From 869fa88f739e1e0bc1baeb2e13f43aa42415b795 Mon Sep 17 00:00:00 2001
From: Peeter <karu.pruun@gmail.com>
Date: Wed, 7 May 2014 12:17:25 +0900
Subject: [PATCH] pflogd: Make pflogd recognize previous logfile

* scan_dump() must use pcap_sf_pkthdr instead of pcap_pkthdr

* other minor changes to make pdflogd more similar to the FreeBSD version

Changes obtained from FreeBSD
---
 usr.sbin/pflogd/pflogd.c | 46 ++++++++++++++++++++++++++++++++++------------
 1 file changed, 34 insertions(+), 12 deletions(-)

diff --git a/usr.sbin/pflogd/pflogd.c b/usr.sbin/pflogd/pflogd.c
index cc6c476..0026e76 100644
--- a/usr.sbin/pflogd/pflogd.c
+++ b/usr.sbin/pflogd/pflogd.c
@@ -63,7 +63,7 @@ int Debug = 0;
 static int snaplen = DEF_SNAPLEN;
 static int cur_snaplen = DEF_SNAPLEN;
 
-volatile sig_atomic_t gotsig_close, gotsig_alrm, gotsig_hup;
+volatile sig_atomic_t gotsig_close, gotsig_alrm, gotsig_hup, gotsig_usr1;
 
 const char *filename = PFLOGD_LOG_FILE;
 const char *interface = PFLOGD_DEFAULT_IF;
@@ -77,15 +77,18 @@ unsigned int delay = FLUSH_DELAY;
 char *copy_argv(char * const *);
 void  dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
 void  dump_packet_nobuf(u_char *, const struct pcap_pkthdr *, const u_char *);
+void  log_pcap_stats(void);
 int   flush_buffer(FILE *);
 int   if_exists(char *);
 int   init_pcap(void);
+void  logmsg(int, const char *, ...);
 void  purge_buffer(void);
 int   reset_dump(int);
 int   scan_dump(FILE *, off_t);
 int   set_snaplen(int);
 void  set_suspended(int);
 void  sig_alrm(int);
+void  sig_usr1(int);
 void  sig_close(int);
 void  sig_hup(int);
 void  usage(void);
@@ -183,6 +186,12 @@ sig_alrm(int sig __unused)
 }
 
 void
+sig_usr1(int sig __unused)
+{
+	gotsig_usr1 = 1;
+}
+
+void
 set_pcap_filter(void)
 {
 	struct bpf_program bprog;
@@ -372,7 +381,7 @@ int
 scan_dump(FILE *fp, off_t size)
 {
 	struct pcap_file_header hdr;
-	struct pcap_pkthdr ph;
+	struct pcap_sf_pkthdr ph;
 	off_t pos;
 
 	/*
@@ -383,7 +392,7 @@ scan_dump(FILE *fp, off_t size)
 	 *
 	 * XXX this may take a long time for large logs.
 	 */
-	fseek(fp, 0L, SEEK_SET);
+	(void) fseek(fp, 0L, SEEK_SET);
 
 	if (fread((char *)&hdr, sizeof(hdr), 1, fp) != 1) {
 		logmsg(LOG_ERR, "Short file header");
@@ -571,10 +580,22 @@ dump_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 	return;
 }
 
+
+void
+log_pcap_stats(void)
+{
+	struct pcap_stat pstat;
+	if (pcap_stats(hpcap, &pstat) < 0)
+		logmsg(LOG_WARNING, "Reading stats: %s", pcap_geterr(hpcap));
+	else
+		logmsg(LOG_NOTICE,
+               "%u packets received, %u/%ld dropped (kernel/pflogd)",
+               pstat.ps_recv, pstat.ps_drop, packets_dropped);
+}
+
 int
 main(int argc, char **argv)
 {
-	struct pcap_stat pstat;
 	int ch, np, ret, Xflag = 0;
 	pcap_handler phandler = dump_packet;
 	const char *errstr = NULL;
@@ -646,7 +667,8 @@ main(int argc, char **argv)
 		pidfile_write(pfh);
 	}
 
-	umask(S_IRWXG | S_IRWXO);
+	tzset();
+	(void)umask(S_IRWXG | S_IRWXO);
 
 	/* filter will be used by the privileged process */
 	if (argc) {
@@ -673,6 +695,7 @@ main(int argc, char **argv)
 	signal(SIGINT, sig_close);
 	signal(SIGQUIT, sig_close);
 	signal(SIGALRM, sig_alrm);
+	signal(SIGUSR1, sig_usr1);
 	signal(SIGHUP, sig_hup);
 	alarm(delay);
 
@@ -728,6 +751,11 @@ main(int argc, char **argv)
 			gotsig_alrm = 0;
 			alarm(delay);
 		}
+
+		if (gotsig_usr1) {
+			log_pcap_stats();
+			gotsig_usr1 = 0;
+		}
 	}
 
 	logmsg(LOG_NOTICE, "Exiting");
@@ -737,13 +765,7 @@ main(int argc, char **argv)
 	}
 	purge_buffer();
 
-	if (pcap_stats(hpcap, &pstat) < 0)
-		logmsg(LOG_WARNING, "Reading stats: %s", pcap_geterr(hpcap));
-	else
-		logmsg(LOG_NOTICE,
-		    "%u packets received, %u/%ld dropped (kernel/pflogd)",
-		    pstat.ps_recv, pstat.ps_drop, packets_dropped);
-
+	log_pcap_stats();
 	pcap_close(hpcap);
 	if (!Debug)
 		closelog();
-- 
1.9.0