Fix IPv6 identification for pflogs
The pflog decoder does not recognize IPv6 packets generated by pflog on FreeBSD. Is there a way to force Wireshark to decode a packet as IPv6? It's not an option in the decoder.
Also, here's a patch to fix the problem in the source,
--- epan_dissectors_packet-pflog.c.orig 2018-01-27 23:03:34.236836600 -0800
+++ epan_dissectors_packet-pflog.c 2018-01-27 23:00:45.934629700 -0800
@@ -95,6 +95,8 @@
static const value_string pflog_af_vals[] = {
{ BSD_AF_INET, "IPv4" },
{ BSD_AF_INET6_BSD, "IPv6" },
+ { BSD_AF_INET6_FREEBSD, "IPv6" },
+ { BSD_AF_INET6_DARWIN, "IPv6" },
{ 0, NULL }
};
@@ -252,6 +254,8 @@
break;
case BSD_AF_INET6_BSD:
+ case BSD_AF_INET6_FREEBSD:
+ case BSD_AF_INET6_DARWIN:
proto_tree_add_item(pflog_tree, hf_pflog_saddr_ipv6, tvb, offset, 16, ENC_NA);
offset += 16;
@@ -294,6 +298,8 @@
break;
case BSD_AF_INET6_BSD:
+ case BSD_AF_INET6_FREEBSD:
+ case BSD_AF_INET6_DARWIN:
call_dissector(ipv6_handle, next_tvb, pinfo, tree);
break;
@@ -475,6 +481,8 @@
break;
case BSD_AF_INET6_BSD:
+ case BSD_AF_INET6_FREEBSD:
+ case BSD_AF_INET6_DARWIN:
offset += call_dissector(ipv6_handle, next_tvb, pinfo, tree);
break;