From owner-freebsd-bugs@FreeBSD.ORG  Wed Jan 30 10:20:01 2013
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 70268CB3
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Wed, 30 Jan 2013 10:20:01 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 63005D2E
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Wed, 30 Jan 2013 10:20:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r0UAK1ho071123
 for <freebsd-bugs@freefall.freebsd.org>; Wed, 30 Jan 2013 10:20:01 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r0UAK1gj071122;
 Wed, 30 Jan 2013 10:20:01 GMT (envelope-from gnats)
Date: Wed, 30 Jan 2013 10:20:01 GMT
Message-Id: <201301301020.r0UAK1gj071122@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: Re: misc/175645: tcpdump incorrectly decodes pflog'ged UDP packet as
 ATALK
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: Gleb Smirnoff <glebius@FreeBSD.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2013 10:20:01 -0000

The following reply was made to PR bin/175645; it has been noted by GNATS.

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Dmitry Dvoinikov <dmitry@targeted.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/175645: tcpdump incorrectly decodes pflog'ged UDP packet as
 ATALK
Date: Wed, 30 Jan 2013 14:15:11 +0400

 On Mon, Jan 28, 2013 at 09:09:27AM +0000, Dmitry Dvoinikov wrote:
 D> >Environment:
 D> FreeBSD foo 8.3-RELEASE-p5 FreeBSD 8.3-RELEASE-p5 #1: Wed Dec 12 23:29:24 YEKT 2012     admin@foo:/opt/obj/opt/src/sys/FOO  i386
 D> >Description:
 D> Some UDP packet, saved by pflog, is decoded incorrectly as ATALK.
 D> 
 D> tcpdump output:
 D> 
 D> # tcpdump -r packet.pcap 
 D> reading from file packet.pcap, link-type PFLOG (OpenBSD pflog file)
 D> 11:22:11.296532 IP 115.61.0.254 > 143.12.228.91: at-#100 5
 D> 
 D> whereas the (presumably correct) wireshark output:
 D> 
 D> Frame 1: 110 bytes on wire (880 bits), 110 bytes captured (880 bits)
 D> PF Log IPv4 pass on ifc by rule 0
 D> Internet Protocol Version 4, Src: 172.30.0.11 (172.30.0.11), Dst: 193.120.212.22 (193.120.212.22)
 D> User Datagram Protocol, Src Port: 55573 (55573), Dst Port: 16605 (16605)
 D> Data (18 bytes)
 D> 
 D> 
 D> >How-To-Repeat:
 D> openssl base64 -d > packet.pcap << EOF
 D> 1MOyoQIABAAAAAAAAAAAAHQAAAB1AAAAAwsGUVSGBABuAAAAbgAAAD0CAABpZmMA
 D> AAAAAAAAAAAAAAAAYW5jaG9yX25hbWUAAAAAAAAAABwAAAAC/////6CGAQAAAAAA
 D> ggUAAAEAAABFAAAuAABAAEAR+QasHgALwXjUFtkVQN0AGrhGUxUCmI8Mcz3kAFv+
 D> ZGyAi27Z
 D> EOF
 
 Was this packet recorded on FreeBSD or on OpenBSD system?
 
 -- 
 Totus tuus, Glebius.