Ethereal: Re: [Ethereal-dev] bug in ethereal version 0.9.11 concerning pflog

Ethereal-dev: May 2003

Subject: Re: [Ethereal-dev] bug in ethereal version 0.9.11 concerning pflog
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 15 May 2003 00:13:22 -0700

On Thu, May 01, 2003 at 09:21:50PM -0400, John Scarfone wrote:
> Looks like you're correct.  This did change between OpenBSD versions 3.2 and 
> 3.3.  I was unaware of that.  The change was made here:  
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfvar.h.diff?r1=1.123&r2=1.124&f=h
> 
> So this isn't really an Ethereal bug.
> 
> It would be nice though if eventually the Ethereal decoding was changed to 
> work with the latest OpenBSD version.

Well, if by "the latest OpenBSD version" you mean "the pflog files in
3.3", it'd be nice for people running Ethereal on 3.3, but not so nice
for people running it on earlier versions or with pflog files from
earlier versions.

It appears that 3.4 might use the DLT_PFLOG value assigned by
tcpdump.org, allowing Ethereal (and tcpdump.org's tcpdump) to
distinguish between the old and new file formats; Can Erkin Acar
contributed a patch to handle both of them, so that should work for 3.2
and earlier systems, and for 3.4 - it doesn't help with 3.3, though, as
they didn't change the DLT_ value.

References:
- Re: [Ethereal-dev] bug in ethereal version 0.9.11 concerning pflog
  - From: John Scarfone

Prev by Date: [Ethereal-dev] Fwd: Check-in Request - colorfilters enhancement
Next by Date: Re: [Ethereal-dev] tap registration and packet traversal
Previous by thread: Re: [Ethereal-dev] bug in ethereal version 0.9.11 concerning pflog
Next by thread: Re: [Ethereal-dev] bug in ethereal version 0.9.11 concerning pflog
Index(es):
- Date
- Thread