Index: pfflowd/ChangeLog
diff -u pfflowd/ChangeLog:1.5 pfflowd/ChangeLog:1.8
--- pfflowd/ChangeLog:1.5	Fri Aug 15 12:09:32 2003
+++ pfflowd/ChangeLog	Mon Feb 16 14:31:32 2004
@@ -1,3 +1,11 @@
+20030216
+ - (djm) Make this work with -current pfsync
+ - (djm) Add support for older pfsync (<=3.4) with -DOLD_PFSYNC flag
+ - (djm) Release pfflowd-0.4
+
+20031109
+ - (djm) Lock underlying BPF device using ioctl available in OpenBSD 3.5
+
 20030815
  - (djm) Add -n option to usage message. Spotted by jose AT monkey.org
  - (djm) Document current issues in manpage
Index: pfflowd/Makefile
diff -u pfflowd/Makefile:1.1.1.1 pfflowd/Makefile:1.2
--- pfflowd/Makefile:1.1.1.1	Sun Jun 22 13:42:25 2003
+++ pfflowd/Makefile	Mon Feb 16 14:30:46 2004
@@ -9,6 +9,9 @@
 
 CFLAGS=-g -O $(WARNFLAGS)
 
+# Uncomment this if you are using pfflowd on OpenBSD <=3.4
+#CFLAGS+=-DOLD_PFSYNC
+
 TARGETS=pfflowd
 
 all: $(TARGETS)
@@ -21,3 +24,4 @@
 
 strip:
 	strip $(TARGETS)
+
Index: pfflowd/README
diff -u pfflowd/README:1.3 pfflowd/README:1.5
--- pfflowd/README:1.3	Fri Aug 15 12:09:32 2003
+++ pfflowd/README	Mon Feb 16 14:30:46 2004
@@ -4,12 +4,6 @@
 over its pfsync(4) interface to Cisco NetFlow(tm) datagrams. These UDP 
 datagrams are then exported to a host of your choice.
 
-PLEASE NOTE: pfflowd required kernel changes to pffsync committed after
-OpenBSD 3.3 was released. The included pfsync-bidi-3.3.diff should
-bring this support, but the diff is *completely* untested and unsupported.
-Please don't complain to me or the OpenBSD mailing lists of this diff 
-doesn't work (or if it breaks your kernel).
-
 More details about pfflowd's function and usage may be found in the
 supplied manpage, which you can view prior to installation using 
 
@@ -21,6 +15,18 @@
 Please report bugs in softflowd to http://bugzilla.mindrot.org/ If you find
 a security bug, please report it directly by email. If you have any feedback
 or questions, please email me: 
+
+PLEASE NOTE: 
+
+1. By default, pfflowd only supports OpenBSD -current as of 2004-02-16. 
+This can be changed by setting the OLD_PFSYNC flag in the Makefile, in 
+which case pfflowd will support only OpenBSD <= 3.4.
+
+2. pfflowd required kernel changes to pffsync committed after OpenBSD 3.3 
+was released. The included pfsync-bidi-3.3.diff should bring this support, 
+but the diff is *completely* untested and unsupported.  Please don't 
+complain to me or the OpenBSD mailing lists of this diff doesn't work 
+(or if it breaks your kernel).
 
 Damien Miller <djm@mindrot.org>
 
Index: pfflowd/pfflowd.8
diff -u pfflowd/pfflowd.8:1.3 pfflowd/pfflowd.8:1.4
--- pfflowd/pfflowd.8:1.3	Fri Aug 15 12:01:45 2003
+++ pfflowd/pfflowd.8	Sun Nov  9 11:50:54 2003
@@ -1,4 +1,4 @@
-.\" $Id: pfflowd.8,v 1.3 2003/08/15 02:01:45 djm Exp $
+.\" $Id: pfflowd.8,v 1.4 2003/11/09 00:50:54 djm Exp $
 .\"
 .\" Copyright (c) 2003 Damien Miller.  All rights reserved.
 .\"
@@ -105,7 +105,13 @@
 to ignore the specified traffic.
 .Sh BUGS
 A bpf program specified on the commandline does not do what one may expect
-(select traffic for accounting).
+(i.e. select traffic for accounting). 
+Rather, it doesn't do much at all.
+To select traffic for accounting, use the 
+.Ar no-sync
+argument in pf.conf. This argument is available in  
+.Ox 3.5
+and later.
 .Pp
 Flows over 2^31 bytes will be incorrectly accounted as the in-kernel byte 
 counter will wrap around.
Index: pfflowd/pfflowd.c
diff -u pfflowd/pfflowd.c:1.6 pfflowd/pfflowd.c:1.9
--- pfflowd/pfflowd.c:1.6	Fri Aug 15 12:11:37 2003
+++ pfflowd/pfflowd.c	Mon Feb 16 14:30:46 2004
@@ -22,9 +22,10 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* $Id: pfflowd.c,v 1.6 2003/08/15 02:11:37 djm Exp $ */
+/* $Id: pfflowd.c,v 1.9 2004/02/16 03:30:46 djm Exp $ */
 
 #include <sys/types.h>
+#include <sys/ioctl.h>
 #include <sys/time.h>
 #include <sys/socket.h>
 #include <sys/poll.h>
@@ -42,6 +43,7 @@
 #include <errno.h>
 #include <pcap.h>
 #include <pwd.h>
+#include <grp.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -63,6 +65,14 @@
 #define DEFAULT_INTERFACE	"pfsync0"
 #define LIBPCAP_SNAPLEN		2020	/* Default MTU */
 
+#ifdef OLD_PFSYNC
+# define _PFSYNC_STATE		pf_state
+# define _PFSYNC_VER		1
+#else
+# define _PFSYNC_STATE		pfsync_state
+# define _PFSYNC_VER		2
+#endif
+
 static int verbose_flag = 0;		/* Debugging flag */
 static int exit_flag = 0;		/* Signal handler flags */
 static struct timeval start_time;	/* "System boot" time, for SysUptime */
@@ -280,7 +290,7 @@
 
 	ph = (const struct pfsync_header*)pkt;
 
-	if (ph->version != 1) {
+	if (ph->version != _PFSYNC_VER) {
 		syslog(LOG_WARNING, "Unsupported pfsync version %d, skipping",
 		    ph->version);
 		/* XXX - exit */
@@ -301,7 +311,7 @@
 
 	hdr = (struct NF1_HEADER *)packet;
 	for(num_packets = offset = j = i = 0; i < ph->count; i++) {
-		const struct pf_state *st;
+		const struct _PFSYNC_STATE *st;
 		struct pf_state_host src, dst;
 		u_int32_t bytes_in, bytes_out;
 		u_int32_t packets_in, packets_out;
@@ -336,7 +346,7 @@
 			offset = sizeof(*hdr);
 		}
 
-		st = (const struct pf_state *)(pkt + off);
+		st = (const struct _PFSYNC_STATE *)(pkt + off);
 		if (st->af != AF_INET)
 			continue; /* XXX IPv6 support */
 
@@ -473,6 +483,18 @@
 			exit(1);
 		}
 	}
+#ifdef BIOCLOCK
+	/*
+	 * If we are reading from an device (not a file), then 
+	 * lock the underlying BPF device to prevent changes in the 
+	 * unprivileged child
+	 */
+	if (dev != NULL && ioctl(pcap_fileno(*pcap), BIOCLOCK) < 0) {
+		fprintf(stderr, "ioctl(BIOCLOCK) failed: %s\n",
+		    strerror(errno));
+		exit(1);
+	}
+#endif
 }
 
 static char *