eddie, On Fri, Jun 25, 2004 at 09:34:47AM -0700, Eddie Kohler wrote: | These changes should not have been implemented globally, without some flag | or option to preserve the old behavior. Such a flag should be added.
i had to make a call between polluting the code base further with new flags that may not used consitiently [e.g. q flag is my favourite example] or re-aligning the use of exisiting flags; [personally i only use typically -v -vv -e -x]; i did deliberately take the risk that i may break things IMHO adding functionality and consistiency is worth dropping some downwards compatability; output of structured data to non/structured is condemned to fail anyway; for example my employer was facing the same problem that everytime we changed the UI of our routing SW customers had to adapt their provisioning scripts, which (surprise) caused a lot of discomfort; finally we ended up exposing a machine parsebale interface encompassing XML tags; | My point in writing was to point out that there is a large audience of | tcpdump users who process its output with scripts. There are thousands of | scripts out there that you have broken, not just mine. You haven't heard | from them yet because new tcpdump hasn't seen wide distribution. well 3_8 is out since march ... it is in all major OS distributions and so far we did get only a single ;-) complaint. [i am not saying that your concerns are no valid] i am just saying that we had to horsetrade a bit and some things may fall through the cracks ... | I don't feel that tcpdump output should be frozen forever; some changes are | appropriate. But the changes I've seen have seemed indiscriminate. Again, | why put a comma after the TCP flags? Why reorder the TCP fields relative | to one another? Why change the way 'cksum' is spelled? Why print out the | checksum when it's valid? Why not leave the IP addresses at the beginning | of the line? Abstract reasons, about the physical order, are not good | enough. again consistency ... we use the "cksum 0x1234 (correct)" style in many dissectors; print-vrrp.c print-udp.c print-tcp.c print-isoclns.c print-ip.c print-icmp6.c print-icmp.c printing _all_ elements (checksum, ip ttl, dhcp options) not just som based on content makes actually script marsing much more easy ... many firewall guys expressed concerns that they want to see all the fields [IP ID] for detecting handcrafted packets etc .... --- a question: can we turn this (valuable) discourse in something productive ? i was thinking for quite a while about a output style-guide for new/existing dissectors; the primary target would be implementers for new dissectors however what i learned from the discussion is that there may be need for a normative spec that scripters can rely on [albeit not 100%] thoughts ? /hannes - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
