> From: Paul Hoffman <paul.hoff...@icann.org>
> Subject: Re: [DNSOP] [Ext] Alexey Melnikov's Discuss on
> draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)
> Date: 27 November 2018 at 14:59:51 GMT
> To: Alexey Melnikov <aamelni...@fastmail.fm>
> Cc: dnsop <dnsop@ietf.org>, The IESG <i...@ietf.org>
>
> On Nov 27, 2018, at 3:05 AM, Alexey Melnikov <aamelni...@fastmail.fm> wrote:
>>
>> On Tue, Nov 27, 2018, at 2:10 AM, Paul Hoffman wrote:
>>> | filter | O | T | "tcpdump" [pcap] style filter for |
>>> | | | | input. |
>>>
>>>
>>> On Nov 26, 2018, at 6:05 PM, Warren Kumari <war...@kumari.net> wrote:
>>>> ... that is where we started.
>>>> The concern was what happens if there are new filters added, and
>>>> implementations written don't know how to deal with them.
>>>
>>> New filters being added to tcpdump (or even removed) doesn't affect a C-
>>> DNS application from reading or writing that field. It's just a text
>>> string.
>>
>> I think this depends on how the field is used.
>>
>> If you want to write an application that validates or does something with
>> this field, that wouldn't be true.
>> If you think that writing such an application is a dumb idea, then the draft
>> should clearly state that.
>
> My interpretation of the spec has been all along that this field, as well as
> the other fields in CollectionParameters, were informational for whomever is
> looking at the particular capture. "Parameters relating to how data in the
> file was collected" seemed sufficient for that. If the authors added "These
> parameters are informational are only informational and cannot necessarily be
> validated by looking in the data captured", would that satisfy your concern?
Paul is correct in that the _intention_ of including these fields is just to
provide informational meta data about the capturing process. I would suggest we
change the first sentence of the section to be:
“Parameters providing information to how data in the file was collected
(applicable for some, but not all collection environments). The values are
informational only and serve as hints to downstream analysers as to the
configuration of a collecting implementation. They can provide context when
interpreting what data is present/absent from the capture but cannot
necessarily be validated against the data captured.”
Given that, I’m hoping the short reference is acceptable
http://www.tcpdump.org/manpages/pcap-filter.7.html?
<http://www.tcpdump.org/manpages/pcap-filter.7.html?>
Regards
Sara.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop