Patch submitted for IPFIX file format support

[Hadriel Kaplan <HKaplan () acmepacket com>]

Howdy,
I've submitted bug 5242 with an attached patch diff for supporting the IPFIX file format, per RFC 5655.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5242

The one open issue/question I have regards a heuristic for determining if it's the right file type.  Unfortunately, the 
IPFIX file format has no magic sequence, and is literally just the IPFIX/Netflow_v10 messages in a file.  Right now, 
the open routine just checks if the first byte is the right version number, i.e. that the first two bytes of the file 
are 0x000A.  That's good enough to separate it from ascii files, obviously, but will probably collide with other binary 
file formats.  So... should I have the open routine also try to parse the messages further, or parse multiple messages? 
or should I just leave it as is?

-hadriel

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe