tcpdump mailing list archives
Re: Request for a DLT value (for nflog)
From: Guy Harris <guy () alum mit edu>
Date: Tue, 30 Aug 2011 15:28:02 -0700
On Jul 13, 2011, at 7:40 PM, Guy Harris wrote:
On Jun 20, 2011, at 2:17 PM, Jakub Zawadzki wrote:On Mon, Jun 20, 2011 at 01:54:43PM -0700, Guy Harris wrote:Are these structures likely to remain unchanged (other than new TLV types being added, and perhaps some TLVs changing length in a backwards-compatible fashion), so that older DLT_NFLOG captures won't be rendered unreadable by code that reads newer ones, or does this run the risk of changing into a mess like DLT_PFLOG, where the format changes in incompatible fashion, so that code that reads newer captures can't read older captures?-In nfgenmsg there's version field,Well, at least that, plus the length field and the use of TLVs, means that they haven't *completely* screwed up the way the pflog people did, so there's at least some chance that we won't have the same type of mess...but I'm not in netfilter dev team, and can't answer these questions....so I might be inclined to assign a single link-layer header type value for NFLOG.
OK, I've assigned 239 and checked in Jakub's patch. Hopefully the Linux networking people will Do The Right Thing with the log format, i.e. if it changes in an incompatible fashion, change the version number. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: Request for a DLT value (for nflog) Jakub Zawadzki (Jul 05)
- Re: Request for a DLT value (for nflog) Darren Reed (Jul 05)
- <Possible follow-ups>
- Re: Request for a DLT value (for nflog) Guy Harris (Jul 13)
- Re: Request for a DLT value (for nflog) Guy Harris (Aug 30)
- Re: Request for a DLT value (for nflog) Sam Roberts (Jul 14)
- Re: Request for a DLT value (for nflog) Guy Harris (Aug 30)