Hey Stuart, Yes, your diff is better. Thanks for commiting it.
Best, --Kor On Mon, Jun 24, 2024 at 6:31 PM Stuart Henderson <s...@spacehopper.org> wrote: > > thanks, I've committed a tweaked version (using the size from the system > header rather than a fixed value). > > On 2024/06/24 17:39, K R wrote: > > >Synopsis: ngrep can't read OpenBSD pflog files > > >Category: ports amd64 > > > > >Environment: > > System : OpenBSD 7.5 > > Details : OpenBSD 7.5-current (GENERIC) #146: Sun Jun 23 > > 21:58:39 MDT 2024 > > > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC > > > > Architecture: OpenBSD.amd64 > > Machine : amd64 > > > > >Description: > > tcpdump works as expected: > > > > vm# tcpdump -nlq -r /var/log/pflog -c 1 > > 18:38:59.703428 fd00::1.32597 > fd00::2.12345: tcp 0 [class 0x10] > > [flowlabel 0x9608d] > > > > But ngrep won't read OpenBSD pflog files correctly, including > > timestamps: > > > > vm# ngrep -q -t -I /var/log/pflog -n 1 > > input: /var/log/pflog > > filter: (ip || ip6) > > > > ? 95740049/05/04 19:23:47.703428 P$.N.| -> #1 > > > > ........._.......................................U09a.`..,.@............... > > ..................U096#.r......@.3e.. > > > > >How-To-Repeat: > > ngrep -q -t I /var/log/pflog > > > > >Fix: > > Please have a look at the patch files attached, they seem to > > fix the problem. > > > > Thanks, > > --Kor > > >
