pflog: note why we can't handle this all at run time. [skip ci]

I.e., we could handle *some* differences between pflog types at run time by looking at the length of the header, but we can't handle all of them, because the NetBSD, DragonFly BSD, and Darwin headers are all the same length, and there's at least one way that NetBSD and Darwin pflog files would have to be dissected differently.
2024-11-23 01:53:55 +08:00 · 2024-09-09 14:48:16 -07:00 · 2024-09-09 14:48:16 -07:00 · a9a8f757b9
commit a9a8f757b9
parent a271c5ecb9
1 changed files with 18 additions and 0 deletions
--- a/print-pflog.c
+++ b/print-pflog.c
@ -47,6 +47,24 @@ struct pf_addr {
 #define v6	pfa.v6
 };

+/*
+ * This header is:
+ *
+ *    61 bytes long on NetBSD, DragonFly BSD. and Darwin;
+ *    84 bytes lon on OpenBSD;
+ *    72 bytes long on FreeBSD;
+ *
+ * which, unfortunately, does not allow us to distinguish, based on
+ * the header length, between the three OSes listed as having 61-byte
+ * headers.  As the action values differ between them, this makes it
+ * impossible to correctly dissect the reason values that differ
+ * between NetBSD and Darwin (reason value 15) without having some
+ * way to explicitly tell tcpdump what to do.
+ *
+ * (We could, I guess, label reason value 15 as
+ * "state-locked (NetBSD)/dummynet (macOS etc.)" or something such as
+ * that.)
+ */
 struct pfloghdr {
 	nd_uint8_t	length;
 	nd_uint8_t	af;