Re: Re: [design] test failures in HEAD

[Bill Fenner <fenner () research att com>]

Actually, another option is to just ditch compatability for
the original pflog header.  Here's my thinking:

pflog is (has been) only on OpenBSD, and their native tcpdump didn't
 translate the DLT, so the only dump files that exist have the old header
 as 17 and the new header as 117.
[this assumption is negated for anyone who used tcpdump.org's tcpdump
on OpenBSD].

If we just pretend that 117 was what was assigned to the new header,
 we can save a lot of backwards compatability cruft by just saying that
 our tcpdump/libpcap simply doesn't support the old header.

So, what I guess we need to decide is what's the probability of
people having old dumps that were written by tcpdump.org's tcpdump?
We won't be able to decode the old dumps written by OpenBSD's tcpdump
either way.

I think that we'd be better off with no backwards compatability and
using 117 for the new pflog.  It's a lot of cruft for something that
the OS vendor themselves don't support any more.  It's nice to say
that we will never invalidate any dump files, but it seems like a
very small probability that there will be any such dump files . . .

  Bill
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe