Ethereal-dev: SV: [Ethereal-dev] RE: [Ethereal-users] cflow v9 template records

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Wed, 15 Mar 2006 07:24:20 +0100
Hi,
Checked in.
Brg
Anders

-----Ursprungligt meddelande-----
Från: ethereal-dev-bounces@xxxxxxxxxxxx
[mailto:ethereal-dev-bounces@xxxxxxxxxxxx] För paul.sellnow@xxxxxxx
Skickat: den 14 mars 2006 19:31
Till: mshindo@xxxxxxxxxxx; ethereal-users@xxxxxxxxxxxx
Kopia: ethereal-dev@xxxxxxxxxxxx
Ämne: [Ethereal-dev] RE: [Ethereal-users] cflow v9 template records

Monotori,

I am assuming that your attached diff file would involve recompiling the
program. Unfortunately I am not a developer, and do not have the tools
and skills for this. I just use the Windows binaries. Hopefully this
patch will be incorporated in a new release in the near future.

As far as the Flowset count, I was assuming that the two template
definitions would be 1/4 and 2/4, and the two data flowsets would be 3/4
and 4/4. No?

Thanks!

Paul Sellnow

-----Original Message-----
From: Motonori Shindo [mailto:mshindo@xxxxxxxxxxx] 
Sent: Tuesday, March 14, 2006 11:10 AM
To: ethereal-users@xxxxxxxxxxxx; Sellnow, Paul
Cc: ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] cflow v9 template records

Paul,

Sorry for the delay.

From: <paul.sellnow@xxxxxxx>
Subject: RE: [Ethereal-users] cflow v9 template records
Date: Tue, 7 Mar 2006 17:00:50 -0600

> Motonori,
> 
> After further investigation, it turns out that what I was actually
> seeing was a problem due to the fact that Ethereal appears to only
> detect the first template record if there are multiple template
records
> in a single packet. I have attached an example packet. There are two
> template records followed by two data records. The CFLOW decode shows
> the first template record as Flowset 1/4, then the two data records as
> 2/4 and 3/4. The second template record can only be viewed by looking
> directly at the hex output, from bytes 8E through D2. 

I reviewed the current code. As you pointed out, the code assumes
Template FlowSet contains only one Template Record, which is not
necessarily true. Please find attached the patch to fix it.

I also noticed that the capture file you sent me says Flowset Count is
4 but only 3 flowsets are actually present in the PDU. I guess it is
an exporter's (Cisco's) bug.

---
Motonori Shindo
Chief Technology Officer
Fivefront Corporation
http://www.fivefront.com


Visit our website at http://www.ubs.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev