.de Sc \\s-1\\$1\\s0\\$2 .. .ds cA 2009/147 .ds aR \s-1PSARC\s0 .LP .so ../../amac .Co .ds LF \fI\*(aR/\*(cA\fP .ds RF \fICopyright 2009 Sun Microsystems\fP .if n .ds CF .IP \fBSubject:\fP 15 tcpdump .IP "\fBSubmitted by:\fP" 15 Robin Guo .IP \fBFile:\fP 15 \*(aR/\*(cA/opinion.ms .IP \fBDate:\fP 15 March 4th, 2009 .IP "\fBCommittee:\fP" 15 James Carlson, Mark Carlson, Garrett D'Amore, Richard Matthews, Sebastien Roy, Glenn Skinner, Gary Winiger. .IP "\fBProduct Approval Committee:\fP" 15 Solaris PAC .br solaris-pac@sun.com .pn 2 .NH Summary .LP The open source tcpdump (packet tracing) utility is to be shipped with OpenSolaris, delivering via the SFW consolidation. .NH Decision & Precedence Information .LP The project is approved as specified in reference [1], but as modified by the required technical change listed in Appendix A below. .LP The project may be delivered in a Minor release of Solaris or OpenSolaris. .LP The project depends on an upgraded (verison 1.0.0 or better) libpcap in SFW, and may not be delivered until this library is updated. .NH Interfaces .LP The project exports the following interfaces. .if n .ne 8 .if t .ne 3 .TS H box; c s s l | l | l. Interfaces Exported _ Interface Classification Comments _ .TH /usr/sbin/tcpdump Uncommitted Binary location SUNWtcpdump Uncommitted Package name tcpdump Uncommitted Command line options files Uncommitted File formats output Volatile Output format .TE .LP The project imports the following interfaces. .if n .ne 8 .if t .ne 3 .TS H box; c s s l | l | l. Interfaces Imported _ Interface Classification Comments _ .TH libpcap Committed PSARC 2008/288 .TE .NH Opinion .LP .NH 2 Tcpdump, Wireshark, and Snoop .LP An ARC member noted that tcpdump's functionality is essentially similar to the existing snoop utility and that the wireshark/tshark utility is a superset of both and accepts much of the tcpdump packet filtering syntax. .LP The project team responded that tcpdump is being offered as an option, and might be useful for those with scripts that are dependent on the exact behavior of tcpdump. .LP The ARC members agreed that this was a useful reason for the duplication, and that trying to provide a wrapper for tshark is likely not a productive activity. .NH 2 What Direction Are We Headed? .LP Several ARC members noted that we approved wireshark (PSARC 2007/334) quite some time ago, and that it was approved with the understanding that it would replace snoop and be the primary packet capture and display system on Solaris and OpenSolaris, but that wireshark, though in common use on Solaris, has not yet delivered, and that our direction is thus unclear. Is the plan still current? .LP Further, this lack of direction is affecting other networking projects. As of today, snoop is still the only packet capture service in the system, and projects being developed and reviewed today will need to be directed to update snoop, even if that effort is not in the long term interest of Solaris or OpenSolaris, because there are no alternatives. .LP To deal fairly with projects that are dependent on common features, where there may be multiple separate implementations of these features, the ARC must have information regarding which one is the "preferred" implementation. In this case, knowing that wireshark is still "preferred" means that networking projects delivering new protocols into Solaris or OpenSolaris will be directed to update wireshark rather than snoop or tcpdump. .LP Customers as well need to know which implementation is "preferred." The preferred implementation is the one that will be expected to be most compatible with the Solaris/OpenSolaris environment, while the others may not necessarily be tailored for that use. .LP The discussion of these issues led to the advice in section 6 below, and to the technical change required. .NH Minority Opinion(s) .LP None .NH Advisory Information .LP When delivering multiple implementations of a single feature, and where an extended period of co-existence rather than eventual replacement is expected, the Solaris PAC and the management of the on-going "familiarity" project are advised that the ARC requires explicit information regarding which of the co-existing implementations is regarded as "preferred." .LP The management teams are also reminded that, as decided in PSARC 2007/334, wireshark is the packet capture and display mechanism of record, and prompt delivery of this feature is highly desirable, and more useful to Solaris and OpenSolaris than is delivery of any other alternative implementation. Failing to deliver wireshark will very likely cause problems for other projects. .NH Appendices .NH 2 Appendix A: Technical Changes Required .LP .RS .IP 1. The end user documentation delivered must include language pointing the user to the "preferred" packet capture and display mechanism on the system, so that the user knows which one is intended to decode all supported protocols on the system. .RE .NH 2 Appendix B: Technical Changes Advised .LP None .NH 2 Appendix C: Reference Material .LP Unless stated otherwise, path names are relative to the case directory \*(aR/\*(cA. .IP 1. Tcpdump Project Proposal .br File: proposal.txt