Wireshark-bugs: [Wireshark-bugs] [Bug 2764] New: Netflow Dissector - cannot decode IPFIX packets
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2764
Summary: Netflow Dissector - cannot decode IPFIX packets
Product: Wireshark
Version: SVN
Platform: PC
OS/Version: All
Status: NEW
Severity: Major
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: irino@xxxxxxxxxxxxxx
Build Information:
$ ./wireshark -v
wireshark 1.0.99 (SVN Rev 25902)
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.9, with GLib 2.16.4, with libpcap 0.9.8, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
ADNS,
without Lua, without GnuTLS, without Gcrypt, without Kerberos, without
PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Linux 2.6.24-19-generic, with libpcap version 0.9.8.
Built using gcc 4.2.3 (Ubuntu 4.2.3-2ubuntu7).
--
This patch is tested against IPFIX packets exported from YAF
(http://tools.netsa.cert.org/yaf/)
This patch
(1) fixes to decode IPFIX packets.
The revision 25601 warns and be not able to decodes IPFIX packets fully,
because the array "hf_register_info" does not have an entry
"hf_cflow_datarecord_length", and a length check for IPFIX packets is incorrect
in "dissect_netflow" function.
(2) is able to decode all Information Elements standardized by RFC 5102
(3) is able to decode IPFIX templates and data that contains PEN (Private
Enterprise Number) fields standardized by RFC 5101, and is able to decode
bi-directional flow standardized by RFC 5103.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.