Wireshark-bugs: [Wireshark-bugs] [Bug 6325] Wireshark netflow dissector complains there is no te
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6325
--- Comment #6 from vijwilso@xxxxxxxxx 2012-01-13 23:37:46 PST ---
Thanks for the fix . It is much better than the previous version .
However , in some cases , wire shark still compains about the missing template
( though it is there ) . This case there is no change in the template fields
also .
Please refer to the attached pcap file for the data filter 'cflow.dstaddr ==
100.234.1.1 and cflow.direction == 1'
This information is available in the caputure file , but wireshark could not
decode it due to the missing templete problem .
I am using wireshark version dev build Version 1.7.0 (SVN Rev 39768 from
/trunk)
Let me know if this verson has got the fix for this template problem
Regards
Vijay
=======================================================================
(In reply to comment #5)
> (In reply to comment #4)
> >
> > I've also made another change so that it's (somewhat) less likely that a
> > template will be ignored (but still possible).
> >
> > However, the proper fix for the issue related to ignoring a template requires a
> > more extensive change (upcoming) which will not be backported to Wireshark 1.6.
> Done in SVNs #39995 & #39996 in Dev ....
> A template will be now be skipped (not saved for future dissection) when there
> are "too many" fields (specified by a CFLOW preference) or if a template with
> the same "name" has already been seen.
> Note that this means that a replacement template on a connection which
> represents a change (i.e., is re-sent with different fields) will be ignored
> and thus dissection of following data packets using that replacement template
> will be incorrect.
> I'm guessing that resending a template with different fields is not something
> that normally happens.
> If needed, handling this case can be done as a future enhancement.
> P.S. Thanks for the report !
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.