diff options
| author | Guy Harris <guy@alum.mit.edu> | 2003-03-07 00:43:30 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2003-03-07 00:43:30 +0000 |
| commit | e4677cd36e75d34f8ca5ca344d5fe4d240e674ed (patch) | |
| tree | 518b816eb311902f648de992ff6cdab05a2bba94 /packet-netflow.c | |
| parent | eb98c553d5219bf148d016d258f115f8391d2685 (diff) | |
Add in some additional Cisco URLs for NetFlow documentation.
According to the V9 documentation at the first of those URLs, the length
field in a data flowset includes the lengths of the flowset ID and
length fields, so subtract that before calling "dissect_v9_data()" - and
don't call "dissect_v9_data()" if the length isn't positive after that's
done.
Don't bother checking whether there's data in the tvbuff in the loop
that dissects V9 data flowsets - if there isn't, we *want* an exception
to be thrown, as that's a short or malformed frame. Do, however, make
sure we have at least as much data left in the flowset as the template
claims should be there - otherwise, we have padding, not a record.
Display that padding as such.
Make the length argument to "dissect_v9_data()" unsigned, so that we
don't get compiler warnings when comparing it with the unsigned "length"
field of a template.
If we don't find the template for a data flowset, just show the data as
such.
svn path=/trunk/; revision=7306
Diffstat (limited to 'packet-netflow.c')
| -rw-r--r-- | packet-netflow.c | 46 |
1 files changed, 33 insertions, 13 deletions
diff --git a/packet-netflow.c b/packet-netflow.c index 7b47ca05d5..8f80491150 100644 --- a/packet-netflow.c +++ b/packet-netflow.c @@ -23,6 +23,12 @@ ** Previous NetFlow dissector written by Matthew Smart <smart@monkey.org> ** NetFlow v9 support added by same. ** + ** See + ** + ** http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/tflow_wp.htm + ** + ** for NetFlow v9 information. + ** ***************************************************************************** ** ** this code was written from the following documentation: @@ -34,8 +40,12 @@ ** information contained in responses from vendors were also used. some fields ** are dissected as vendor specific fields. ** + ** See also + ** + ** http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/netflsol/nfwhite.htm + ** ** $Yahoo: //depot/fumerola/packet-netflow/packet-netflow.c#14 $ - ** $Id: packet-netflow.c,v 1.9 2003/03/04 03:37:12 guy Exp $ + ** $Id: packet-netflow.c,v 1.10 2003/03/07 00:43:30 guy Exp $ */ #ifdef HAVE_CONFIG_H @@ -230,7 +240,7 @@ static int dissect_v8_flowpdu(proto_tree * pdutree, tvbuff_t * tvb, static int dissect_v9_flowset(proto_tree * pdutree, tvbuff_t * tvb, int offset, int verspec); static int dissect_v9_data(proto_tree * pdutree, tvbuff_t * tvb, - int offset, guint16 id, int length); + int offset, guint16 id, guint length); static void dissect_v9_pdu(proto_tree * pdutree, tvbuff_t * tvb, int offset, struct v9_template * template); #if 0 @@ -834,7 +844,15 @@ dissect_v9_flowset(proto_tree * pdutree, tvbuff_t * tvb, int offset, int ver) offset, 2, FALSE); offset += 2; - dissect_v9_data(pdutree, tvb, offset, flowset_id, length); + /* + * The length includes the length of the FlowSet ID and + * the length field itself. + */ + length -= 4; + if (length > 0) { + dissect_v9_data(pdutree, tvb, offset, flowset_id, + (guint)length); + } } return (length); @@ -842,25 +860,18 @@ dissect_v9_flowset(proto_tree * pdutree, tvbuff_t * tvb, int offset, int ver) static int dissect_v9_data(proto_tree * pdutree, tvbuff_t * tvb, int offset, - guint16 id, int length) + guint16 id, guint length) { struct v9_template *template; proto_tree *data_tree; proto_item *data_item; template = v9_template_get(id, 0, 0); - if (template != NULL && template->length > 0) { + if (template != NULL && template->length != 0) { int count; count = 1; - while (length > 0) { - int available_length; - - available_length = tvb_length(tvb) - offset; - if (available_length < template->length) { - break; - } - + while (length >= template->length) { data_item = proto_tree_add_text(pdutree, tvb, offset, template->length, "pdu %d", count++); data_tree = proto_item_add_subtree(data_item, @@ -871,6 +882,15 @@ dissect_v9_data(proto_tree * pdutree, tvbuff_t * tvb, int offset, offset += template->length; length -= template->length; } + if (length != 0) { + proto_tree_add_text(pdutree, tvb, offset, length, + "Padding (%u byte%s)", + length, plurality(length, "", "s")); + } + } else { + proto_tree_add_text(pdutree, tvb, offset, length, + "Data (%u byte%s), no template found", + length, plurality(length, "", "s")); } return (0); |