ARC members: please review and submit any comments by 03/18/2009.
sun
microsystems Systems Architecture Committee
_________________________________________________________________
Subject: tcpdump
Submitted by: Robin Guo
File: PSARC/2009/147/opinion.ms
Date: March 4th, 2009
Committee: James Carlson, Mark Carlson, Garrett D'Amore,
Richard Matthews, Sebastien Roy, Glenn
Skinner, Gary Winiger.
Product Approval Committee:
Solaris PAC
solaris-pac at sun.com
1. Summary
The open source tcpdump (packet tracing) utility is to be
shipped with OpenSolaris, delivering via the SFW consolida-
tion.
2. Decision & Precedence Information
The project is approved as specified in reference [1], but
as modified by the required technical change listed in
Appendix A below.
The project may be delivered in a Minor release of Solaris
or OpenSolaris.
The project depends on an upgraded (verison 1.0.0 or better)
libpcap in SFW, and may not be delivered until this library
is updated.
3. Interfaces
The project exports the following interfaces.
___________________________________________________________
| Interfaces Exported |
|_________________|________________|______________________|
|Interface | Classification| Comments |
|_________________|________________|______________________|
|/usr/sbin/tcpdump| Uncommitted | Binary location |
|SUNWtcpdump | Uncommitted | Package name |
|_________________|________________|______________________|
PSARC/2009/147 Copyright 2009 Sun Microsystems
- 2 -
___________________________________________________________
| Interfaces Exported |
|_________________|________________|______________________|
|Interface | Classification| Comments |
|_________________|________________|______________________|
|tcpdump | Uncommitted | Command line options|
|files | Uncommitted | File formats |
|output | Volatile | Output format |
|_________________|________________|______________________|
The project imports the following interfaces.
_____________________________________________
| Interfaces Imported |
|_________|________________|________________|
|Interface| Classification| Comments |
|_________|________________|________________|
|libpcap | Committed | PSARC 2008/288|
|_________|________________|________________|
4. Opinion
4.1. Tcpdump, Wireshark, and Snoop
An ARC member noted that tcpdump's functionality is essen-
tially similar to the existing snoop utility and that the
wireshark/tshark utility is a superset of both and accepts
much of the tcpdump packet filtering syntax.
The project team responded that tcpdump is being offered as
an option, and might be useful for those with scripts that
are dependent on the exact behavior of tcpdump.
The ARC members agreed that this was a useful reason for the
duplication, and that trying to provide a wrapper for tshark
is likely not a productive activity.
4.2. What Direction Are We Headed?
Several ARC members noted that we approved wireshark (PSARC
2007/334) quite some time ago, and that it was approved with
the understanding that it would replace snoop and be the
primary packet capture and display system on Solaris and
OpenSolaris, but that wireshark, though in common use on
Solaris, has not yet delivered, and that our direction is
thus unclear. Is the plan still current?
Further, this lack of direction is affecting other network-
ing projects. As of today, snoop is still the only packet
capture service in the system, and projects being developed
and reviewed today will need to be directed to update snoop,
PSARC/2009/147 Copyright 2009 Sun Microsystems
- 3 -
even if that effort is not in the long term interest of
Solaris or OpenSolaris, because there are no alternatives.
To deal fairly with projects that are dependent on common
features, where there may be multiple separate implementa-
tions of these features, the ARC must have information
regarding which one is the "preferred" implementation. In
this case, knowing that wireshark is still "preferred" means
that networking projects delivering new protocols into
Solaris or OpenSolaris will be directed to update wireshark
rather than snoop or tcpdump.
Customers as well need to know which implementation is "pre-
ferred." The preferred implementation is the one that will
be expected to be most compatible with the
Solaris/OpenSolaris environment, while the others may not
necessarily be tailored for that use.
The discussion of these issues led to the advice in section
6 below, and to the technical change required.
5. Minority Opinion(s)
None
6. Advisory Information
When delivering multiple implementations of a single
feature, and where an extended period of co-existence rather
than eventual replacement is expected, the Solaris PAC and
the management of the on-going "familiarity" project are
advised that the ARC requires explicit information regarding
which of the co-existing implementations is regarded as
"preferred."
The management teams are also reminded that, as decided in
PSARC 2007/334, wireshark is the packet capture and display
mechanism of record, and prompt delivery of this feature is
highly desirable, and more useful to Solaris and OpenSolaris
than is delivery of any other alternative implementation.
Failing to deliver wireshark will very likely cause problems
for other projects.
7. Appendices
7.1. Appendix A: Technical Changes Required
1. The end user documentation delivered must include
language pointing the user to the "preferred"
packet capture and display mechanism on the sys-
tem, so that the user knows which one is intended
to decode all supported protocols on the system.
PSARC/2009/147 Copyright 2009 Sun Microsystems
- 4 -
7.2. Appendix B: Technical Changes Advised
None
7.3. Appendix C: Reference Material
Unless stated otherwise, path names are relative to the case
directory PSARC/2009/147.
1. Tcpdump Project Proposal
File: proposal.txt
PSARC/2009/147 Copyright 2009 Sun Microsystems
