Wireshark-bugs: [Wireshark-bugs] [Bug 3471] New: Fails to decode variable length IPFIX data
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3471
Summary: Fails to decode variable length IPFIX data
Product: Wireshark
Version: 1.1.x (Experimental)
Platform: x86
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: philip@xxxxxxxxxxxxxxxxxxx
Created an attachment (id=3011)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3011)
Sample pcap file with 3 ipfix packets
Build Information:
Version 1.1.3 (SVN Rev 27807)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.0, with GLib 2.20.0, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.6.4, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Mar 21 2009), with
AirPcap.
Running on Windows Vista, build 6000, with WinPcap version 4.0.2 (packet.dll
version 4.0.0.1040), based on libpcap version 0.9.5, GnuTLS 2.6.4, Gcrypt
1.4.4,
without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
The IPFIX (aka Netflow v10) decoder does not handle variable length fields
correctly. it also doesn't appear to handle options templates correctly either.
I attach a pcap file that shows the problem.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.