On Fri, Sep 15, 2006 at 10:15:43PM -0400, Brian A. Seklecki wrote:
> On the same subject, has anyone noticed the different format of pflog(4) 
> on NetBSD v.s. OpenBSD.  Specifically, for ICMP/TCP/UDP, the type/port is 
> absent from the source/destination address:

I'm probably missing something here, but mine looks OK:
27. 464232 rule 0/0(match): block in on pppoe0: 
IP (tos 0x0, ttl  59, id 9203, offset 0, flags [DF], length: 48) 
196.43.2.30.56771 > 165.165.203.193.25: S [tcp sum ok] 
3012356060:3012356060(0) win 24820 <nop,nop,sackOK,mss 1440>

(line wrapped manually for readability).

This is on a NetBSD 3.0_STABLE system, custom kernel with pf built in
rather than an lkm, running the following: 
tcpdump version 3.8.3
libpcap version 0.8.3

-mj
-- 
Michael-John Turner | http://mjturner.net/
mj@turner.org.za    | Open Source in WC ZA - http://www.clug.org.za/