Re: [OPSAWG] Can we please adopt draft-tuexen-opsawg-pcapng?
Toerless Eckert <tte@cs.fau.de> Wed, 11 November 2020 18:14 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB86A3A10F4 for <opsawg@ietfa.amsl.com>; Wed, 11 Nov 2020 10:14:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.869
X-Spam-Level:
X-Spam-Status: No, score=-0.869 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u9FGvPYMPUyd for <opsawg@ietfa.amsl.com>; Wed, 11 Nov 2020 10:14:19 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAFCF3A1158 for <opsawg@ietf.org>; Wed, 11 Nov 2020 10:10:34 -0800 (PST)
Received: from faui48f.informatik.uni-erlangen.de (faui48f.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:52]) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTP id 669F8548660; Wed, 11 Nov 2020 19:00:53 +0100 (CET)
Received: by faui48f.informatik.uni-erlangen.de (Postfix, from userid 10463) id 5E9D1440059; Wed, 11 Nov 2020 19:00:53 +0100 (CET)
Date: Wed, 11 Nov 2020 19:00:53 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Eliot Lear <lear=40cisco.com@dmarc.ietf.org>, opsawg <opsawg@ietf.org>, cabo@tzi.org
Message-ID: <20201111180053.GK39343@faui48f.informatik.uni-erlangen.de>
References: <DB082EF6-9150-49B5-87FE-1322C3AB8A72@cisco.com> <20201110212315.GX39343@faui48f.informatik.uni-erlangen.de> <2545.1605114754@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <2545.1605114754@localhost>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/mgm8bEm8-Z8uUaObsI_20WTkEbQ>
Subject: Re: [OPSAWG] Can we please adopt draft-tuexen-opsawg-pcapng?
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2020 18:14:26 -0000
On Wed, Nov 11, 2020 at 12:12:34PM -0500, Michael Richardson wrote: > > Toerless Eckert <tte@cs.fau.de> wrote: > > Why is the document not using a formal language to define the > > syntax/semantic of its formatting ? Would CBOR/CDDL not be a > > good candidate ? Any other ? > > Because pcapng is at least 10 years old, and pcap is around ~33 years old. > If we designed it today, it would definitely be CDDL/CBOR. > We probably want to design new extensions that way too. Ah, ok. i couldn't find any quick pointers for the age of pcapng. If its 10 years old and for reasons of compatibility we shouldn't change a bit of it but focus on extension point work (+registries), then it would be even more logical to me to inherit the base spec as an individual submission constrained to text polishing. At least thats is (individual submission) what i think to remember as the more common approach when editing help is needed. RFC8017 does not even seem to have gone through a WG if i interpret the datatracker info. AD sponsored RFC, simply adopting an RSA document ?? Aka: would be good to know the process if thats what we want to duplicate. RFC817 also says "By publishing this RFC, change control is transferred to the IETF" I guess change control via the extension points and expert review/ extension specs is something we a OPSAWG might want to have. Alas, RFC8017 does not include any IANA statements, so its not a good reference. If the draft would state in its abstract a good representation of what the RFC is, and we make sure upfront that this is ok. with IESG, then an informational RFC might be more appropriate E.g. something like: | This document represents a publication of the non-IETF PCAPNG protocol | specification. This document also defines the IANA registries for | this protocols extension points. By publishing this RFC, change control | is transferred to the IETF. > It's all 32-bit type followed by 32-bit length TLV. > This mechanism occurs repeatedly everywhere, I wish the IETF had a name for it. And a formal language. > > > B) Just quickly browsing through the document: One of the core > > aspects unresolved seems to be the rich filter language. It might > > be helpfull to separate this out into a separate document even if > > just so as to be able to finish this document faster. Especially > > when using a formal language, it might also be easier to also > > document the filter sematic used by being able to point to the > > template. > > Scratching my head. > pcapng does not define any filter language. > Nor does pcap. Right. See all the XXX/TODO in the draft around if_filter. Seems like the right clousre of the if_filter text would simply be to make the first byte another IANA registry table. > pcapng does allow the filter string (in whatever language), to be included as a comment. > At no point do these documents attempt to standardize the pcap filter > language, nor the BPF codes. "document_s_" ? is there more than the one draft > > C) Even more quickly looking at the TOC, i couldn't find anything that > > would report the identity of the reporting entity and characterization > > of it. e.g.: which cpu-core, linecard, version of the reporting > > software, self-claimed accuracy, possible limitations (likelyhood > > of packet drops etc. pp). > > In