Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Patch Netflow v9 to decode Netflow options, and other fixes

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Fri, 27 Apr 2007 21:53:31 +0200 (CEST)
Hi,

Patch looks good, not too sure about the to_hexadecimal though.

Thanx,
Jaap

On Fri, 27 Apr 2007, Olivier MONTANUY wrote:

> Hello,
>
> I opened a a bug report #1579 to signal that epan/dissectors/packet-netflow.c
> currently cannot decode Netflow options, because it does not take into account the option scope.
>
> Netflow options provide information that are needed to interpret the Netflow records, like
> the ifName, ifDescr and sampling rate for an ifIndex, or the IP prefix for a MPLS label.
>
> So I added to the bug report a patch that:
> - decodes the option scope, for Data FlowSet containing option.
> - decodes of about 40 new Netflow types, some of which are undocumented but
>   used by Cisco Flexible Netflow.
> - display the unknown netflow type in hexadecimal, so to help deal with
>   future Netflow v9 implementations, especially in tshark.
> - display the header of the netflow packet even when the PDU count is zero,
>   as this does happen in practice.
>
> The patch was tested it using traces generated by Cisco IOS 12.0 and 12.4, IOS-XR 3.3,
> Juniper JUNOS 7 and 8, and Huawei VRP 5.30.
>
> I hope someone can apply this patch, since I have no idea how it is supposed to be done.
>
> Thanks in advance,
>
>   Olivier Montanuy
>
>
>
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>