https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4333
Summary: sFlow not fully implemented
Product: Wireshark
Version: 1.2.2
Platform: x86
OS/Version: Ubuntu
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: mail@xxxxxx
Build Information:
wireshark 1.2.2
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.18.3, with GLib 2.22.2, with libpcap 1.0.0, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with
c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 20 2009 13:28:51),
without AirPcap.
Running on Linux 2.6.31-16-generic-pae, with libpcap version 1.0.0, GnuTLS
2.8.3, Gcrypt 1.4.4.
Built using gcc 4.4.1.
--
The sFlow Filter isn't implemented fully and existing structure is also not
valid.
For example the "expanded-counter-samples" header (sflow.sample.enterprisetype
== 4) of sFlow has a sourceIDtype field with 4 octets and a separated
sourceIDindex field with also 4 octets (the current filter misinterprets the
format as a normal counter-sample header with sourceIDtype 1 octet and
sourceIDindex 3 octets) - Wireshark makes no difference between the different
subheaders which is not valid to the current sFlow-Spec.
See also the datagram formats made by Elisa Jasinska from AMS-IX:
http://www.sflow.org/developers/specifications.php
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
