Hello,
I opened a a bug report #1579 to signal that epan/dissectors/packet-netflow.c
currently cannot decode Netflow options, because it does not take into account the option scope.
Netflow options provide information that are needed to interpret the Netflow records, like
the ifName, ifDescr and sampling rate for an ifIndex, or the IP prefix for a MPLS label.
So I added to the bug report a patch that:
- decodes the option scope, for Data FlowSet containing option.
- decodes of about 40 new Netflow types, some of which are undocumented but
used by Cisco Flexible Netflow.
- display the unknown netflow type in hexadecimal, so to help deal with
future Netflow v9 implementations, especially in tshark.
- display the header of the netflow packet even when the PDU count is zero,
as this does happen in practice.
The patch was tested it using traces generated by Cisco IOS 12.0 and 12.4, IOS-XR 3.3,
Juniper JUNOS 7 and 8, and Huawei VRP 5.30.
I hope someone can apply this patch, since I have no idea how it is supposed to be done.
Thanks in advance,
Olivier Montanuy
