https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6115
--- Comment #6 from Guy Harris <guy@xxxxxxxxxxxx> 2011-08-05 12:30:53 PDT ---
As you've presumably discovered, the answer to "There is a link where the
documentation/specification are available?" is, sadly:
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pfvar.h
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/pf/net/pfvar.h
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dist/pf/net/pfvar.h
http://www.opensource.apple.com/source/xnu/xnu-1699.22.73/bsd/net/pfvar.h
That's it. It can change from OS to OS, it can change from OS release to OS
release, and it's not versioned. This is why tcpdump uses <net/pfvar.h> to
define the format of the capture, so that it doesn't support reading
DLT_PFLOG/LINKTYPE_PFLOG captures at all if the OS doesn't provide net/pfvar.h,
and, if the OS does provide it, it supports reading only captures that match
what the OS header specifies.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.