Re: text format stability

[Guy Harris <guy () alum mit edu>]

On Jun 25, 2004, at 2:21 PM, Christian Kreibich wrote:

> an XML based tcpdump output would
> be great in the long term -- it would certainly eliminate a lot of
> parsing ambiguity.

Yes - the problem with the traditional UNIX "the output of one program 
should be usable as input to another program" idea is that this often 
means that the output of the program is made less friendly to people 
reading it, in a well-intentioned attempt to make it more parseable by 
another program, *but*, as the developer didn't want the otuptu of the 
program to be completely *unreadable* by humans, it's also not in a 
form that's all that convenient for scripts to parse, so you end up 
with something that attempts to serve more than one master and doesn't 
serve either all that well.

XML output isn't particularly pleasant for humans to read, but there's 
a lot of software out there that can presumably consume it fairly 
easily; tcpdump could offer a choice of XML output (which wouldn't be 
designed with much care for ease of reading by humans, but would be 
relatively straightforward for a program to parse) or human-oriented 
output (which could change its format over time if that makes it more 
readable by humans, and wouldn't have to be particularly easy to parse 
in a script).

Along those lines, Tethereal currently offers the ability to output 
either one-line summary information, a detailed multi-line parse, *or* 
PDML XML-based dissection for packets.  See

        http://analyzer.polito.it/30alpha/docs/dissectors/PDMLSpec.htm

for the PDML specification.

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.