Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4345] Add new NetflowV9 template fields for Network Based

Date: Tue, 22 Dec 2009 15:02:31 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4345

--- Comment #5 from Kirby Files <ksfiles@xxxxxxxxx> 2009-12-22 15:02:30 PST ---
(In reply to comment #4)
> (In reply to comment #3)
> > I'd prefer if you used a proto_tree_add_item() for NBAR applicationId too.
> 
> Could you please help me the idiom for doing so? 

Whoops, I figured out my problem. I've emailed the corrected attachment
out-of-band, as the bugzilla won't let me attach any more files. Here's the
gist of the patch, though I'm sure bugzilla html will mangle it:

Index: epan/dissectors/packet-netflow.c
===================================================================
--- epan/dissectors/packet-netflow.c    (revision 31354)
+++ epan/dissectors/packet-netflow.c    (working copy)
@@ -321,6 +321,9 @@
 static int      hf_cflow_sampler_name = -1;
 static int      hf_cflow_forwarding_status = -1;
 static int      hf_cflow_forwarding_code = -1;
+static int    hf_cflow_nbar_appl_id = -1;
+static int    hf_cflow_nbar_appl_name = -1;
+static int    hf_cflow_nbar_appl_desc = -1;
 static int      hf_cflow_peer_srcas = -1;
 static int      hf_cflow_peer_dstas = -1;
 static int      hf_cflow_flow_exporter = -1;
@@ -1971,6 +1974,21 @@
                         tvb, offset, length, FALSE);
             break;

+        case 94: /* NBAR applicationDesc */
+            proto_tree_add_item(pdutree, hf_cflow_nbar_appl_desc,
+                        tvb, offset, length, FALSE);
+            break;
+
+        case 95: /* NBAR applicationId */
+            proto_tree_add_item(pdutree, hf_cflow_nbar_appl_id,
+                                            tvb, offset+2, 2, FALSE);
+            break;
+
+        case 96: /* NBAR applicationName */
+            proto_tree_add_item(pdutree, hf_cflow_nbar_appl_name,
+                        tvb, offset, length, FALSE);
+            break;
+
         case 128: /* source AS Peer */
             proto_tree_add_item(pdutree, hf_cflow_peer_srcas,
                 tvb, offset, length, FALSE);
@@ -3023,6 +3041,9 @@
     { 90, "VPN_ROUTE_DISTINGUISHER" },
     { 92, "SRC_TRAFFIC_INDEX" },
     { 93, "DST_TRAFFIC_INDEX" },
+    { 94, "APPLICATION_DESC" },
+    { 95, "APPLICATION_ID" },
+    { 96, "APPLICATION_NAME" },
     { 128, "SRC_AS_PEER" },
     { 129, "DST_AS_PEER" },
     { 130, "exporterIPv4Address" },
@@ -3868,6 +3889,21 @@
           FT_UINT8, BASE_DEC, NULL, 0x3F,
           "Forwarding Code", HFILL}
          },
+        {&hf_cflow_nbar_appl_id,
+         {"ApplicationID", "cflow.appl_id",
+         FT_UINT16, BASE_DEC, NULL, 0x0,
+         "Application ID (NBAR)", HFILL}
+        },
+        {&hf_cflow_nbar_appl_name,
+         {"ApplicationName", "cflow.appl_name",
+          FT_STRINGZ, BASE_HEX, NULL, 0x0,
+          "Application Name (NBAR)", HFILL}
+         },
+        {&hf_cflow_nbar_appl_desc,
+         {"ApplicationDesc", "cflow.appl_desc",
+          FT_STRINGZ, BASE_HEX, NULL, 0x0,
+          "Application Desc (NBAR)", HFILL}
+         },
         {&hf_cflow_peer_srcas,
          {"PeerSrcAS", "cflow.peer_srcas",
           FT_UINT16, BASE_DEC, NULL, 0x0,

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.