Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4729] New: Patch for decoding IPFIX scope data

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 29 Apr 2010 19:07:13 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4729

           Summary: Patch for decoding IPFIX scope data
           Product: Wireshark
           Version: unspecified
          Platform: x86
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: irino@xxxxxxxxxxxxxx


Created an attachment (id=4593)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4593)
Patch for decoding IPFIX scope data

Build Information:
wireshark 1.3.5 (SVN Rev 32609 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.20.0, (32-bit) with GLib 2.24.0, with libpcap 1.0.0, with
libz 1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.4, with MIT Kerberos, without GeoIP, without PortAudio, without
AirPcap, with new_packet_list.

Running on Linux 2.6.32-21-generic, with libpcap version 1.0.0, with libz
1.2.3.3, GnuTLS 2.8.5, Gcrypt 1.4.4.

Built using gcc 4.4.3.
--
The function "dissect_v9_pdu" of "epan/dissectors/packet-netflow.c" decodes
NetFlow v9 packets and IPFIX packets with same logic. But, the "scope field" is
different between NetFlow v9 and IPFIX. NetFlow v9 has only 5 kind of scopes
which described in section "6.1.  Options Template FlowSet Format" of RFC3954.
On the other hand, many Information Elements defined in
"http://www.iana.org/assignments/ipfix/ipfix.xml"; can be used as scope fields
in IPFIX packets.

Hence, this patch separates the function "dissect_v9_pdu" into
"dissect_v9_pdu_scope" and "dissect_v9_pdu_data" to change behavior for IPFIX
scope fields. "dissect_v9_pdu_scope" decodes only NetFlow v9 scope data
records. "dissect_v9_pdu"_data decodes NetFlow v9 (non-scope) flow records,
IPFIX (non-scope) flow records and IPFIX scope data records.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube