Hi,
I found a minor problem in current packet-netflow.c, where it decodes
"Sample Rate" as a 16bit unsigned integer. According to
http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/nfwhite.htm
Sample Rate is encoded in lower 14bits of 16bits field and higher 2
bits are used to represent whether the sampling is in use or not. The
following patch fixes this problem and makes it correctly decode the
sampling rate, however, it in turn introduces some loss of useful
information that used to be brought by _header_field_info structure
(field "abbrev" and "blurb" in particular).
What would be the best way to handle a case like this? Should we
introduce another field type?
Index: packet-netflow.c
===================================================================
RCS file: /cvsroot/ethereal/packet-netflow.c,v
retrieving revision 1.11
diff -c -r1.11 packet-netflow.c
*** packet-netflow.c 9 Mar 2004 20:08:26 -0000 1.11
--- packet-netflow.c 1 Jun 2004 15:30:16 -0000
***************
*** 161,167 ****
static int hf_cflow_unix_secs = -1;
static int hf_cflow_unix_nsecs = -1;
static int hf_cflow_timestamp = -1;
- static int hf_cflow_samplerate = -1;
/*
* cflow version specific info
--- 161,166 ----
***************
*** 455,462 ****
offset = flow_process_textfield(netflow_tree, tvb, offset, 4,
"reserved");
else if (ver == 5) {
! proto_tree_add_item(netflow_tree, hf_cflow_samplerate,
! tvb, offset, 2, FALSE);
offset += 2;
}
--- 454,462 ----
offset = flow_process_textfield(netflow_tree, tvb, offset, 4,
"reserved");
else if (ver == 5) {
! proto_tree_add_text(netflow_tree, tvb, offset, 2,
! "SampleRate: %u",
! tvb_get_ntohs(tvb, offset) & 0x3fff);
offset += 2;
}
***************
*** 1422,1432 ****
FT_UINT32, BASE_DEC, NULL, 0x0,
"Residual nanoseconds since epoch", HFILL}
},
- {&hf_cflow_samplerate,
- {"SampleRate", "cflow.samplerate",
- FT_UINT16, BASE_DEC, NULL, 0x0,
- "Sample Frequency of exporter", HFILL}
- },
/*
* end version-agnostic header
--- 1422,1427 ----
