Date: Sun, 30 Jan 2022 08:51:20 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 261566] Padding of DLT_PFLOG packets should be done differently Message-ID: <bug-261566-227-68vUzbU8wn@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-261566-227@https.bugs.freebsd.org/bugzilla/> References: <bug-261566-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D261566 --- Comment #1 from Guy Harris <gharris@sonic.net> --- Note also that, if you try to read a DLT_PFLOG capture with the OpenBSD str= uct pfloghdr, and round the length up to a multiple of 8, you will *NOT* correc= tly read it. Here's version 1.29 of sys/net/if_pflog.h: =20=20=20 https://cvsweb.openbsd.org/src/sys/net/if_pflog.h?rev=3D1.29&content-type= =3Dtext/x-cvsweb-markup struct pf_addr is 16 bytes (containing a union big enough to hold either an IPv4 or an IPv6 address, as per version 1.505 of sys/net/pfvar.h: =20=20=20 https://cvsweb.openbsd.org/src/sys/net/pfvar.h?rev=3D1.505&content-type=3Dt= ext/x-cvsweb-markup ), IFNAMSIZ is 16, sa_family_t is 1 byte, and uid_t and pid_t are both 4 by= tes, for a total of 1+1+1+1+16+16+4+4+4+4+4+4+1+1+1+1+16+16+2+2 =3D 100 bytes, w= hich is *not* a multiple of 8, although it *is* a multiple of 4. The new-style header was introduced in version 1.8: =20=20=20 https://cvsweb.openbsd.org/src/sys/net/if_pflog.h?rev=3D1.8&content-type=3D= text/x-cvsweb-markup =20=20=20 https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflog.h.diff?r1=3D= 1.7&r2=3D1.8&f=3Dh and they got rid of the "PFLOG_REAL_HDRLEN doesn't include the padding to a 4-byte boundary" stuff in version 1.16: =20=20=20 https://cvsweb.openbsd.org/src/sys/net/if_pflog.h?rev=3D1.16&content-type= =3Dtext/x-cvsweb-markup =20=20=20 https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflog.h.diff?r1=3D= 1.15&r2=3D1.16&f=3Dh --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-261566-227-68vUzbU8wn>