adopting draft-gharris-opsawg-pcap and draft-tuexen-opsawg-pcapng
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 30 June 2021 00:29 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2F613A0C88; Tue, 29 Jun 2021 17:29:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.877
X-Spam-Level:
X-Spam-Status: No, score=-1.877 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NO_DNS_FOR_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, T_SPF_HELO_TEMPERROR=0.01, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KdcYoLlezEZ5; Tue, 29 Jun 2021 17:29:14 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 674303A0BCC; Tue, 29 Jun 2021 17:29:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 82DDA389DB; Tue, 29 Jun 2021 20:31:14 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id iS9r93twbDSs; Tue, 29 Jun 2021 20:31:11 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id B0476389DA; Tue, 29 Jun 2021 20:31:11 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id EBE161801; Tue, 29 Jun 2021 20:29:07 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: opsawg@ietf.org
CC: qlog@ietf.org, quic@ietf.org
Reply-to: opsawg@ietf.org
Subject: adopting draft-gharris-opsawg-pcap and draft-tuexen-opsawg-pcapng
In-Reply-To: <162449794730.28597.16572068303470741654@ietfa.amsl.com>
References: <162449794730.28597.16572068303470741654@ietfa.amsl.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 29 Jun 2021 20:29:07 -0400
Message-ID: <25597.1625012947@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/ltUZd80R8yYMmJtAm1OLwdV6P60>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2021 00:29:19 -0000
I have reposted the PCAP and PCAP-NG documents. Name: draft-gharris-opsawg-pcap Title: PCAP Capture File Format Html: https://www.ietf.org/archive/id/draft-gharris-opsawg-pcap-02.html Diff: https://www.ietf.org/rfcdiff?url2=draft-gharris-opsawg-pcap-02 Abstract: This document describes the format used by the libpcap library to record captured packets to a file. Programs using the libpcap library to read and write those files, and thus reading and writing files in that format, include tcpdump. Name: draft-tuexen-opsawg-pcapng Title: PCAP Next Generation (pcapng) Capture File Format Html: https://www.ietf.org/archive/id/draft-tuexen-opsawg-pcapng-03.html Diff: https://www.ietf.org/rfcdiff?url2=draft-tuexen-opsawg-pcapng-03 Abstract: This document describes a format to record captured packets to a file. This format is extensible; Wireshark can currently read and write it, and libpcap can currently read some pcapng files. There has been a reasonable amount of discussion, such as: https://mailarchive.ietf.org/arch/msg/opsawg/II4OEz82HXbsF_qn_3uFDsG3Z2g/ https://mailarchive.ietf.org/arch/msg/opsawg/sdjMYN7wj2nzXmSpy0pIlu3uCtI/ https://mailarchive.ietf.org/arch/msg/opsawg/4Cvm_msdnORHMUY3kbyCV6dbGyI/ https://mailarchive.ietf.org/arch/msg/opsawg/yJ7LczDObabWAH4SrmJ886bqMVg/ There was many comments about how we should have used CBOR for PCAPNG, and I would agree that in hindsight, it would be good. New section types for PCAPNG could well be encoded in CBOR. I also advocated that for draft-ietf-quic-qlog-h3-events,draft-ietf-quic-qlog-main-schema, draft-ietf-quic-qlog-quic-events, but they didn't go that way. (At least, not yet?). I haven't time to do QUIC stuff, but if there is interest, and I'll read the documents above, and see if I can come up with a proposal. The proposal is to adopt draft-gharris-opsawg-pcap as an Informational document. This documents the ~30 year old pcap format used by tcpdump, wireshark, etc. Almost all of IPv6, DNSSEC, DNS extensions, etc. research done by many researchers, including for instance, the https://www.caida.org/projects/network_telescope/ have used pcap files as their capture format. We need to do this as *WG* and can not do this as ISE, because the pcap document establishes the critical LinkType registry. One of the exchanges above is about how to "load" this rather large legacy into IANA. pcapng would be an IETF controlled document, the "pcap 2.0", but we can't really do as many changes as we might like. (I'd sure like to name it pcap2.0, as I hate the whole "Next Generation" moniker, but I don't know if that would fly at this late stage). *MAYBE* PCAPNG should also be Informational, given that we can't really mess with it too much. *MAYBE* PCAP2.0 should be just the structure as IETF Standards Track, with the section structure which is in PCAPNG (which is not changeable) should be an Informational document. This involves more documents, but no additional text. I would be pleased to present at IETF111 on this plan, and have a discussion, but I'd prefer to get to a place where the chairs feel happy to consider adopting before then. -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- adopting draft-gharris-opsawg-pcap and draft-tuex… Michael Richardson
- Re: [OPSAWG] adopting draft-gharris-opsawg-pcap a… Michael Richardson
- Re: [OPSAWG] adopting draft-gharris-opsawg-pcap a… Guy Harris
- Re: [OPSAWG] adopting draft-gharris-opsawg-pcap a… Guy Harris