Re: Saving packets with libpcap in PCAPNG format

[Francois-Xavier Le Bail via tcpdump-workers <tcpdump-workers () lists tcpdump org>]

> --- Begin Message ---
>
>
> From: Francois-Xavier Le Bail <devel.fx.lebail () orange fr>
>
> Date: Sat, 20 Nov 2021 20:41:29 +0100
>
> On 06/12/2016 19:32, Guy Harris wrote:
> > On Dec 6, 2016, at 10:15 AM, Martin Dubuc <martind1111 () gmail com> wrote:
> >
> > > I am working on an application that requires to store packets in PCAPNG
> > > format. My understanding is that there isn't support for saving packets in
> > > PCAPNG format in the current code base. I have noticed that Apple has
> > > created an API in its custom version of libpcap (latest version can be
> > > viewed at https://opensource.apple.com/source/libpcap/libpcap-67/libpcap/
> > > and is based on libpcap-1.7.4), and the extension seems to be open source.
> >
> > Open source *but* licensed under the Apple Public Source License Version 2.0:
> >
> >       https://opensource.apple.com/apsl
> >
> > [...]
> >
> > I'm not sure whether the patent-related clauses - especially the "Termination" clause - would cause any vendors or 
> > distributors who currently include libpcap under its patent-clause-free BSD license not to want to include it if it 
> > includes patent clauses of that sort.
> >
> > > Is there a plan to merge this to the libpcap at some point? Or is there
> > > plan to implement something else?
> >
> > My inclination was to implement *some* APIs for reading files (pcapng or pcap, using the same API, so programs can 
> > transparently *read* either file type), with the full capabilities of pcapng supported, and for writing pcapng files, 
> > with a separate implementation.
> >
> > If we can get away with implementing Apple's API independently, under the same BSD license as is used for the rest of 
> > libpcap, and that API can be used to read either pcap or pcapng files, and it supports the full capabilities of 
> > pcapng and allows support for future pcapng capabilities (as well as vendor extensions), that would probably be the 
> > right choice;
>
> It's seems that Apple has changed their license to: "License: BSD."
>
> See:
> https://opensource.apple.com/source/libpcap/libpcap-98.40.1/libpcap/LICENSE.auto.html
> or
> https://opensource.apple.com/source/tcpdump/tcpdump-100.100.2/tcpdump/LICENSE.auto.html
>
> > otherwise, we'll implement a separate API, but try to do so in a way that allows Apple to continue to provide their 
> > API.  (They don't document the API in any man page other than the pcapng man page in the source, so they might 
> > consider it a private interface and be willing to use a different one, especially if, as I expect we'll do, we 
> > provide a version of tcpdump that supports the new API if available.
>
>
> --- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers