IETF Logo Mail Archive

[OPSAWG] draft-gharris-opsawg-pcap.txt --- IANA considerations

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 22 December 2020 01:51 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C37B3A05AA for <opsawg@ietfa.amsl.com>; Mon, 21 Dec 2020 17:51:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hJRzixmSCPpX for <opsawg@ietfa.amsl.com>; Mon, 21 Dec 2020 17:51:14 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D3E33A0544 for <opsawg@ietf.org>; Mon, 21 Dec 2020 17:51:14 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 1BDDC3899E; Mon, 21 Dec 2020 20:51:20 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id cJ1Y7wZMd2MJ; Mon, 21 Dec 2020 20:51:18 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 6BCD938999; Mon, 21 Dec 2020 20:51:18 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id E5C939A; Mon, 21 Dec 2020 20:51:10 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
to: Pcap-ng file format <pcap-ng-format@winpcap.org>, tcpdump-workers <tcpdump-workers@lists.tcpdump.org>, opsawg@ietf.org
In-Reply-To: <mailman.43.1608601176.8496.tcpdump-workers@lists.tcpdump.org>
References: <12531.1608597102@localhost> <mailman.43.1608601176.8496.tcpdump-workers@lists.tcpdump.org>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 21 Dec 2020 20:51:10 -0500
Message-ID: <31379.1608601870@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/pcVK2Uf5d-5B7GxM_gNWKzbFtJI>
Subject: [OPSAWG] draft-gharris-opsawg-pcap.txt --- IANA considerations
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2020 01:51:17 -0000

The short of it is:

1) reserve bits 16:28 of linktype as zero.
2) lower 32K Specification Required (any document),
   upper 32K First Come First Served

Details:
  The Registry has three sections according to {{RFC8126}}:
  * values from 0 to 32767 are marked as Specification Required.
  *   except that values 147 to 162 are reserved for Private Use
  * values from 32768 to 65000 are marked as First-Come First-Served.
  * values from 65000 to 65536 are marked as Private Use.

3) I have included the tcpdump.org linktype database that we maintain.
   It might be a week old, but I don't think we've allocated anything
   in the past month.
   It is at: http://www.tcpdump.org/linktypes.html
   Some entries have further links under /linktypes/... which we could
   enter as the correct reference.
   There are 112 entries.
   It may be that we should do something different for initializing IANA.

I did some editing of the description field to shorten in a lot, but I got
tired about 30% through the list, not sure if we should even include that
column.
There are many entries like:
   LINKTYPE_PPP_ETHER                  |   51   |PPPoE; per RFC 2516

where I think that maybe this should point directly at RFC2516.
I'm not entirely sure about this.

Where this gets more complex is:
   LINKTYPE_PPP_WITH_DIR	204	DLT_PPP_WITH_DIR	PPP, as per
   RFC 1661 and RFC 1662, preceded with a one-byte pseudo-header with a zero
   value meaning "received by this host" and a non-zero value meaning "sent
   by this host"; if the first 2 bytes are 0xff and 0x03, it's PPP in
   HDLC-like framing, with the PPP header following those two bytes,
   otherwise it's PPP without framing, and the packet begins with the PPP
   header. The data in the frame is not octet-stuffed or bit-stuffed.

in this case, the text in linktypes.html is probably most appropriate.


Name:		draft-gharris-opsawg-pcap
Revision:	01
Title:		PCAP Capture File Format
Document date:	2020-12-22
Group:		Individual Submission
Pages:		29
URL:            https://www.ietf.org/archive/id/draft-gharris-opsawg-pcap-01.txt
Status:         https://datatracker.ietf.org/doc/draft-gharris-opsawg-pcap/
Html:           https://www.ietf.org/archive/id/draft-gharris-opsawg-pcap-01.html
Htmlized:       https://tools.ietf.org/html/draft-gharris-opsawg-pcap-01
Diff:           https://www.ietf.org/rfcdiff?url2=draft-gharris-opsawg-pcap-01


--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email