tcpdump mailing list archives

Re: text format stability

From: Hannes Gredler <hannes () juniper net>
Date: Thu, 24 Jun 2004 18:43:25 +0200

eddie,

i did most of the vflag changes in the last 18 months
along with my work on the rsvp,bgp,isis,ospf,lmp,rip,pim,eigrp
dissectors;

the rationale behind this is that you get brief one-line
information that is good enough for troubleshooting
and for a detailed information (vv) we switch
to multiline output;

does this break existing scripts ?
most certainly: however we have not yet found out how to
progress the software in terms of new protcols and multilayer
encapsualation support (gre/l2tp/mpls) and still stay 100%
downwards compatible;

my take is that until we change tcpdump output to
an optional machine-parsable output (could be XML,
could be anything else) we cannot solve this issue
fundamentally;

i had some offline discussion with michael and our current
understanding is that we need to progress tcpdump which today just
prints frames to a new structure that builds protocol trees;

on the frame end we finally render the frame to a format
that human|machine prcessors can understand; i.e. decouple
protocol dissection from output rendering;

it would be interesting to know from the community if
such an effort would be seen worthwile;

opinions ?

/hannes


On Wed, Jun 23, 2004 at 01:38:41PM -0700, Eddie Kohler wrote:
| Hi all,
| 
| I've noticed, painfully, that recent minor releases of tcpdump have 
| changed the longstanding format for "tcpdump -v" text output.  This 
| isn't an inherently bad idea, but there are a lot of scripts in the 
| world that parse tcpdump text output, and that are broken by arbitrary 
| format changes.  (For example, I have regression tests that check for 
| particular packet characteristics; comparing to tcpdump text output can 
| be better than pcap files for this purpose.)
| 
| I hope that the tcpdump-workers plan to re-stabilize the tcpdump text 
| format soon, and that the next release will change a major version 
| number, to make the format changes more obvious to users.
| 
| Thanks very much,
| Eddie Kohler


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Current thread:

text format stability Eddie Kohler (Jun 23)
- Re: text format stability Hannes Gredler (Jun 24)
  - Re: text format stability Eddie Kohler (Jun 24)
    - Re: text format stability Jefferson Ogata (Jun 24)
    - Re: text format stability Eddie Kohler (Jun 24)
    - Re: text format stability Hannes Gredler (Jun 25)
    - Re: text format stability Michael Richardson (Jun 25)
    - Re: text format stability Eddie Kohler (Jun 25)
    - Re: text format stability Hannes Gredler (Jun 25)
    - Re: text format stability Eddie Kohler (Jun 25)
    - Re: text format stability Michael Richardson (Jun 30)
    - Re: text format stability Eddie Kohler (Jun 25)

(Thread continues...)