Hi Heather,
Since I was cc'd: I ran into this the other week in an academic paper, and I
was surprised that I couldn't find a normative description of the pcap format.
I'm glad it wasn't just me :-)
I wound up citing the format with reference to a particular version of tcpdump;
the name of the tool plus a URL citation ("retrieved on") plus a version number
seemed to me to be sufficient kindness to future archaeologists.
It might be nice in the future if some kind soul took the time to work with the
tcpdump community to write up a stable description of the pcap format, edited
for style in the series in which it is published. I don't suggest that being a
sensible approach for this document, though.
Joe
> On Nov 21, 2018, at 13:27, Heather Flanagan <r...@rfc-editor.org> wrote:
>
>> On 11/21/18 9:33 AM, Warren Kumari wrote:
>> [ - DNSOP (for clutter), +Heather / RFC Editor for sanity :-P ]
>>
>>> On Wed, Nov 21, 2018 at 9:47 AM Sara Dickinson <s...@sinodun.com> wrote:
>>>
>>>
>>>> On 21 Nov 2018, at 14:42, Alexey Melnikov <aamelni...@fastmail.fm> wrote:
>>>
>>> Thanks for the quick response.
>>>
>>>>
>>>> Hi Sara,
>>>>>>
>>>>>> 1)
>>>>>>
>>>>>> In 7.4.2:
>>>>>>
>>>>>> | filter | O | T | "tcpdump" [pcap] style filter for |
>>>>>> | | | | input. |
>>>>>>
>>>>>> This makes the [pcap] reference Normative. If you don't want to do that,
>>>>>> please
>>>>>> fully specify syntax in this document.
>>>>>
>>>>> Is that true if it is an optional field?
>>>> Yes, optionallity of a field doesn't make its full specification optional.
>>>
>>> In which case it seems we can either include a more specific normative
>>> reference here to this page:
>>> http://www.tcpdump.org/manpages/pcap-filter.7.html
>>>
>>> or reproduce this page in an appendix. I’d prefer the former unless a
>>> reference to such a web page would prove problematic as a normative
>>> reference?
>>
>> We discussed this on the telechat, and I took the action to try look into
>> this.
>> One of the concerns with a normative reference to the webpage is what
>> happens if it is updated to add a new primitive - is it allowed? If someone
>> implements this on Thursday, can they still claim conformance if a new
>> primitive is added on Friday?
>
> If there was a way to point to a particular snapshot of the page (e.g., a
> particular hash on a GitHub page, a particular timestamped version) that
> would get around this.
>
>
>
>>
>> What we made up on the call was to simply grab a copy of
>> http://www.tcpdump.org/manpages/pcap-filter.7.html (it seems to be under the
>> BSD license) and put it somewhere on ietf.org, so we have a stable snapshot
>> to reference, and ask you to point to that.
>> But, this was simply us making stuff up on the fly - I'm hoping that the RFC
>> Editor can tell us if this is sane or the worst idea ever, or what....'''
>
> This also works, though I'd want to you all to think about the precedent this
> sets. Are you willing to do this on a regular basis? Managing a one off,
> dealing any any particular copyright issues (not a problem in this case, I
> believe, but it could be interesting in other cases), those are more
> challenging.
>
>
>
> -Heather
>
>
>
>>
>> W
>>
>>
>>
>>>
>>> Sara.
>>> _______________________________________________
>>> DNSOP mailing list
>>> DNSOP@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dnsop
>>
>>
>> --
>> I don't think the execution is relevant when it was obviously a bad idea in
>> the first place.
>> This is like putting rabid weasels in your pants, and later expressing
>> regret at having chosen those particular rabid weasels and that pair of
>> pants.
>> ---maf
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
