Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsawg-pcap.txt --- IANA considerations
Guy Harris <gharris@sonic.net> Tue, 22 December 2020 20:05 UTC
Return-Path: <gharris@sonic.net>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E44A3A1266 for <opsawg@ietfa.amsl.com>; Tue, 22 Dec 2020 12:05:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.597
X-Spam-Level:
X-Spam-Status: No, score=-2.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gR1Nt225aupS for <opsawg@ietfa.amsl.com>; Tue, 22 Dec 2020 12:05:00 -0800 (PST)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46CBE3A1265 for <opsawg@ietf.org>; Tue, 22 Dec 2020 12:05:00 -0800 (PST)
Received: from [192.168.42.85] (173-228-4-241.dsl.dynamic.fusionbroadband.com [173.228.4.241]) (authenticated bits=0) by c.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id 0BMK4waG008229 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 22 Dec 2020 12:04:58 -0800
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Guy Harris <gharris@sonic.net>
In-Reply-To: <31989.1608654962@localhost>
Date: Tue, 22 Dec 2020 12:04:57 -0800
Cc: Pcap-ng file format <pcap-ng-format@winpcap.org>, opsawg@ietf.org, tcpdump-workers <tcpdump-workers@lists.tcpdump.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <767D3BF2-2539-40CE-BD85-6DE92D0BAC59@sonic.net>
References: <12531.1608597102@localhost> <mailman.43.1608601176.8496.tcpdump-workers@lists.tcpdump.org> <31379.1608601870@localhost> <C3E32A34-AAA5-462F-9901-34B44C857A77@alum.mit.edu> <31989.1608654962@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Sonic-CAuth: UmFuZG9tSVb7dprU3G8ymFklP6JbHGsuOOl5LC4ifBXeOCcnjts0Je+gkQmkCSg5mq8RnpJxokP3VI2fXKE2xj/LooWsF63w
X-Sonic-ID: C;dIub95BE6xGJD53Pl+vPsg== M;xgTV95BE6xGJD53Pl+vPsg==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/PGS_P6PPCGrOo7t3udm2qFiHAm8>
Subject: Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsawg-pcap.txt --- IANA considerations
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2020 20:05:01 -0000
On Dec 22, 2020, at 8:36 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > Guy Harris <guy@alum.mit.edu> wrote: > >> And, as per my idea of using 65535 to mean "custom linktype", similar >> to pcapng custom blocks and options, with either: > > I'm happy with this proposal, but isn't it pcapng specific? No - it's *cleaner* to implement in pcapng, as you can use Interface Description Block (IDB) options to provide the Private Enterprise Number (PEN) and an enterprise-specific encapsulation type, but: if we go with the PEN and and enterprise-specific encapsulation type with IDB options, for pcap we can steal the former time stamp offset (Reserved1) and time stamp accuracy (Reserved2) fields, interpreting them as the PEN and enterprise-specific encapsulation type, respectively, if the link type is 65535; if we go with the PEN as an IDB option, and say that if an enterprise wants more than one encapsulation type, they'd have to put a encapsulation type at the beginning of the payload, so, for pcap, we'd steal the former time stamp offset (Reserved1), interpreting it as the PEN if the link type is 65535; if we go with putting the PEN and encapsulation type at the beginning of the payload, that would work the same way for pcap as it does for pcapng.
- [OPSAWG] draft-gharris-opsawg-pcap.txt --- FCS le… Michael Richardson
- [OPSAWG] draft-gharris-opsawg-pcap.txt --- FCS le… Michael Richardson
- [OPSAWG] draft-gharris-opsawg-pcap.txt --- IANA c… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Guy Harris
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Guy Harris
- Re: [OPSAWG] draft-gharris-opsawg-pcap.txt --- FC… Carsten Bormann
- Re: [OPSAWG] draft-gharris-opsawg-pcap.txt --- FC… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Guy Harris
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Guy Harris
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… mohamed.boucadair
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Guy Harris
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Adrian Farrel
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… tom petch