Netflow dissector bug-to-be

[Hadriel Kaplan <HKaplan () acmepacket com>]

Howdy,
The current packet-netflow.c dissector has a big "switch (pen_type) {...}" block in dissect_v9_v10_pdu_data(), which 
looks up specific known netflow/ipfix fields as it walks netflow v9/10 PDUs.

Unfortunately, it's a bit of a hack as pen_type is a guint64 and a switch statement will silently cast it to an int.  I 
say "unfortunately", because I discovered to my chagrin that it's a *signed* int, so any case statement can't use a 
constant greater than 0x7fffffff, which given how the current code works, means one can't have a Private Enterprise 
Number greater than 0x7fff and use it to define a known field in this code.  As it turns out, my Enterprise number is 
higher than that. (Cace Technology's is just under it, which is why the current code works for Cace's netflow fields)

So the question is: should I submit a bug with another hack to patch it for my specific cases, or is there work going 
on by someone already to re-do packet-netflow.c?  (it could do with a re-write, starting with pulling v9/v10 out of it 
and into a separate file)

-hadriel
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe