bin/42780: tcpdump (8) fails to apply filter expressions to DLT_PFLOG packets

[l.illanes%gmx.de@localhost]

>Number:         42780
>Category:       bin
>Synopsis:       tcpdump (8) fails to apply filter expressions to DLT_PFLOG 
>packets
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 09 16:25:00 +0000 2010
>Originator:     Lucio Albornoz
>Release:        5.0.1
>Organization:
>Environment:
NetBSD amal.local 5.0.1 NetBSD 5.0.1 (AMAL) #9: Mon Oct 26 01:55:04 CET 2009  
toor%amal.local@localhost:/usr/src/sys/arch/i386/compile/AMAL i386
>Description:
  Attempting to apply filter expressions to either a packet capture
dump (e.g. `-r',) or via live capture from a pflog (4) interface
reproducibly yields zero (0) matching packets;  the culprit here
appears to be NetBSD's in-tree libpcap, which calculates a pflog (4)
header size that is shorter than the actual header prepended by
the kernel's corresponding logic.

  The attached diff fixes this by updating the pfloghdr struct
definition from net/pflog.h.
>How-To-Repeat:
tcpdump (8) from a live pflog (4) interface, or a packet dump captured
from an instance of the former, applying a filter expression which would
otherwise match packets.
>Fix:
--- pf.h.orig   2010-02-09 17:02:25.000000000 +0100
+++ pf.h        2010-02-09 17:04:06.000000000 +0100
@@ -56,22 +56,30 @@
 
 #define PF_RULESET_NAME_SIZE   16
 
-/*     from $OpenBSD: if_pflog.h,v 1.9 2003/07/15 20:27:27 dhartmei Exp $ */
-
 #ifndef IFNAMSIZ
 #define        IFNAMSIZ        16
 #endif
 
+/*     from $NetBSD: if_pflog.h,v 1.5 2008/06/18 09:06:27 yamt Exp $   */
+/*     $OpenBSD: if_pflog.h,v 1.14 2006/10/25 11:27:01 henning Exp $ */
+
+#define PFLOG_RULESET_NAME_SIZE 16
+
 struct pfloghdr {
        u_int8_t        length;
-       u_int8_t        af;
+       sa_family_t     af;
        u_int8_t        action;
        u_int8_t        reason;
        char            ifname[IFNAMSIZ];
-       char            ruleset[PF_RULESET_NAME_SIZE];
+       char            ruleset[PFLOG_RULESET_NAME_SIZE];
        u_int32_t       rulenr;
        u_int32_t       subrulenr;
+       uid_t           uid;
+       pid_t           pid;
+       uid_t           rule_uid;
+       pid_t           rule_pid;
        u_int8_t        dir;
        u_int8_t        pad[3];
 };
+
 #define PFLOG_HDRLEN           sizeof(struct pfloghdr)