| Bug ID |
9723
|
| Summary |
IPFIX dissector uses UDP length instead of the length in the IPFIX header
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
unspecified
|
| Hardware |
x86
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Minor
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 12537 [details]
Capture with extra padding in UDP payloads
Build Information:
wireshark 1.11.3 (wireshark-1.11.3-rc1-1558-g4dd6451 from master)
Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 3.8.6, with Cairo 1.12.16, with Pango 1.32.5, with
GLib 2.38.1, with libpcap, with libz 1.2.8, without POSIX capabilities, without
libnl, without SMI, without c-ares, without ADNS, without Lua, without Python,
without GnuTLS, without Gcrypt, without Kerberos, without GeoIP, without
PortAudio, with AirPcap.
Running on Linux 3.11.0-15-generic, with locale en_US.UTF-8, with libpcap
version 1.4.0, with libz 1.2.8, without AirPcap.
Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Built using gcc 4.8.1.
--
This bug seems relatively harmless at the moment. The most obvious
manifestation is a warning about a "partial flow" in the summary line
Example:
2 0 12.1.1.1 12.1.1.2 CFLOW 72 IPFIX partial flow (30/28
bytes)
There is no partial flow, but the padding bytes at the end of the packet are
triggering the warning.
Perhaps an expert warning should be added in the case of a real partial flow.
You are receiving this mail because:
- You are watching all bug changes.