> I'm probably missing something here, but mine looks OK:
> 27. 464232 rule 0/0(match): block in on pppoe0:
> IP (tos 0x0, ttl  59, id 9203, offset 0, flags [DF], length: 48)
> 196.43.2.30.56771 > 165.165.203.193.25: S [tcp sum ok]
> 3012356060:3012356060(0) win 24820 <nop,nop,sackOK,mss 1440>

Interesting.  I was entertaining the idea tha tit may be a configuration 
issue.  Your pf.conf(5) has a 'block log all' near the beginning?

There is an issue of an "old pflog format" v.s. the current one, but I 
think we can rule that out.

~BAS


> (line wrapped manually for readability).
>
> This is on a NetBSD 3.0_STABLE system, custom kernel with pf built in
> rather than an lkm, running the following:
> tcpdump version 3.8.3
> libpcap version 0.8.3
>
> -mj
> -- 
> Michael-John Turner | http://mjturner.net/
> mj@turner.org.za    | Open Source in WC ZA - http://www.clug.org.za/
>

l8*
 	-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
 	       http://www.spiritual-machines.org/

"...from back in the heady days when "helpdesk" meant nothing, "diskquota"
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were."