netbsd-bugs: bin/34733: tcpdump(8) requires default snaplen

Subject: bin/34733: tcpdump(8) requires default snaplen > 68 for pflog(4)
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <bseklecki@collaborativefusion.com>
List: netbsd-bugs
Date: 10/06/2006 14:40:00

>Number:         34733
>Category:       bin
>Synopsis:       tcpdump(8) requires default snaplen > 68 for pflog(4)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Oct 06 14:40:00 +0000 2006
>Originator:     Brian A. Seklecki
>Release:        NetBSD 3.0_STABLE
>Organization:
Collaborative Fusion, Inc.
>Environment:
NetBSD 3.0_STABLE (GENERIC+IPSEC-$Revision: 1.169.4.2 $) #3: Wed Jul 12 20:10:13 EDT 2006

>Description:
FreeBSD and OpenBSD have upped the default snaplen (-s #) to thier in-tree tcpdump(8) to 96 to accomodate for additional packet-level info (such as source and destination TCP/UDP ports) which get truncated by the present NetBSD default snaplen of 68, marginalizing the usefullness of pflog(4) without special flags to tcpdump(8).
>How-To-Repeat:
Run the tcpdump(8) example in pflog(4) w/o "-s 96"
>Fix:
-) Append the flag to your tcpdump(8) command
-) Patch the tcpdump(8) example command in pflog(4)
-) Change the default snaplen in tcpdump 

I will check with the upstream vendor to see what's up.

~BAS