pcapng, section 4.2, the Interface Description Block. > | if_name | 2 | variable | no | > | if_description | 3 | variable | no | > | if_IPv4addr | 4 | 8 | yes | > | if_IPv6addr | 5 | 17 | yes | > | if_MACaddr | 6 | 6 | no | > | if_EUIaddr | 7 | 8 | no | > | if_speed | 8 | 8 | no | > | if_tsresol | 9 | 1 | no | > | if_tzone | 10 | 4 | no | > | if_filter | 11 | variable, minimum 1 | no | > | if_os | 12 | variable | no | > | if_fcslen | 13 | 1 | no | > | if_tsoffset | 14 | 8 | no | > | if_hardware | 15 | variable | no | > | if_txspeed | 16 | 8 | no | > | if_rxspeed | 17 | 8 | no | Given now that how it seems this document is more about specifying what exists and not to improve in this document itself, i'll stop pitching better identifiers for _how/who_ captured the data. > (Yes, it needs IANA considerations. Probably some integration with more > current YANG values in a new block type would also make sense) Would be good to understand what more is needed than going through all places where extension points exist (even those where the authors didn't highlight them such as if_filter) and fixup the text for IANA extension points. Summary of any work desired beyond that for the doc would help a lot to determine how to classify this work. Cheers Toerless > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | IoT architect [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ > > > > > -- > Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > -- --- tte@cs.fau.de
- [OPSAWG] Can we please adopt draft-tuexen-opsawg-… Eliot Lear
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Joe Clarke (jclarke)
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Michael Tuexen
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Michael Richardson
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Carsten Bormann
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Juergen Schoenwaelder
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Carsten Bormann
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Eliot Lear
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Juergen Schoenwaelder
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Vladimir Vassilev
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Blumenthal, Uri - 0553 - MITLL
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Eliot Lear
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Warren Kumari
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Carsten Bormann
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Michael Richardson
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Carsten Bormann
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Brian E Carpenter
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Eliot Lear
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Michael Richardson
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Michael Richardson
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Michael Richardson
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Brian E Carpenter
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Joel M. Halpern
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Michael Richardson
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Michael Richardson
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Michael Richardson
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Carsten Bormann
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Carsten Bormann
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… mohamed.boucadair
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Carsten Bormann
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… mohamed.boucadair
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Eliot Lear
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… tom petch
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Henk Birkholz
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Carsten Bormann
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Brian E Carpenter
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Toerless Eckert
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… Joe Clarke (jclarke)
- [OPSAWG] Red: RFC8907 (was: Re: Can we please ado… Toerless Eckert
- Re: [OPSAWG] Red: RFC8907 (was: Re: Can we please… Alan DeKok
- Re: [OPSAWG] Can we please adopt draft-tuexen-ops… MORTON, ALFRED C (AL)
- Re: [OPSAWG] Red: RFC8907 (was: Re: Can we please… Michael Richardson
- Re: [OPSAWG] Red: RFC8907 (was: Re: Can we please… Eliot Lear
- Re: [OPSAWG] Red: RFC8907 (was: Re: Can we please… Juergen Schoenwaelder
- Re: [OPSAWG] Red: RFC8907 (was: Re: Can we please… Carsten Bormann
- Re: [OPSAWG] Red: RFC8907 (was: Re: Can we please… tom petch
- Re: [OPSAWG] Red: RFC8907 (was: Re: Can we please… Toerless Eckert
- Re: [OPSAWG] Red: RFC8907 (was: Re: Can we please… Joe Clarke (jclarke)
- Re: [OPSAWG] Red: RFC8907 (was: Re: Can we please… Blumenthal, Uri - 0553 - MITLL