Wireshark-bugs: [Wireshark-bugs] [Bug 4333] New: sFlow not fully implemented

Date: Wed, 16 Dec 2009 00:00:51 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4333

           Summary: sFlow not fully implemented
           Product: Wireshark
           Version: 1.2.2
          Platform: x86
        OS/Version: Ubuntu
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mail@xxxxxx


Build Information:
wireshark 1.2.2

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.3, with GLib 2.22.2, with libpcap 1.0.0, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with
c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 20 2009 13:28:51),
without AirPcap.

Running on Linux 2.6.31-16-generic-pae, with libpcap version 1.0.0, GnuTLS
2.8.3, Gcrypt 1.4.4.

Built using gcc 4.4.1.
--
The sFlow Filter isn't implemented fully and existing structure is also not
valid.
For example the "expanded-counter-samples" header (sflow.sample.enterprisetype
== 4) of sFlow has a sourceIDtype field with 4 octets and a separated
sourceIDindex field with also 4 octets (the current filter misinterprets the
format as a normal counter-sample header with sourceIDtype 1 octet and
sourceIDindex 3 octets) - Wireshark makes no difference between the different
subheaders which is not valid to the current sFlow-Spec.

See also the datagram formats made by Elisa Jasinska from AMS-IX:

http://www.sflow.org/developers/specifications.php

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.