[pcap-ng-format] returning to IETF with pcap-ng

Anders Broman anders.broman at ericsson.com
Mon Oct 1 11:46:24 UTC 2018 


-----Original Message-----
From: pcap-ng-format <pcap-ng-format-bounces at winpcap.org> On Behalf Of Jasper Bongertz
Sent: den 1 oktober 2018 13:29
To: Pcap-ng file format <pcap-ng-format at winpcap.org>
Subject: Re: [pcap-ng-format] returning to IETF with pcap-ng

Monday, October 1, 2018, 2:05:30 AM, Richard Sharpe wrote:

> On Sun, Sep 30, 2018 at 4:45 PM Michael Richardson <mcr at sandelman.ca> wrote:
>>
>> I think it was IETF 88 or so, in Toronto in 2014 when we last tried 
>> to do the standardization dance for pcap-ng.
>>
>> Is there any energy to continue?

> Well, I guess the real question is: Should it be an IETF standard?

> It's a file format, after all.

> What benefit is there to pcap-ng being an IETF standard?

>The main benefit would probably be that eventually more tools and vendors support it. The most common argument against pcap-ng is that it's much more complex to implement than pcap - and that won't change. As >an IETF standard pcap-ng will at least gain some reputation. If that's important enough to go through with the standardization dance I don't know.
>
>From my point of view the energy is not that high - for some reason the work on the specs stalls all the time, which is a problem. I think it's because there is no defined decision process, meaning that there are many >ideas floating around but nobody dares to make final decisions about what (and what not) to do.

For me the important point here is that we have one new block supported by Wireshark which is not included in the specification yet (that I know of)(pull request exists)
#define BLOCK_TYPE_SYSTEMD_JOURNAL  0x00000009 /* systemd journal entry */

And to me it is important to have the description in the document/standard and to have the block type "officially" reserved/documented even if we can't get it to a perfect state.

The same is true for the upcoming
#define BLOCK_TYPE_SDB              0x0000000a /* Secrets Description Block */
Where the specification perhaps is more up for discussion but I guess the block WILL be supported in some form by Wireshark soon and thus a de facto standard anyway..
Regards
Anders

_______________________________________________
pcap-ng-format mailing list
pcap-ng-format at winpcap.org
https://www.winpcap.org/mailman/listinfo/pcap-ng-format

More information about the pcap-ng-format mailing list