[tcpdump-workers] Saving packets with libpcap in PCAPNG format

Francois-Xavier Le Bail devel.fx.lebail at orange.fr
Sat Nov 20 14:41:29 EST 2021


On 06/12/2016 19:32, Guy Harris wrote:
> On Dec 6, 2016, at 10:15 AM, Martin Dubuc <martind1111 at gmail.com> wrote:
> 
>> I am working on an application that requires to store packets in PCAPNG
>> format. My understanding is that there isn't support for saving packets in
>> PCAPNG format in the current code base. I have noticed that Apple has
>> created an API in its custom version of libpcap (latest version can be
>> viewed at https://opensource.apple.com/source/libpcap/libpcap-67/libpcap/
>> and is based on libpcap-1.7.4), and the extension seems to be open source.
> 
> Open source *but* licensed under the Apple Public Source License Version 2.0:
> 
> 	https://opensource.apple.com/apsl
> 
> [...]
>
> I'm not sure whether the patent-related clauses - especially the "Termination" clause - would cause any vendors or distributors who currently include libpcap under its patent-clause-free BSD license not to want to include it if it includes patent clauses of that sort.
> 
>> Is there a plan to merge this to the libpcap at some point? Or is there
>> plan to implement something else?
> 
> My inclination was to implement *some* APIs for reading files (pcapng or pcap, using the same API, so programs can transparently *read* either file type), with the full capabilities of pcapng supported, and for writing pcapng files, with a separate implementation.
> 
> If we can get away with implementing Apple's API independently, under the same BSD license as is used for the rest of libpcap, and that API can be used to read either pcap or pcapng files, and it supports the full capabilities of pcapng and allows support for future pcapng capabilities (as well as vendor extensions), that would probably be the right choice;

It's seems that Apple has changed their license to: "License: BSD."

See:
https://opensource.apple.com/source/libpcap/libpcap-98.40.1/libpcap/LICENSE.auto.html
or
https://opensource.apple.com/source/tcpdump/tcpdump-100.100.2/tcpdump/LICENSE.auto.html

> otherwise, we'll implement a separate API, but try to do so in a way that allows Apple to continue to provide their API.  (They don't document the API in any man page other than the pcapng man page in the source, so they might consider it a private interface and be willing to use a different one, especially if, as I expect we'll do, we provide a version of tcpdump that supports the new API if available.



More information about the tcpdump-workers mailing list