Wireshark mailing list archives
Patch submitted for IPFIX file format support
From: Hadriel Kaplan <HKaplan () acmepacket com>
Date: Tue, 21 Sep 2010 12:40:06 -0400
Howdy, I've submitted bug 5242 with an attached patch diff for supporting the IPFIX file format, per RFC 5655. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5242 The one open issue/question I have regards a heuristic for determining if it's the right file type. Unfortunately, the IPFIX file format has no magic sequence, and is literally just the IPFIX/Netflow_v10 messages in a file. Right now, the open routine just checks if the first byte is the right version number, i.e. that the first two bytes of the file are 0x000A. That's good enough to separate it from ascii files, obviously, but will probably collide with other binary file formats. So... should I have the open routine also try to parse the messages further, or parse multiple messages? or should I just leave it as is? -hadriel ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Patch submitted for IPFIX file format support Hadriel Kaplan (Sep 21)
- Re: Patch submitted for IPFIX file format support Jeff Morriss (Sep 21)
- Re: Patch submitted for IPFIX file format support Hadriel Kaplan (Sep 21)
- Re: Patch submitted for IPFIX file format support Jeff Morriss (Sep 21)