Comment # 1
on bug 9358
from Guy Harris
This is an Apple botch; to quote
rdar://15343324
(for the benefit of those on the mothership):
To quote http://www.tcpdump.org/linktypes.html
Values in the range 147 through 162 are reserved for private use; if you
have some link-layer header type that you want to use within your organization,
with the capture files using that link-layer header type not ever be sent
outside your organization, you can use one or more these values. No libpcap
release will use these for any purpose, nor will any tcpdump release use them,
either.
Do NOT use these in capture files that you expect anybody not using your
private versions of capture-file-reading tools to read; in particular, do NOT
use them in products, otherwise you may find that people won't be able to use
tcpdump, or snort, or Wireshark, or... to read capture files from your
firewall/intrusion detection/traffic monitoring/etc. appliance, or whatever
product uses that link-layer header type value, and you may also find that the
developers of those applications will not accept patches to let them read those
files.
Also, do not use them if somebody might send you a capture using them for
their private type and tools using them for your private type would have to
read them.
Violating this rule causes problems such as
http://ask.wireshark.org/questions/26524/mavericks-can-not-capture-lively-from-iphone-using-rvi
Please follow the rules, and ask [email protected] for an
assigned value for DLT_PKTAP, and use that value.
I guess the folks at Apple decided to make RVIs offer DLT_PKTAP in Mavericks.
You are receiving this mail because:
- You are watching all bug changes.
