IETF Logo Mail Archive

Re: [babel] info-model: message log

"STARK, BARBARA H" <bs7652@att.com> Wed, 02 January 2019 23:23 UTC

Return-Path: <bs7652@att.com>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9800124BE5 for <babel@ietfa.amsl.com>; Wed, 2 Jan 2019 15:23:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpkc6WpgqzHF for <babel@ietfa.amsl.com>; Wed, 2 Jan 2019 15:23:12 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0a-00191d01.pphosted.com [67.231.149.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98951130E51 for <babel@ietf.org>; Wed, 2 Jan 2019 15:23:12 -0800 (PST)
Received: from pps.filterd (m0048589.ppops.net [127.0.0.1]) by m0048589.ppops.net-00191d01. (8.16.0.22/8.16.0.22) with SMTP id x02L5mM8028685; Wed, 2 Jan 2019 16:14:59 -0500
Received: from alpi154.enaf.aldc.att.com (sbcsmtp6.sbc.com [144.160.229.23]) by m0048589.ppops.net-00191d01. with ESMTP id 2ps4ew0vcv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 02 Jan 2019 16:14:59 -0500
Received: from enaf.aldc.att.com (localhost [127.0.0.1]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x02LEwY8013049; Wed, 2 Jan 2019 16:14:58 -0500
Received: from zlp30488.vci.att.com (zlp30488.vci.att.com [135.47.91.93]) by alpi154.enaf.aldc.att.com (8.14.5/8.14.5) with ESMTP id x02LEsZA012968; Wed, 2 Jan 2019 16:14:54 -0500
Received: from zlp30488.vci.att.com (zlp30488.vci.att.com [127.0.0.1]) by zlp30488.vci.att.com (Service) with ESMTP id 7D3864048C34; Wed, 2 Jan 2019 21:14:54 +0000 (GMT)
Received: from GAALPA1MSGHUBAE.ITServices.sbc.com (unknown [130.8.218.154]) by zlp30488.vci.att.com (Service) with ESMTPS id 690004048C32; Wed, 2 Jan 2019 21:14:54 +0000 (GMT)
Received: from GAALPA1MSGUSRBF.ITServices.sbc.com ([169.254.5.5]) by GAALPA1MSGHUBAE.ITServices.sbc.com ([130.8.218.154]) with mapi id 14.03.0415.000; Wed, 2 Jan 2019 16:14:54 -0500
From: "STARK, BARBARA H" <bs7652@att.com>
To: 'Mahesh Jethanandani' <mjethanandani@gmail.com>, Juliusz Chroboczek <jch@irif.fr>
CC: Babel at IETF <babel@ietf.org>
Thread-Topic: [babel] info-model: message log
Thread-Index: AdSXyYnBQkQrNQ5OTYeO5Bd7aNbDmQCcr+YAAOaIy4ABPlBSwA==
Date: Wed, 02 Jan 2019 21:14:53 +0000
Message-ID: <2D09D61DDFA73D4C884805CC7865E6114DF7E186@GAALPA1MSGUSRBF.ITServices.sbc.com>
References: <2D09D61DDFA73D4C884805CC7865E6114DF65C81@GAALPA1MSGUSRBF.ITServices.sbc.com> <87efa9legt.wl-jch@irif.fr> <A52325B6-59E8-433A-8670-DA943B5DAD90@gmail.com>
In-Reply-To: <A52325B6-59E8-433A-8670-DA943B5DAD90@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.70.199.172]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-02_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1901020185
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/LIifTaK_jtlfb7MAwoCA0b_6h0c>
Subject: Re: [babel] info-model: message log
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2019 23:23:15 -0000

Getting back to this after the holidays...

> >> Here is my suggestion for having a message log:
> >
> >> babel-message-log is:
> >> A reference or url link to a file that contains a timestamped log of
> >> messages received and sent on babel-udp-port on all interfaces. File format
> >> MUST be readable by Wireshark 1.8 or later and use the applicable file format
> >> extension in the filename. Logging is enabled / disabled by babel-message-
> >> log-enable.
> >
> > Wireshark supports multiple formats, I'm not sure that it's a good
> > idea to allow all of the formats supported by Wireshark.

Why not? Not that I'm arguing strongly for allowing all formats; just that I can't convince myself of a strong argument against it. I'm fine with a more limited set, but don't want to be too limiting. Personally, I'm fine with anything that I can get an easy-to-use, free, good parser for and that can provide all the info.

> > I'm not intimately familiar with the capture packet formats.  The
> > pcapng file format appears to be the preferred format for wireshark,
> > but the internet-draft is expired since 2014; what's more, I'm not
> > sure it's supported by libpcap.

Per https://wiki.wireshark.org/Development/LibpcapFileFormat (with a last edited date from 2015):
"It is widely accepted that the libpcap file format serves its purpose but lacks some useful features. There's a next generation pcap file format documented at the pcapng specification Git repository. The new format supplies many of the capabilities listed in "Drawbacks" above.
Wireshark currently has the ability to read and write pcapng files, and does so by default, although doesn't support all of the capabilities of the files. Libpcap 1.1.0 and later have a limited ability to read them as well, although libpcap doesn't yet supporting writing them."
 
> Would agree that the capture format is a pcap file. I will not be surprised if
> Wireshark does not understand Babel protocol, particularly if no one has
> defined it in libpcap. Not too difficult to add though.

The RFC6126 dissector exists: https://www.wireshark.org/docs/dfref/b/babel.html
I'm hopeful someone will contribute the updated dissector once the new RFC is published...

> > The traditional libpcap format is documented here:
> >
> > <url mauled by AT&T security filters>
> >
> > and it's likely to be supported by any tool in existence.  Unless
> > somebody has good technical reasons to avoid libpcap, I suggest we
> > should mandate that format.

Apparently, libpcap is said (by https://wiki.wireshark.org/Development/LibpcapFileFormat) to have the following drawbacks:
"The libpcap format is very simple, one of the reasons that it has gained such a wide usage. Unfortunately it misses a few things which would be helpful:
    nanosecond time resolution
    user comments: "shows connection breakdown starting at packet 1432"
    interface information (like the network card manufacturer)
    packet drop count (and probably other counts as well)"

I don't find any of these to be showstoppers for this proposed use. But I go back to my original premise that I'm struggling to figure out why there's a need to limit the file format.
Barbara

> >
> > -- Juliusz
> >
> > _______________________________________________
> > babel mailing list
> > babel@ietf.org
> 
> Mahesh Jethanandani
> mjethanandani@gmail.com

v2.23.0 | Report a Bug | By Email