Re: proposed new pcap format

[Guy Harris <guy () alum mit edu>]

On Mar 24, 2004, at 7:28 AM, Darren Reed wrote:

> No, it's not that private :)  What I'm proposing here is a way in
> which people can put custom data into the pcap files without having
> too be too concerned about what values are safe for the type field
> and what values aren't.

A while ago, I was thinking of a somewhat elaborate scheme in which the 
file would have a dictionary specifying attribute names (using some 
scheme based on DNS names for the organization developing them; 
organizations with no domain could ask for a "private.tcpdump.org" 
space, perhaps) and tag values, with the tag values in question being 
used in the file.  The intent was to avoid a central registry for the 
space of attributes (and not to have to stick a string in every 
attribute).

Stuart Cheshire convinced me that this wasn't necessarily an issue - he 
indicated that the registration mechanism for RFC 2782 service types 
worked pretty well and that central registries aren't *always* a 
problem.

Are we sure that enough people will be asking for data types that we 
can't just say "ask us for a type value, we'll give one to you"?  That 
seems to have worked pretty well for DLT_ values so far.  If they 
*truly* want it to be private, they can just ask for a number and we'll 
give it to them, just as we give out private-use DLT_ values such as 
the ones used by Cisco, Juniper, and IBM.

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe