Re: Request for a DLT value (for nflog)

[Guy Harris <guy () alum mit edu>]

On Jul 13, 2011, at 7:40 PM, Guy Harris wrote:

> On Jun 20, 2011, at 2:17 PM, Jakub Zawadzki wrote:
>
> > On Mon, Jun 20, 2011 at 01:54:43PM -0700, Guy Harris wrote:
> > > Are these structures likely to remain unchanged (other than new TLV types being added, 
> > > and perhaps some TLVs changing length in a backwards-compatible fashion), so that older 
> > > DLT_NFLOG captures won't be rendered unreadable by code that reads newer ones, or does 
> > > this run the risk of changing into a mess like DLT_PFLOG, where the format changes in 
> > > incompatible fashion, so that code that reads newer captures can't read older captures?-
> >
> > In nfgenmsg there's version field,
>
> Well, at least that, plus the length field and the use of TLVs, means that they haven't *completely* screwed up the 
> way the pflog people did, so there's at least some chance that we won't have the same type of mess...
>
> > but I'm not in netfilter dev team,
> > and can't answer these questions.
>
> ...so I might be inclined to assign a single link-layer header type value for NFLOG.

OK, I've assigned 239 and checked in Jakub's patch.  Hopefully the Linux networking people will Do The Right Thing with 
the log format, i.e. if it changes in an incompatible fashion, change the version number.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.