[nycbug-talk] some C help?

Charles Sprickman spork at bway.net
Mon Mar 12 15:29:56 EDT 2007 

Top posting, don't kill me...

I had a busy weekend, so I did not get a chance to digest all this yet, 
but it looks like I should be able to get this going with all the 
information I've got so far.

Thank you all very much, and yes, that certainly includes Marc for trying 
to teach me a little bit about C.  I have yet to crack that "Learn C in 21 
Days" book that I bought almost a decade ago. :(

Thanks again,

Charles

On Sat, 10 Mar 2007, Brian A. Seklecki wrote:

>>>> spamlogd is using):
>>>>
>>>> listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 68
>>>> bytes
>>>> rule 12/0(match): pass out on fxp0: 10.10.10.9 > 10.10.10.10: [|tcp]
>>>>
>>>> But then it spits this out to syslog:
>
>
> This bug is pretty well documented in a ticket I opened with the NetBSD
> folks on the default size of the "snaplen" size being determined based on
> the presence of the IPv6 at compile-time v.s. run-time v.s "-i" argument.
>
> http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=34733
>
> -s 96 or -s 128 for the win.
>
> ~BAS
>
>
>>>>
>>>> Mar 10 00:09:24 slimjim spamlogd[72636]: invalid ip address 10.10.10
>>>>
>>>> Note the lack of the final octet.
>>>>
>>>> This is (I hope) the area where spamlogd parses the output of tcpdump:
>>>
>>> yes, it is, but no need to analyze it...
>>>
>>> it does its job correctly.
>>>
>>>> That chunk makes very little sense to me.
>>>>
>>>> Can anyone give me a quick shove in the right direction?
>>>
>>> ...and the reason yours is failing is not because of that chunk of code,
>>> but rather your pflog interface.  it should look like:
>>>
>>> 	[blah] 10.10.10.9.XXXX > 10.10.10.10.25: [blah]
>>>
>>> where XXXX is an ephemeral port...basically your log is dropping the
>>> port number. why? i don't know - what does your pf rule look like?
>>
>> oh, and i'll add that -current (and 4.1) doesn't spawn tcpdump any more,
>> but uses pcap directly....plus lots of other yummy features - ask for
>> the port to get upgraded ;)
>> _______________________________________________
>> % NYC*BUG talk mailing list
>> http://lists.nycbug.org/mailman/listinfo/talk
>> %Be sure to check out our Jobs and NYCBUG-announce lists
>> %We meet the first Wednesday of the month
>>
>
> l8*
> 	-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
> 	       http://www.spiritual-machines.org/
>
> "...from back in the heady days when "helpdesk" meant nothing, "diskquota"
> meant everything, and lives could be bought and sold for a couple of pages
> of laser printout - and frequently were."
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>

More information about the talk mailing list