> Can we assign them a DLT value, and tell them to get with it? The backwards compatability bit is tough but at least partially doable; a trace file captured on OpenBSD with OpenBSD tcpdump may not be decodable with tcpdump.org's tcpdump. We assigned DLT 117 to their "old" pflog type, and they started using DLT 117 for their "new" pflog type, which we will (probably) assign DLT 143-ish. libpcap and tcpdump will have to have different handlers for old and new PFLOG DLTs.
There's still the cross-platform problem, in that pflog dump files will have the platform-specific address family in them, but if pflog is going to exist on more than one platform then that's just going to be a fact of life. Bill - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
