Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 4381] New: failed to decode NetFlow v9 packets including a 0 length scope fiel

Wireshark-bugs: [Wireshark-bugs] [Bug 4381] New: failed to decode NetFlow v9 packets including a

Date: Sun, 10 Jan 2010 21:18:14 -0800 (PST)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4381

           Summary: failed to decode NetFlow v9 packets including a 0
                    length scope field
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: irino@xxxxxxxxxxxxxx


Created an attachment (id=4124)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4124)
A patch for decoding 0 length scope field

Build Information:
wireshark 1.3.3 (SVN Rev 31483 from /trunk)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.3, with GLib 2.22.3, with libpcap 1.0.0, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without Python, without GnuTLS, without
Gcrypt, without Kerberos, without GeoIP, without PortAudio, without AirPcap,
with new_packet_list.

Running on Linux 2.6.31-17-generic, with libpcap version 1.0.0.

Built using gcc 4.4.1.

--
Current svn version of Wireshark can not decode NetFlow v9 packets including a
0 length scope field. The NetFLow v9 packets are exported from Cisco 3620
12.3(22).
Older version (1.2.2 installed via apt in ubuntu) can decode.

Attached patch:
1) solves a bug that the dissect_v9_options_template() function can not store
scope because of wrong in if statement.
2) solves another bug that the dissect_v9_options_template() function
misinterpret the number of scope fields and non-scope fields.
3) skips 0 byte length field when decode data record.
4) skips PEN (Private Enterprise Number) processing in the
dissect_v9_options_template() function when NetFlow v9 packets read, because
PEN is supported in only IPFIX.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 4380] New: Patch to write "column.format:" preference values pairs to separate lines
Next by Date: [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
Previous by thread: [Wireshark-bugs] [Bug 4380] Patch to write "column.format:" preference values pairs to separate lines
Next by thread: [Wireshark-bugs] [Bug 4381] failed to decode NetFlow v9 packets including a 0 length scope field
Index(es):
- Date
- Thread