$OpenBSD: patch-src_decode_c,v 1.1 2012/04/07 08:31:39 mcbride Exp $
--- src/decode.c.orig	Fri Mar 19 02:50:54 2010
+++ src/decode.c	Sat Mar 24 11:23:57 2012
@@ -2343,20 +2343,36 @@ void DecodePflog(Packet * p, const struct pcap_pkthdr 
         return;
     }
     /* lay the pf header structure over the packet data */
-    if ( *((uint8_t*)pkt) < PFLOG3_HDRMIN )
+    switch(*((uint8_t*)pkt))
     {
-        p->pf2h = (Pflog2Hdr*)pkt;
-        pflen = p->pf2h->length;
-        hlen = PFLOG2_HDRLEN;
-        af = p->pf2h->af;
+        case PFLOG2_HDRMIN:
+            p->pf2h = (Pflog2Hdr*)pkt;
+            pflen = p->pf2h->length;
+            hlen = PFLOG2_HDRLEN;
+            af = p->pf2h->af;
+            break;
+        case PFLOG3_HDRMIN:
+            p->pf3h = (Pflog3Hdr*)pkt;
+            pflen = p->pf3h->length;
+            hlen = PFLOG3_HDRLEN;
+            af = p->pf3h->af;
+            break;
+        case PFLOG4_HDRMIN:
+            p->pf4h = (Pflog4Hdr*)pkt;
+            pflen = p->pf4h->length;
+            hlen = PFLOG4_HDRLEN;
+            af = p->pf4h->af;
+            break;
+        default:
+            if (ScLogVerbose())
+            {
+                ErrorMessage("unrecognized pflog header length! "
+                        "(%d)\n", *((uint8_t*)pkt));
+            }
+            PREPROC_PROFILE_END(decodePerfStats);
+            return;
     }
-    else
-    {
-        p->pf3h = (Pflog3Hdr*)pkt;
-        pflen = p->pf3h->length;
-        hlen = PFLOG3_HDRLEN;
-        af = p->pf3h->af;
-    }
+   
     /* now that we know a little more, do a little more validation */
     if(p->pkth->caplen < hlen)
     {