pflog: handle all types of pflog files, as best as can be done.

We can distinguish between FreeBSD, OpenBSD, and everything else
(NetBSD, DragonFly BSD, and Darwin) based on the length field in the
header.

For NetBSD, DragonFly BSD, and Darwin, the differences are the meaning
of certain reason and action codes; we just mark those with the OSes and
meanings, so the user will have to figure out whether reason code 15 is
"state-locked' (NetBSD)" or "dummynet" (Darwin)". The other ones
shouldn't occur on OSes other than Darwin, but we mark it just in case
they do.

Fix the handling of "UID not present"; that's 0xFFFFFFFFU in FreeBSD,
OpenBSD, and DragonFly BSD, but it's 0x7FFFFFFFU in NetBSD and Darwin,
so for "neither NetBSD nor OpenBSD" we check for both of those values.

Do the checks for minimum and maximum header lengths before we round
the header length up.

Author: guyharris

CHANGES

@@ -148,6 +148,7 @@ Friday, August 30, 2024 / The Tcpdump Group
       OSPF: Update LS-Ack printing not to run off the end of the packet.
       OSPF6: Fix an undefined behavior.
       pflog: use nd_ types in struct pfloghdr.
+      pflog: handle all types of pflog files (as best as can be done)
       PPP: Check if there is some data to hexdump.
       PPP: Remove an extra colon before LCP Callback Operation.
       Use the buffer stack for de-escaping PPP; fixes CVE-2024-2397;