the example script of the manpage feeds awk(1) with values larger
than UINT32_MAX. Then awk prints a negative value, and this
messes up $BPFPROG. Trying to load the resulting bpf byte codes
with ngctl then fails.
For example, the output for PATTERN="udp and dst net 255.255.0.0/16"
should be (all in one line):
bpf_prog_len=10
bpf_prog=[
{ code=40 jt=0 jf=0 k=12 }
{ code=21 jt=7 jf=0 k=34525 }
{ code=21 jt=0 jf=6 k=2048 }
{ code=48 jt=0 jf=0 k=23 }
{ code=21 jt=0 jf=4 k=17 }
{ code=32 jt=0 jf=0 k=30 }
{ code=84 jt=0 jf=0 k=4294901760 }
{ code=21 jt=0 jf=1 k=4294901760 }
{ code=6 jt=0 jf=0 k=8192 }
{ code=6 jt=0 jf=0 k=0 }
]
The two k=4294901760 values are displayed as k=-2147483648 by awk.
Replace the awk script of the manpage example with a slower but
safer version, that doesn't really attempt to convert the byte
code printed by tcpdump from string to number and back.
PR: docs/123255
Submitted by: Eugenio Maffione, eugenio.maffione at telecomitalia.it
MFC after: 3 days
7e7c1896a0