[nycbug-talk] some C help?
Brian A. Seklecki
lavalamp at spiritual-machines.org
Sat Mar 10 17:16:52 EST 2007
>>> spamlogd is using):
>>> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68
>>> rule 12/0(match): pass out on fxp0: 10.10.10.9 > 10.10.10.10: [|tcp]
>>> But then it spits this out to syslog:
This bug is pretty well documented in a ticket I opened with the NetBSD
folks on the default size of the "snaplen" size being determined based on
the presence of the IPv6 at compile-time v.s. run-time v.s "-i" argument.
-s 96 or -s 128 for the win.
>>> Mar 10 00:09:24 slimjim spamlogd: invalid ip address 10.10.10
>>> Note the lack of the final octet.
>>> This is (I hope) the area where spamlogd parses the output of tcpdump:
>> yes, it is, but no need to analyze it...
>> it does its job correctly.
>>> That chunk makes very little sense to me.
>>> Can anyone give me a quick shove in the right direction?
>> ...and the reason yours is failing is not because of that chunk of code,
>> but rather your pflog interface. it should look like:
>> [blah] 10.10.10.9.XXXX > 10.10.10.10.25: [blah]
>> where XXXX is an ephemeral port...basically your log is dropping the
>> port number. why? i don't know - what does your pf rule look like?
> oh, and i'll add that -current (and 4.1) doesn't spawn tcpdump any more,
> but uses pcap directly....plus lots of other yummy features - ask for
> the port to get upgraded ;)
> % NYC*BUG talk mailing list
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
"...from back in the heady days when "helpdesk" meant nothing, "diskquota"
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were."
More information about the talk