ARC members: please review and submit any comments by 03/18/2009.
sun microsystems Systems Architecture Committee _________________________________________________________________ Subject: tcpdump Submitted by: Robin Guo File: PSARC/2009/147/opinion.ms Date: March 4th, 2009 Committee: James Carlson, Mark Carlson, Garrett D'Amore, Richard Matthews, Sebastien Roy, Glenn Skinner, Gary Winiger. Product Approval Committee: Solaris PAC solaris-pac at sun.com 1. Summary The open source tcpdump (packet tracing) utility is to be shipped with OpenSolaris, delivering via the SFW consolida- tion. 2. Decision & Precedence Information The project is approved as specified in reference [1], but as modified by the required technical change listed in Appendix A below. The project may be delivered in a Minor release of Solaris or OpenSolaris. The project depends on an upgraded (verison 1.0.0 or better) libpcap in SFW, and may not be delivered until this library is updated. 3. Interfaces The project exports the following interfaces. ___________________________________________________________ | Interfaces Exported | |_________________|________________|______________________| |Interface | Classification| Comments | |_________________|________________|______________________| |/usr/sbin/tcpdump| Uncommitted | Binary location | |SUNWtcpdump | Uncommitted | Package name | |_________________|________________|______________________| PSARC/2009/147 Copyright 2009 Sun Microsystems - 2 - ___________________________________________________________ | Interfaces Exported | |_________________|________________|______________________| |Interface | Classification| Comments | |_________________|________________|______________________| |tcpdump | Uncommitted | Command line options| |files | Uncommitted | File formats | |output | Volatile | Output format | |_________________|________________|______________________| The project imports the following interfaces. _____________________________________________ | Interfaces Imported | |_________|________________|________________| |Interface| Classification| Comments | |_________|________________|________________| |libpcap | Committed | PSARC 2008/288| |_________|________________|________________| 4. Opinion 4.1. Tcpdump, Wireshark, and Snoop An ARC member noted that tcpdump's functionality is essen- tially similar to the existing snoop utility and that the wireshark/tshark utility is a superset of both and accepts much of the tcpdump packet filtering syntax. The project team responded that tcpdump is being offered as an option, and might be useful for those with scripts that are dependent on the exact behavior of tcpdump. The ARC members agreed that this was a useful reason for the duplication, and that trying to provide a wrapper for tshark is likely not a productive activity. 4.2. What Direction Are We Headed? Several ARC members noted that we approved wireshark (PSARC 2007/334) quite some time ago, and that it was approved with the understanding that it would replace snoop and be the primary packet capture and display system on Solaris and OpenSolaris, but that wireshark, though in common use on Solaris, has not yet delivered, and that our direction is thus unclear. Is the plan still current? Further, this lack of direction is affecting other network- ing projects. As of today, snoop is still the only packet capture service in the system, and projects being developed and reviewed today will need to be directed to update snoop, PSARC/2009/147 Copyright 2009 Sun Microsystems - 3 - even if that effort is not in the long term interest of Solaris or OpenSolaris, because there are no alternatives. To deal fairly with projects that are dependent on common features, where there may be multiple separate implementa- tions of these features, the ARC must have information regarding which one is the "preferred" implementation. In this case, knowing that wireshark is still "preferred" means that networking projects delivering new protocols into Solaris or OpenSolaris will be directed to update wireshark rather than snoop or tcpdump. Customers as well need to know which implementation is "pre- ferred." The preferred implementation is the one that will be expected to be most compatible with the Solaris/OpenSolaris environment, while the others may not necessarily be tailored for that use. The discussion of these issues led to the advice in section 6 below, and to the technical change required. 5. Minority Opinion(s) None 6. Advisory Information When delivering multiple implementations of a single feature, and where an extended period of co-existence rather than eventual replacement is expected, the Solaris PAC and the management of the on-going "familiarity" project are advised that the ARC requires explicit information regarding which of the co-existing implementations is regarded as "preferred." The management teams are also reminded that, as decided in PSARC 2007/334, wireshark is the packet capture and display mechanism of record, and prompt delivery of this feature is highly desirable, and more useful to Solaris and OpenSolaris than is delivery of any other alternative implementation. Failing to deliver wireshark will very likely cause problems for other projects. 7. Appendices 7.1. Appendix A: Technical Changes Required 1. The end user documentation delivered must include language pointing the user to the "preferred" packet capture and display mechanism on the sys- tem, so that the user knows which one is intended to decode all supported protocols on the system. PSARC/2009/147 Copyright 2009 Sun Microsystems - 4 - 7.2. Appendix B: Technical Changes Advised None 7.3. Appendix C: Reference Material Unless stated otherwise, path names are relative to the case directory PSARC/2009/147. 1. Tcpdump Project Proposal File: proposal.txt PSARC/2009/147 Copyright 2009 Sun Microsystems