Wireshark-bugs: [Wireshark-bugs] [Bug 3543] enhanced sFlow dissector
Date: Thu, 18 Jun 2009 17:06:05 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3543





--- Comment #19 from Yi Yu <yiyu.inbox@xxxxxxxxx>  2009-06-18 17:06:04 PDT ---
(In reply to comment #18)
> Just a question I forgot to ask: Is your dissector based on the 1.0 version of
> the source or the 1.1/1.2/1.3 version of the source code? My v5 patches were
> definitely post 1.0. It's possbile that my v5 patches broke something in the

My dissector is based on the official release of Wireshark 1.0.8. I transformed
the built-in sFlow v2/4 dissector into a plug-in, and started to add sFlow v5
support. The routines for sFlow v2/4 dissection was UNCHANGED except a small
bug-fix. So, sorry I'm not sure about the v1.0 or 1.1/1.2/1.3 that you
mentioned. All codes that I'm working with are stable public releases. 


> v2/v4 code because I didn't have any test data for v2/v4, the red branch of
> your image regarding v5 is the main part of what was missing from the recent
> source version.

The two images were both screenshots for sFlow v2/4 dissection only. The sFlow
v5 dissection samples are in the text files I attached.


> In the end, I don't mind whether my code is replaced, as long as the new v5
> code is better than what I wrote - I only had one sample trace containing v5

Thank you for your understanding and support!


> records when I added v5 functionality and a dissector created/tested by the
> authors of the protocol will have seen much better testing.
> In order to be able to provide early feedback before you take up work on the
> dissector again it would be good if InMon could give you permission to post
> the current version of your code.

I have sent them an e-mail, and they should get back to me by Friday. I'm sure
they are okay with me sharing the code on here, but just need their
confirmation.


> Oh, the final version should of course not be a plugin but simply replace the > existing file.

That is right, my final step is to test my dissector by replacing the buit-in
one.


> Oh, one more thing: Do you have some sample captures (v2, v4, v5) that you
> could provide so we can add them to the wireshark sample captures page (or
> even better: could you add them directly :-) That way we can a) learn about how sflow works and b) compare the output of the old version and the new version
> of the dissector.

I do have plenty of samples including some extended formats (802.11, see first
document I attached) that are not documented in standard sFlow specifications.
However, due to very strict data protections law, I can not share the sample
traces. In fact I had to receive a Data Protection Act briefing and sign a set
of documents before I got hold of those data. If the data leaves my school or
my laptop, I and my supervisor will be in deep trouble.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.