On Aug 30, 2025, at 8:05 PM, Guy Harris <[email protected]> wrote: > As for the redundancy, which is the result of historical mistakes, currently > tcpdump reports errors for IPv6 packets on LINKTYPE_IPV4 and IPv4 packets on > LINKTYPE_IPV6, while Wireshark treats LINKTYPE_IPV4 and LINKTYPE_IPV6 as > equivalent to LINKTYPE_RAW. I don't remember any complaints having been made > about either behavior, which probably indicates that nobody's ever written > non-IPv4 packets with LINKTYPE_IPV4 or non-IPv6 packets with LINKTYPE_IPV6. > We probably don't have any need to say anything more about LINKTYPE_IPV4 or > LINKTYPE_IPV6
I've decided that LINKTYPE_IPV4 should mean "IPv4 only, IPv6 is an error" and LINKTYPE_IPV6 should mean "IPv6 only, IPv4 is an error", and in *any* cases where there's *any* chance that the traffic will include both, LINKTYPE_RAW should be used. I've created pages on www.tcpdump.org for all three link layers and updated the entries in the I-D to refer to them. I'll add, as additional references, RFC 791 and RFC 8200 as appropriate. _______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
