS, it can change from OS release to OS
release, and it's not versioned.  This is why tcpdump uses <net/pfvar.h> to
define the format of the capture, so that it doesn't support reading
DLT_PFLOG/LINKTYPE_PFLOG captures at all if the OS doesn't provide net/pfvar.h,
and, if the OS does provide it, it supports reading only captures that match
what the OS header specifies.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.