Package: ulogd-pcap Version: 1.23-3 Severity: important On an amd64 system, logging packets with the plugin ulogd_PCAP.so produces an unreadable tcpdump file.
# tcpdump -n -r /var/log/ulog/pcap.log reading from file /var/log/ulog/pcap.log, link-type RAW (Raw IP) tcpdump: pcap_loop: bogus savefile header The problem stems from the fact that libpcap internally uses its own system-independent definition of `struct timeval' for the header struct, whereas `struct timeval' as defined in the `pcap_pkthdr' struct included from <pcap.h> varies with different systems. An equivalent bug report[1] has already been filed with Gentoo where the problem is described in detail. Could you have a look at their proposed fix[2] to ulogd_PCAP.c? It is working perfectly here. [1] http://bugs.gentoo.org/show_bug.cgi?id=91416 [2] http://bugs.gentoo.org/attachment.cgi?id=63824 -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (700, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13-1-amd64-k8 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages ulogd-pcap depends on: ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libpcap0.7 0.7.2-7 System interface for user-level pa ii ulogd 1.23-3 The Netfilter Userspace Logging Da ulogd-pcap recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
