Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2198] New: Netflow Dissector - error decoding option scope

Date: Tue, 15 Jan 2008 11:31:23 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2198

           Summary: Netflow Dissector - error decoding option scope
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: olivier.montanuy@xxxxxxxxxxxxxxxxxx


Build Information:
TShark 0.99.7

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.14.3, with libpcap 0.9.8, with libz 1.2.3.3, with libpcre
7.3, without SMI, with ADNS, without Lua, without GnuTLS, without Gcrypt, with
MIT Kerberos.

Running on Linux 2.6.22-2-686, with libpcap version 0.9.8.

Built using gcc 4.2.3 20071123 (prerelease) (Debian 4.2.2-4).

--
When a Cisco 10000 12.2(SBB) reports flow statistics (total number of netflow
packets and flowset sent by the router) using Netflow v9, the Netflow dissector
fails to decode the flowset, and all following flowsets.
The error reported is: 
[Dissector bug, protocol CFLOW: proto.c:1047: failed assertion "length == 4"]

The cause of the error is that dissectors/packet-netflow.c assumes that the
Netflow Option Scope of type System contains an IPv4 address.
But the Cisco 10000 provides an empty System scope.

patch to follow


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.