Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 3471] New: Fails to decode variable length IPFIX data

Date: Tue, 19 May 2009 05:49:30 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3471

           Summary: Fails to decode variable length IPFIX data
           Product: Wireshark
           Version: 1.1.x (Experimental)
          Platform: x86
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: philip@xxxxxxxxxxxxxxxxxxx


Created an attachment (id=3011)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3011)
Sample pcap file with 3 ipfix packets

Build Information:
Version 1.1.3 (SVN Rev 27807)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.0, with GLib 2.20.0, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.6.4, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Mar 21 2009), with
AirPcap.

Running on Windows Vista, build 6000, with WinPcap version 4.0.2 (packet.dll
version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS 2.6.4, Gcrypt
1.4.4,
without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The IPFIX (aka Netflow v10) decoder does not handle variable length fields
correctly. it also doesn't appear to handle options templates correctly either.

I attach a pcap file that shows the problem.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.